This document describes how to configure Cisco Customer Voice Portal (CVP) Call Server and Voice Extensible Markup Language (VXML) Server Transport Layer Security (TLS) support for HyperText Transfer Protocol (HTTP).
Cisco recommends that you have knowledge of these topics:
CVP VXML Server
Cisco Virtual Voice Browser (CVVB)
The information in this document is based on these software versions:
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
At present, the VXML Server can have three secure interfaces with different components, as shown in the image.
TLS Interface of VXML Server
Interface 1. This is the Hypertext Transfer Protocol (HTTP) interface between VXML Gateway, Cisco Virtualized Voice Browser (CVVB) and VXML Server. Here the VXML Server acts as a server.
Interface 2. This is the typical HTTP Interface where the VXML Server interacts with an external Web server that uses HTTP/Simple Object Access Protocol (SOAP) interface. This interface is defined as a part of the custom element or WebService element or SOAP element.
Interface 3. This is external Database (DB) (Microsoft Structured Query Language (MSSQL) Server and ORACLE DB), that uses built-in DB Element interface or custom element interface.
In this scenario, in the Interface 1., VXML Server acts as a server, and in Interface 2. and 3., VXML Server acts as secure clients.
Problem: How to Enable TLS 1.2 on Different Interfaces of CVP VXML Server
CVP VXML Server communicates to various devices and servers with help of different interfaces. TLS 1.2 has to be enabled on all of them to achieve desired security level.
Procedure to Enable TLS 1.2 in Interface 1
In this interface, as described earlier, CVP VXML Server acts as a server. This secure implementation is done by Tomcat. This configuration is controlled by the server.xml in Tomcat.