ID: 6741

SSL Support For Core Zoom Operations

Towards fortifying Zoom further against security vulnerabilities, from Zoom 7.0 onward we support SSL on core Zoom operations. This is in addition to the already available SSL support on Zoom Preview Server and Zoom Web-Admin Server.

 

Stop Zoom services on the Zoom Server, Preview Server, Curator Server and HADR Server before continuing. Restart Zoom services on HADR Server, Zoom Server, Preview Server, and Curator Server in that order after updating the files mentioned below.

 

To enable SSL in Zoom, do the following for each of the Zoom Server and Zoom Preview Server. Ignore the HADR peer section if HADR is not in use.

 

On each Zoom Server

On the Zoom Server, navigate to the conf folder in Zoom Install directory (For Windows – [ZoomInstallDir]\DAM\conf and for Linux – [ZoomInstallDir]/conf).

Open server.xml and update the following tags:

  1. Under <networkspec>, set tag as true
  2. Under <networkspec>, set tag as 9880
    Sample Server.xml

     

  3. Under <webserverspec>, set tag as true
  4. Under <webserverspec><sslPort>check tag is 9443
  5. Under <webserverspec>, set tag as true
    Sample Server.xml

     

  6. If LDAP server is not in use then skip this step. If LDAP server is in use, then under <ldapspec>, set tag as true

     

If any of the tags specified above are not found, please add the tag under that relevant section.

 

Save changes to the server.xml file.

 

On Zoom Preview Server

On the Zoom Preview Server, navigate to the conf folder in Zoom Install directory (For Windows – [ZoomInstallDir]\DAM\conf and for Linux – [ZoomInstallDir]/conf).

Open server.xml and update the following tags:

  1. Under <ServerConnection>, set  tag as 8973
  2. Under <ServerConnection>, set  tag as true
  3. Under <reviewserverspec>, set   tag as 8874
  4. Under <reviewserverspec>, set  tag as true

     

Save changes to the server.xml file.

 

Now, navigate to the conf folder in Zoom Install directory (For Windows – [ZoomInstallDir]\DAM\conf and for Linux – [ZoomInstallDir]/conf).

Open preview-server.xml and update the tag <ZoomServerHostPort> to use https (eg. <ZoomServerHostPort>https://[ZoomServerIP]:9880>). Save changes.

 

On each Zoom HADR Peer

On each Zoom HADR Peer, navigate to the conf folder in Zoom Install directory (For Windows – [ZoomInstallDir]\DAM\conf and for Linux – [ZoomInstallDir]/conf).

Open server.xml and update the following tags:

  1. Under  , set  tag as true
  2. Under <hadrspec> <networkSpec>, set  tag as 9880
  3. Under <hadrspec> <networkSpec>, set  tag as true
  4. Under <hadrspec> <networkSpec>, set  tag as https
    Sample Server.xml

     

Save changes to the server.xml file.

 

Again, on each Zoom HADR Peer, navigate to the conf folder in Zoom Install directory (For Windows – [ZoomInstallDir]\DAM\conf and for Linux – [ZoomInstallDir]/conf).

Open filetransfer-spec.xml and update the following tags:

  1. Set tag as 8874
  2. Set tag as true

Save changes to filetransfer-spec.xml file.

 

 

Before setting up the SSL certificates on servers, stop Zoom services on the Zoom Server, Preview Server, Curator Server, and HADR Server. Restart services after the server side setup is complete.
Similarly, stop the Zoom Client Proxy service on a Client machine before setting up the SSL certificates (only for self-signed certificate).

 

With a commercial certificate

Copy the certificate file to the conf folder in Zoom Install directory (For Windows – [ZoomInstallDir]\DAM\conf and for Linux – [ZoomInstallDir]/conf) for each server machine.

Now, save the password provided with the SSL certificate in each of the Zoom modules as follows:

Zoom Server

  1. From the conf folder, open filewrapper.conf
  2. Set these two properties:

wrapper.java.additional.11=-Dzoom.ssl.keystore.path=

wrapper.java.additional.12=-Dzoom.ssl.keystore.pass=

Preview Server

  1. From the conf folder, open file preview-server.conf
  2. Set these two properties

wrapper.java.additional.11=-Dzoom.ssl.keystore.path=

wrapper.java.additional.12=-Dzoom.ssl.keystore.pass=

 

Curator Server

  1. From the conf folder, open file curator-server.conf
  2. Set these two properties

wrapper.java.additional.11=-Dzoom.ssl.keystore.path=

wrapper.java.additional.12=-Dzoom.ssl.keystore.pass=

 

File Transfer Server (HADR)

  1. From the conf folder, open file hadr-filetransfer.conf
  2. Set these two properties for the location

wrapper.java.additional.11=-Dzoom.ssl.keystore.path=

wrapper.java.additional.12=-Dzoom.ssl.keystore.pass=

Set these properties for each HADR peer.

 

Client Systems

No setup needed.

 

 

With a self-signed certificate

For each server, Zoom Server, Preview Server, HADR, Curator Server etc., setup the following on each machine:

Copy the certificate file to the conf folder in Zoom install directory (For Windows – [ZoomInstallDir]\DAM\conf and for Linux – [ZoomInstallDir]/conf).

 

The certificate information also needs to be set up in the zoom properties file for server machine for Zoom.

  1. From the user folder (../users/$user/.zm/) open zoom.properties
  2. Set these two properties

ZOOM_SSL_TRUSTSTORE_PATH=

ZOOM_SSL_TRUSTSTORE_PASSWORD=

 

Now, save the password provided with the SSL certificate in each of the Zoom modules as follows:

Zoom Server

  1. From the conf folder, open file wrapper.conf
  2. Set these two properties

wrapper.java.additional.11=-Dzoom.ssl.keystore.path=

wrapper.java.additional.12=-Dzoom.ssl.keystore.pass=

 

Preview Server

  1. From the conf folder, open file preview-server.conf
  2. Set these two properties

wrapper.java.additional.11=-Dzoom.ssl.keystore.path=

wrapper.java.additional.12=-Dzoom.ssl.keystore.pass=

 

Curator Server

  1. From the conf folder, open file curator-server.conf
  2. Set these two properties

wrapper.java.additional.11=-Dzoom.ssl.keystore.path=

wrapper.java.additional.12=-Dzoom.ssl.keystore.pass=

 

File Transfer Server (HADR)

  1. From the conf folder, open file hadr-filetransfer.conf
  2. Set these two properties

wrapper.java.additional.11=-Dzoom.ssl.keystore.path=

wrapper.java.additional.12=-Dzoom.ssl.keystore.pass=

Set these properties for each HADR peer.

 

Client Systems

The certificate information also needs to be set up in the zoom properties file for each client machine with Zoom.

  1. From the user folder (../users/$user/.zm/), open zoom.properties
  2. Set these two properties

ZOOM_SSL_TRUSTSTORE_PATH=

ZOOM_SSL_TRUSTSTORE_PASSWORD=