Secure Mode

  • Export cert from Tomcat (if you have not changed - cert also stored security folder and secret in security properties file)
    • Note: In lab the actually SSL cert used was the OAMP cert - in production maybe callserver?
    • %CVP_HOME%\jre\bin\keytool.exe -export -v -keystore %CVP_HOME%\conf\security\.keystore -storetype JCEKS -alias callserver_certificate -file %CVP_HOME%\conf\security\ucce-cvp-1a.cer
    • Import into VRU PIM Servers using standard Microsoft Cert Management - import into Trusted Root and Personal stores
  • Export UCCE Servers cert onto CVP CallServer
    • Create Self Signed Cert
      CiscoCertUtil.exe /generate server
    • Copy and rename file to CallServer (ssl/host.pem) → Callserver/my-pg-a-cert.pem
    • Import Cert into CallServer Tomcat
  • Enable Secure mode in on VRU PIM Setup (within each PIM)
  • Enable CallServer Secure Mode Via Ops console - restart CallServer
  • Export the Finesse tomcat Cert and import into the PG servers using standard Microsoft Cert Management - import into Trusted Root and Personal stores
  • Import the PG Self Signed Cert (ssl/host.pem) as a trusted tomcat cert (i.e. into the trusted cert store of the Finesse server)
  • Restart Cisco Finesse Tomcat
  • Enable Secure mode in Finesse Admin and confirm port on the CTI port for secure mode (disable non secure mode if no other clients or all clients can use secure mode)
    • C:\Cisco\CVP\jre\bin\keytool.exe -import -v -alias icm_certificate -storetype JCEKS -trustcacerts -keystore C:\Cisco\CVP\conf\security\.keystore -file c:\IcmCertificate\my-pg-a-cert.pem