Articles with the tag:
Close
Changelog
Close
Help Center
ONLYOFFICE Talk for Linux

How to switch Talk to TLS protocol?

ONLYOFFICE Talkv11.0 ONLYOFFICE Talk changelog

Version 11.0.1

Release date: 12/10/2020

Bug fixes

  • Bug Fixes & Performance Improvements.

Version 11.0.0

Release date: 10/14/2020

Common changes

  • XMPP Server reworked for integration with ONLYOFFICE Groups (packaged as Community Server).

Introduction

Sometimes you might need to change the protocol used by Talk to TLS. This can be done even if the portal itself does not use HTTPS protocol and remains HTTP. Follow the steps below to learn how to do that.

Get certificate and convert it to PKCS#12

First you will need to create a security certificate and the certificate private key.

Once you have the certificate, put it to the /var/www/onlyoffice/Data/certsc:\ProgramData\ONLYOFFICE\Data\certs\ folder, and go there:

cd /var/www/onlyoffice/Data/certs
cd c:\ProgramData\ONLYOFFICE\Data\certs\

Now run the command, converting the certificate to a PFX (PKCS#12) file:

openssl pkcs12 -export -out onlyoffice.pfx -inkey onlyoffice.key -in onlyoffice.crt
The cerificate must be issued for the domain used by Talk. The actual domain name can be found via the http://myportal.onlyoffice.com/addons/talk/default.aspx link under the Server Name section.

The newly created certificate must be granted the proper rights:

chown onlyoffice:onlyoffice  onlyoffice.pfx

Edit configuration file

Now you will need to change the configuration so that the server started using TLS for Talk. Open the TeamLabSvc.exe.Config configuration file with a text editor:. You can find in the \Services\TeamLabSvc folder of the Community Server installation path.

nano /var/www/onlyoffice/Services/TeamLabSvc/TeamLabSvc.exe.Config

Find the following lines:

<add name="Jabber Listener" type="ASC.Xmpp.Server.Gateway.TcpXmppListener">
  <property name="maxpacket" value="1048576" />
  <property name="bindPort" value="5222" />
  <property name="certificate" value="/var/www/onlyoffice/Data/certs/onlyoffice.pfx" /><property name="certificate" value="c:\ProgramData\ONLYOFFICE\Data\certs\onlyoffice.pfx" />
  <property name="certificatePassword" value="123456" />
  <property name="startTls" value="optional" />
</add>

And edit them changing the values:

  • certificate is the path to the created PFX cerificate. As we created it in the /var/www/onlyoffice/Data/certsc:\ProgramData\ONLYOFFICE\Data\certs folder, the path will be /var/www/onlyoffice/Data/certs/onlyoffice.pfxc:\ProgramData\ONLYOFFICE\Data\certs\onlyoffice.pfx.
  • certificatePassword is the password for the certificate file chosen during the certificate creation.
  • startTls is the option to either use or not TLS encryption. This can take the following values:
    • optional allows both encrypted or unencrypted connection depending on the client settings;
    • required allows only encrypted connection;
    • none - in case the certificate is set, the server will use the secure SSL connection.

After that restart the Talk service: go to Control Panel > Administrative Tools > Services, find the onlyofficeJabber service and restart it.

service onlyofficeJabber restart

Enter the portal and check if Talk works correctly.

Download Host on your own server Available for
Docker, Windows and Linux
You Might Also Like This:
Close