Cisco Cisco Customer Voice Portal 8.0(1)
a.
Retrieve the keystore password from the
security.properties
file (resides in the
%CVP_HOME%\conf directory) on the managed Unified CVP device.
b.
For Windows, export the Unified CVP device certificate from the keystore. Open a
command prompt and navigate to the %CVP_HOME%\conf\security directory, then enter
the following command:
command prompt and navigate to the %CVP_HOME%\conf\security directory, then enter
the following command:
..\..\jre\bin\keytool -export -v -keystore .ormKeystore -storetype
JCEKS -alias orm_certificate -file <orm_cert_file_XXX>
Where the file argument in <> (angle brackets) is user-defined and unique.
Note:
• Do not modify the orm_certificate alias name.
• Append an IP address to the file name to make it unique. The IP address can be replaced with
any value as long as it makes the filename unique when copied to the Operations Console
Server.
Server.
c.
Copy the exported certificate file <orm_cert_file> from the managed Unified CVP device
to the %CVP_HOME%\conf\security folder on the Operations Console service.
to the %CVP_HOME%\conf\security folder on the Operations Console service.
d.
Retrieve the keystore password from the
security.properties
file in the Operations
Console Server.
e.
Import the certificate <orm_cert_file> into the keystore on the Operations Console Server.
Open a command prompt and navigate to the %CVP_HOME%\conf\security directory,
then enter the following command:
Open a command prompt and navigate to the %CVP_HOME%\conf\security directory,
then enter the following command:
..\..\jre\bin\keytool -import -keystore .keystore -storetype
JCEKS-trustcacerts -alias <oamp_orm_certificate_XXX> -file
<orm_cert_XXX>
Where the alias argument in <> (angle brackets) is user-defined and unique, and the file argument
in <> angle brackets is the exported managed device certificate filename.
in <> angle brackets is the exported managed device certificate filename.
Note: Append an IP address to the certificate alias to make the alias unique in the keystore. The
IP address can be replaced with any value as long as it makes the certificate name unique when
imported to the keystore.
IP address can be replaced with any value as long as it makes the certificate name unique when
imported to the keystore.
f.
Repeat these steps for every machine where the Unified CVP Resource Manager service
is running if the JMX communication from the Operations Console Server to that managed
Unified CVP device needs to be secured.
is running if the JMX communication from the Operations Console Server to that managed
Unified CVP device needs to be secured.
How to Enable Security on Unified CVP Devices
Once you have completed the procedure described in
, you must enable security on the Unified CVP components that you want
to accept only secure SSL communications.
Configuration and Administration Guide for Cisco Unified Customer Voice Portal Release 8.0(1)
233
Chapter 5: Configuring and Modifying Unified CVP Security
Securing Communications Between Unified CVP Components