Configure Secure Java Management Extensions (JMX) Communication on CVP 12.0

Available Languages

Download Options

  • PDF     (2.0 MB)
    View with Adobe Reader on a variety of devices
  • ePub     (2.0 MB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (1.3 MB)
    View on Kindle device or Kindle app on multiple devices
Updated:July 23, 2020
Document ID:215853

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes the steps configure secure JMX communication on Customer Voice Portal (CVP) version 12.0.

    Contributed by Balakumar Manimaran, Cisco TAC Engineer.

    Prerequisites

    Requirements

    Cisco recommends that you have knowledge of these topics:

    • CVP
    • Certificates

    Components Used

    The information in this document is based on CVP version 12.0.

    The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

    Configure

    Generate CA-Signed Certificate for Web Services Manager (WSM) Service in Call Server, VoiceXML (VXML) Server or Reporting Server

    1. Log into the Call Server or VXML Server or Reporting Server or WSM Server. Retrieve the keystore password from the security.properties file from location,

    C:\Cisco\CVP\conf

    2. Delete the WSM certificate using command,

    %CVP_HOME%\jre\bin\keytool.exe -storetype JCEKS -keystore %CVP_HOME%\conf\security\.keystore -delete -alias wsm_certificate

         

    Enter the keystore password when prompted.

    Note: Repeat Step 1 for Call Server, VXML Server, and Reporting Server.

    3. Generate a Certificate Authority (CA) signed certificate for WSM server.

    %CVP_HOME%\jre\bin\keytool.exe -storetype JCEKS -keystore %CVP_HOME%\conf\security\.keystore -genkeypair -alias wsm_certificate -v -keysize 2048 -keyalg RSA


    Enter the details at the prompts and typeYesto confirm, as shown in the image;

    Enter the keystore password when prompted.

    Note: Document the Common Name (CN) name for future reference.

     4. Generate the certificate request for the alias

    %CVP_HOME%\jre\bin\keytool.exe -storetype JCEKS -keystore %CVP_HOME%\conf\security\.keystore -certreq -alias wsm_certificate -file                       %CVP_HOME%\conf\security\wsm_certificate

    5. Sign the certificate on a CA.

    Note: Follow the procedure to create a CA-signed certificate using the CA authority. Download the certificate and the root certificate of the CA authority.

    6. Copy the root certificate and the CA-signed WSM certificate to location;

     C:\Cisco\cvp\conf\security\.

    7. Import the root certificate

    %CVP_HOME%\jre\bin\keytool.exe -storetype JCEKS -keystore %CVP_HOME%\conf\security\.keystore -import -v -trustcacerts 
    -alias root -file  %CVP_HOME%\conf\security\<filename_of_root_cer>

    Enter the keystore password when prompted, as shown in the image;

    AtTrust this certificateprompt, typeYes ,as shown in the image;

     8. Import the CA-signed WSM certificate

    %CVP_HOME%\jre\bin\keytool.exe -storetype JCEKS -keystore %CVP_HOME%\conf\security\.keystore -import -v -trustcacerts 
    -alias wsm_certificate -file %CVP_HOME%\conf\security\<filename_of_your_signed_cert_from_CA>

     9. Repeat Step 3, 4, and 8 for Call Server, VXML Server, and Reporting Server.

    10.Configure WSM in CVP


    Step 1.

    Navigate to

     c:\cisco\cvp\conf\jmx_wsm.conf

           Add or update the file as shown and save it

    Step 2.

    Run the regedit (rt. click start > run > type regedit) command

    Append the following to the key Options at 

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Apache Software Foundation\Procrun 2.0\WebServicesManager\Parameters\Java

    11. Configure JMX of callserver in CVP


    Navigate to

     c:\cisco\cvp\conf\jmx_callserver.conf

    Update the file as shown and save the file

     12. Configure JMX of VXMLServer in CVP:

    Step 1.

    Go to

    c:\cisco\cvp\conf\jmx_vxml.conf

    Edit the file as shown in the image and save it;

    Step 2.

    Run the regedit command

    Append the following to the key Options at 

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Apache Software Foundation\Procrun 2.0\VXMLServer\Parameters\Java

    Step 3.

    Restart Cisco CVP WebServicesManager service.

    Generate CA-Signed Client Certificate for WSM

    Log into the Call Server or VXML Server or Reporting Server or WSM. Retrieve the keystore password from thesecurity.properties file

    1. Generate a CA-signed certificate for client authentication   

    %CVP_HOME%\jre\bin\keytool.exe -storetype JCEKS -keystore %CVP_HOME%\conf\security\.keystore -genkeypair
     -alias <CN of Callserver WSM certificate> -v -keysize 2048 -keyalg RSA



    Enter the details at the prompts and type Yes to confirm.

    Enter the keystore password when prompted , as shown in the image;

    2.Generate the certificate request for the alias

    %CVP_HOME%\jre\bin\keytool.exe -storetype JCEKS -keystore %CVP_HOME%\conf\security\.keystore -certreq 
    -alias <CN of Callserver WSM certificate> -file %CVP_HOME%\conf\security\jmx_client.csr

    3. Sign the certificiate on a CA

    Note Follow the procedure to create a CA-signed certificate using the CA authority. Download the certificate and the root certificate of the CA authority

    4. Copy the root certificate and the CA-signed JMX Client certificate to location;

    C:\Cisco\cvp\conf\security\

    5. Import the CA-signed JMX Client , use command;

    %CVP_HOME%\jre\bin\keytool.exe -storetype JCEKS -keystore %CVP_HOME%\conf\security\.keystore -import -v -trustcacerts 
    -alias <CN of Callserver WSM certificate> -file %CVP_HOME%\conf\security\<filename of CA-signed JMX Client certificate>




    6.Restart Cisco CVP VXMLServer service.

    Repeat the same procedure for Reporting Server.

    Generate CA-Signed client certificate for Operations Console (OAMP)

    Log into OAMP Server. Retrieve the keystore password from thesecurity.propertiesfile

    1. Generate a CA-signed certificate for client authentication with callserver WSM

    %CVP_HOME%\jre\bin\keytool.exe -storetype JCEKS -keystore %CVP_HOME%\conf\security\.keystore -genkeypair 
    -alias <CN of Callserver WSM certificate> -v -keysize 2048 -keyalg RSA

    2.Generate the certificate request for the alias

    %CVP_HOME%\jre\bin\keytool.exe -storetype JCEKS -keystore %CVP_HOME%\conf\security\.keystore -certreq 
    -alias <CN of Callserver WSM certificate> -file %CVP_HOME%\conf\security\jmx.csr

    3.Sign the certificate on a CA . Follow the procedure to create a CA-signed certificate using the CA authority. Download the certificate and the root certificate of the CA authority

    4.Copy the root certificate and CA-signed JMX Client certificate to C:\Cisoc\cvp\conf\security\

    5.Import the root certificate , using this command;

    %CVP_HOME%\jre\bin\keytool.exe -storetype JCEKS -keystore %CVP_HOME%\conf\security\.keystore -import -v -trustcacerts 
    -alias root -file %CVP_HOME%\conf\security\<filename_of_root_cert>

    Enter the keystore password when prompted. AtTrust this certificateprompt, typeYes , as shown in the image,

    6. Import the CA-signed JMX Client certificate of CVP

    %CVP_HOME%\jre\bin\keytool.exe -storetype JCEKS -keystore %CVP_HOME%\conf\security\.keystore -import -v -trustcacerts 
    -alias <CN of Callserver WSM certificate> -file %CVP_HOME%\conf\security\<filename_of_your_signed_cert_from_CA>

    7.Restart Cisco CVP OPSConsoleServer service.

    8. Log into OAMP. To enable secure communication between OAMP and Call Server or VXML Server, navigate to Device Management > Call Server. Check the Enable secure communication with the Ops console check box. Save and deploy both Call Server and VXML Server.

    9. Run the regedit command.

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Apache Software Foundation\Procrun 2.0\OPSConsoleServer\Parameters\Java.

         Append the following to the file sand save it

    -Djavax.net.ssl.trustStore=C:\Cisco\CVP\conf\security\.keystore
-Djavax.net.ssl.trustStorePassword=<keystore_password>
-Djavax.net.ssl.trustStoreType=JCEK


    Verify

    Connect CVP Callserver , VXML server and Reporting server from the OAMP server , perform the operations like save&deploy or retrieve Database details(reporting server) or any Actions from OAMP to Call/vxml/reporting server.

    Troubleshoot

    There is currently no specific troubleshooting information available for this configuration.

    Revision History

    Revision Publish Date Comments
    1.0
    23-Jul-2020
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    • Balakumar Manimaran
      Cisco TAC Engineer

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products