Cisco Cisco Customer Voice Portal 8.0(1)
c.
Enter the following command to install the CA Signed Certificate:
keytool -keystore .keystore -storetype JCEKS -import -alias
orm_certificate -trustcacerts -file
<filename_of_your_signed_cert_from_CA>
Step 5
Repeat these steps on every machine running Unified CVP Services.
How to Add a Certificate Signed by a Certificate Authority for HTTPS Web Access
Follow the steps below to present a CA-signed certificate to inbound Operations Console HTTPS
clients.
clients.
Note: The OAMP and ORM certificates provided in the keystore do not provide TLS encryption
for inbound HTTPS traffic; those certificates provide secure connections between the Operations
Console and the CVP Resource Manager on other devices in your Unified CVP solution.
for inbound HTTPS traffic; those certificates provide secure connections between the Operations
Console and the CVP Resource Manager on other devices in your Unified CVP solution.
The certificate and private key used for Operations Console HTTPS are:
•
Self-signed certificate:
%CVP_HOME%\conf\security\oamp.crt
•
Private key for self-signed certificate:
%CVP_HOME%\conf\security\oamp.key
Step 1
Access the OpenSSL command line.
Note: You must first install OpenSSL (http://www.openssl.org), as it is not included with Unified
CVP. Refer to the OpenSSL documentation for details.
CVP. Refer to the OpenSSL documentation for details.
Step 2
Generate a Certificate Signing Request (CSR) by entering the following command:
openssl req -new -key xxxx.key -out xxxx.csr
Where xxxx represents the key and the certificate files.
Step 3
Send the xxxx.csr certificate file to a Certificate Authority (CA) for sign-off. Once the certificate
is signed, it will be returned with a root certificate of a CA.
is signed, it will be returned with a root certificate of a CA.
Step 4
Replace the original oamp.crt file with the signed certificate.
Securing Communications Between Unified CVP and IOS Devices
To secure file transfer between Cisco Gateways and/or Gatekeepers and the Unified CVP
Operations Console, you need to import the Operations Console Server certificate on the IOS
device during device configuration and enable SSH on the router; otherwise, any user-requested
action through the Operations Console (for example, file transfer to an IOS device) will fail.
For example, to copy a file to the IOS device, the Operations Console (when the security flag
is set) expects SSH to be enabled on the device. If SSH is not enabled, a failure will occur.
Operations Console, you need to import the Operations Console Server certificate on the IOS
device during device configuration and enable SSH on the router; otherwise, any user-requested
action through the Operations Console (for example, file transfer to an IOS device) will fail.
For example, to copy a file to the IOS device, the Operations Console (when the security flag
is set) expects SSH to be enabled on the device. If SSH is not enabled, a failure will occur.
Configuration and Administration Guide for Cisco Unified Customer Voice Portal Release 8.0(1)
236
Chapter 5: Configuring and Modifying Unified CVP Security
Securing Communications Between Unified CVP and IOS Devices