Secure JMX Communication between CVP Components
You can secure JMX communication by:
-
Exchanging the self-signed certificates between the components.
-
Signing the certificates by a Certificate Authority.
Self-Signed Certificates
On Call Server or VXML Server or Reporting Server
Log in to the CVP/Reporting Server. Retrieve the keystore password from the security.properties file.
Note |
At the command prompt, enter more %CVP_HOME%\conf\security.properties. Security.keystorePW = <Returns the keystore password> Enter the keystore password when prompted. |
Procedure
Step 1 |
Export the following certificates: |
Step 2 |
Enter the keystore password when prompted. |
Step 3 |
Copy all the generated certificates from the %CVP_HOME%\conf\security\ folder of the Call/VXML/Reporting Server machine to the %CVP_HOME%\conf\security\ folder on the OAMP machine. |
Step 4 |
On the OAMP machine, export the OAMP Server certificate by running %CVP_HOME%\jre\bin\keytool.exe -export -v -keystore %CVP_HOME%\conf\security\.keystore -storetype JCEKS -alias oamp_certificate -file %CVP_HOME%\conf\security\oamp_security.cer |
Step 5 |
Enter the keystore password when prompted. |
Step 6 |
Copy the generated OAMP Server certificate from the %CVP_HOME%\conf\security\ folder of the OAMP machine to the %CVP_HOME%\conf\security\ folder of the CVP/Reporting Server machine. |
Step 7 |
On the CVP/Reporting Server machine, import the OAMP Server certificate by running %CVP_HOME%\jre\bin\keytool.exe -import -trustcacerts -keystore %CVP_HOME%\conf\security\.keystore -storetype JCEKS -alias oamp_certificate -file %CVP_HOME%\conf\security\oamp_security.cer |
Step 8 |
Enter the keystore password when prompted. |
Step 9 |
Trust this certificate? [no]: yes |
Step 10 |
Configure WSM in CVP: |
Step 11 |
Configure JMX of callserver in CVP. Go to c:\cisco\cvp\conf\jmx_callserver.conf. Update the file as shown and save the file:
|
Step 12 |
Configure JMX of VXMLServer in CVP. Go to c:\cisco\cvp\conf\jmx_vxml.conf. Edit the file as shown and save the file:
|
Step 13 |
Restart the Operation Console Server and the Call Server machines. |
On OAMP
Log in to the Operations Console Server. Retrieve the keystore password from the security.properties file.
Note |
At the command prompt, enter more %CVP_HOME%\conf\security.properties. Security.keystorePW = <Returns the keystore password> Enter the keystore password when prompted. |
Procedure
Step 1 |
Import the following certificates:
|
Step 2 |
Enter the keystore password when prompted. |
Step 3 |
Trust this certificate? [no]: yes |
Step 4 |
Restart OAMP service. |
Step 5 |
Log into OAMP. To enable secure communication between OAMP and Call Server or VXML Server or Reporting Server, navigate to Enable secure communication with the Ops console check box. Save and deploy both Call Server and VXML Server. . Check the |
CA-Signed Certificates
On OAMP
Log in to the Operations Console Server. Retrieve the keystore password from the security.properties file.
Note |
At the command prompt, enter more %CVP_HOME%\conf\security.properties Security.keystorePW = <Returns the keystore password> Enter the keystore password when prompted. |
Procedure
Step 1 |
Generate CSR on OAMP by running %CVP_HOME%\jre\bin\keytool.exe -storetype JCEKS -keystore %CVP_HOME%\conf\security\.keystore -certreq -alias oamp_certificate -file %CVP_HOME%\conf\security\oamp.csr |
Step 2 |
Enter the keystore password when prompted. |
Step 3 |
Sign the certificate on a CA. |
Step 4 |
Copy the root CA certificate and the CA-signed certificate to %CVP_HOME%\conf\security\ |
Step 5 |
Import the root CA certificate by running %CVP_HOME%\jre\bin\keytool.exe -storetype JCEKS -keystore %CVP_HOME%\conf\security\.keystore -import -v -trustcacerts -alias root -file %CVP_HOME%\conf\security\<filename_of_root_cert> |
Step 6 |
Enter the keystore password when prompted. |
Step 7 |
Import the CA-signed certificate by running %CVP_HOME%\jre\bin\keytool.exe -storetype JCEKS -keystore %CVP_HOME%\conf\security\.keystore -import -v -trustcacerts -alias oamp_certificate -file %CVP_HOME%\conf\security\<filename_of_CA_signed_cert> |
Step 8 |
Run the regedit command: Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Apache Software Foundation\Procrun 2.0\OPSConsoleServer\Parameters\Java\Options
|
On Call Server/VXML Server/Reporting Server/WSM Server
Log in to the Call Server or VXML Server or Reporting Server or WSM Server. Retrieve the keystore password from the security.properties file.
Note |
At the command prompt, enter more %CVP_HOME%\conf\security.properties Security.keystorePW = <Returns the keystore password> Enter the keystore password when prompted. |
Procedure
Step 1 |
Generate CSR on Call Server by running %CVP_HOME%\jre\bin\keytool.exe -storetype JCEKS -keystore %CVP_HOME%\conf\security\.keystore -certreq -alias callserver_certificate -file %CVP_HOME%\conf\security\callserver.csr |
||
Step 2 |
Repeat Step 1 for VXML Server, Reporting Server, and WSM Server. |
||
Step 3 |
Sign the certificate on a CA. |
||
Step 4 |
Copy the root CA certificate and the CA-signed certificate to %CVP_HOME%\conf\security\ |
||
Step 5 |
Import the root CA certificate by running %CVP_HOME%\jre\bin\keytool.exe -storetype JCEKS -keystore %CVP_HOME%\conf\security\.keystore -import -v -trustcacerts -alias root -file %CVP_HOME%\conf\security\<filename_of_root_cert> |
||
Step 6 |
Enter the keystore password when prompted. |
||
Step 7 |
Import the CA-signed certificate by running %CVP_HOME%\jre\bin\keytool.exe -storetype JCEKS -keystore %CVP_HOME%\conf\security\.keystore -import -v -trustcacerts -alias callserver_certificate -file %CVP_HOME%\conf\security\<filename_of_CA_signed_cert> |
||
Step 8 |
Repeat Step 7 for VXML Server, Reporting Server, and WSM Server. |
||
Step 9 |
Configure WSM in CVP: |
||
Step 10 |
Configure JMX of callserver in CVP: |
||
Step 11 |
Configure JMX of VXMLServer in CVP: Go to c:/cisco/cvp/conf/jmx_vxml.conf Edit the file as shown and save the file:
|
||
Step 12 |
Restart the Operation Console Server and the CVP server.
|
||
Step 13 |
Repeat the steps for Call Server, VXML Server, and Reporting Server. |