This document describes the process to configure secure communication between Cisco Unified Customer Voice Portal (CVP) server and Cisco Internetwork Operating System (IOS) devices.
There are no specific requirements for this document.
This document is not restricted to specific software and hardware versions.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
In order to to configure CVP server to securely communicate with Cisco IOS devices like Ingress gateway and/or Voice Extensible Markup Language (VXML) Gateway, You must complete these steps which are also reference in the CVP Security Guide
Step 1. Take a backup of .security keystore and folder located at %CVP_HOME%\conf.
Step 2. Import Root, Intermediate and Intermediate2 (if any) certificates in certificate store.
Step 3. Import CA Signed Call Server and VXML certificates.
Step 4. Rename Call Server and VXML .pem files to callserver.crt and VXML.crt file.
Step 5. Restart the Call Server and VXML services.
Step 6. Access Call Server and VXML Server certificates. They must reflect the current certificate dates.
In order to further configure HTTPS between Cisco Gateways and Call Server and VXML Server to the gateway for HTTPS, import the Call Server certificate and\or the VXML Server certificate on the IOS gateway.
Step 1. Enter https://ip_address_of_callserver:8443 in the address bar of the web browser to access the secure Call Server certificate or https://ip_address_of_vxmlserver:7443 to access the secure VXML Server certificate. The Security Alert dialog box appears.
Step 2. Click View Certificate.
Step 3. Select the Details tab.
Step 4. Click Copy to File. The Certificate Export Wizard dialog appears.
Step 5. Select Base-64 encoded X.509 (.CER), and then click Next.
Step 6. Specify a file name in the File to Export dialog box, and then click Next.
Step 7. Click Finish. A message indicates that the export was successful.
Step 8. Click OK, and close the Security Alert dialog box.
Step 9. Open the exported file in Notepad and copy the CVP Server certificate information that appears between the ---BEGIN CERTIFICATE-- and --END CERTIFICATE-- tags. This is used later in the procedure.
Step 10. Access global configuration mode on IOS gateway.
Step 11. Create and enroll a trustpoints by these commands:
crypto pki trustpoint xxxx
where xxxx is a trustpoint name.
crypto pki trustpoint ROOT
crypto pki trustpoint INTERMEDIATE
crypto pki trustpoint INTERMEDIATE2
crypto pki trustpoint cvpcallservernew
crypto pki trustpoint cvpvxmlnew
Step 12. Import Certificate Signatures on IOS gateway
Get the certifiate signature from step 9 and open Certificate Authority (CA) certificates in order to get their certificate signatures and import on IOS.
Returns to privileged EXEC mode on IOS Gateway.
Enter crypto pki auth <xxxx> where xxxx is the trustpoint name specified in the previous step.(for all the trust points)
Paste the certificate from the Notepad clipboard.(only the contents)