Cisco Unified Contact Center Management Portal

SSL Certificate for Unified Customer Voice Portal 8.5

Cisco - SSL Certificate for Unified Customer Voice Portal 8.5

Document ID: 113547

Updated: May 17, 2012



This document explains how to manage the self-signed certificate with the signed certificate on the file system for Cisco Unified Customer Voice Portal (CVP) 8.5(1) in order to manage the .keystore file contents.



There are no specific requirements for this document.

Components Used

The information in this document is based on the Cisco Unified CVP 8.5.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.


Refer to Cisco Technical Tips Conventions for more information on document conventions.

Problem - Unable to apply signed certificates using procedure in guide.

The documented procedure of replacing the self-signed certificate with the signed certificate on the file system no longer applies:

C:\OpenSSL-Win32\bin>openssl req -new -key -vxml.key -out vxml.csr
Error opening Private Key vxml.key
8788:error:02001002:system library:fopen:No such file or
8788:error:20074002:BIO routines:FILE_CTRL:system 
unable to load Private Key


Solution - Procedure to manage/implement signed certificates for CVP 8.5

In order to manage the certificates in CVP 8.5(1), you need to manage the .keystore file contents.

Complete these steps:

  1. Open the %CVP_HOME%\conf\ file in order to retrieve the .keystore password. You will need to navigate to %CVP_HOME% through the target installation directory for Unified CVP (by default this is C:\Cisco\CVP).

  2. The property file should contain one property: Security.keystorePW.

  3. In order to manage the keystore, after you enter a command, the keytool will ask for you to enter the keystore password. Copy the value of the Security.keystorePW property, and paste it into the command-line window in order to enter your keystore password.

    For example, consider the %CVP_HOME%\conf\ file contains the property line:

    -Security.keystorePW = [3X}}E7@nhMXGy{ou.5AL!+4Ffm868

    The password to copy would be [3X}}E7@nhMXGy{ou.5AL!+4Ffm868.

  4. Create a backup of the %CVP_HOME%\conf\security directory.

  5. Open a command-line prompt window, and change to the security configuration directory:

  6. Use the private key entry for vxml_certificate, in order to create the certificate signing request, remembering to enter the keystore password when prompted. A new csr file will be created on the file system:

    %CVP_HOME%\jre\bin\keytool.exe -certreq -alias vxml_certificate
    -storetype JCEKS -keystore .keystore -file vxml_certificate.csr
  7. Give the certificate signing request file (vxml_certificate.csr) to a trusted certificate authority. They will sign, returning one or more trusted certificates.

  8. Import the signed certificate file (for example, signed_vxml.crt) from your trusted certificate authority. Certificates must be imported in the order of the chained hierarchy (root, intermediate, signed certificate).

Note: This is documented in Cisco bug ID CSCts21084 (registered customers only) .

Related Information

Updated: May 17, 2012
Document ID: 113547