Secure JMX Communication between CVP Components
You can secure JMX communication by:
-
Exchanging the self-signed certificates between the components.
-
Signing the certificates by a Certificate Authority.
Self-Signed Certificates
On Call Server or VXML Server or Reporting Server
Procedure
Step 1 |
Export the WSM certificate from Call/Vxml Server: %CVP_HOME%\jre\bin\keytool.exe -export -v -keystore %CVP_HOME%\conf\security\.keystore -storetype JCEKS -alias wsm_certificate -file %CVP_HOME%\conf\security\<wsm_security.cer> |
||
Step 2 |
Enter the keystore password when prompted. |
||
Step 3 |
Import the WSMcertificate to the keystore of Call/Vxml Server: %CVP_HOME%\jre\bin\keytool.exe -export -v -keystore %CVP_HOME%\conf\security\.keystore -storetype JCEKS -alias wsm_certificate -file %CVP_HOME%\conf\security\<wsm_security.cer> |
||
Step 4 |
Copy the exported WSM certificate to %CVP_HOME%\conf\security\ on the OAMP machine.
|
On OAMP
Log in to the Operations Console Server. Retrieve the keystore password from the security.properties file.
![]() Note |
At the command prompt, enter more %CVP_HOME%\conf\security.properties. Security.keystorePW = <Returns the keystore password> Enter the keystore password when prompted. |
Procedure
Step 1 |
Import the copied WSMcertificate to OAMP: %CVP_HOME%\conf\security\ by running %CVP_HOME%\jre\bin\keytool.exe -import -trustcacerts -keystore %CVP_HOME%\conf\security\.keystore -storetype JCEKS -alias oamp_wsm_certificate -file %CVP_HOME%\conf\security\<wsm_security.cer>. . |
Step 2 |
Enter the keystore password when prompted. |
Step 3 |
Trust this certificate? [no]: yes |
Step 4 |
Export the OAMP certificate: %CVP_HOME%\jre\bin\keytool.exe -export -v -keystore %CVP_HOME%\conf\security\.keystore -storetype JCEKS -alias oamp_certificate -file %CVP_HOME%\conf\security\<oamp_cert.cer> |
Step 5 |
Enter the keystore password when prompted. |
Step 6 |
Copy the generated OAMP certificate to %CVP_HOME%\conf\security\ on each Call Server/VXML Server/Reporting Server. |
Step 7 |
Restart OAMP service. |
Step 8 |
Log into OAMP. To enable secure communication between OAMP and Call Server or VXML Server, navigate to Enable secure communication with the Ops console check box. Save and deploy both Call Server and VXML Server. . Check the |
On Call Server or VXML Server or Reporting Server
Procedure
Step 1 |
Import the certificate to the callserver keystore: %CVP_HOME%\jre\bin\keytool.exe -import -trustcacerts -keystore %CVP_HOME%\conf\security\.keystore -storetype JCEKS -alias oamp_certificate -file %CVP_HOME%\conf\security\oamp_security.cer |
Step 2 |
Enter the keystore password when prompted. |
Step 3 |
Restart the Operation Console Server and the Call Server. |
Step 4 |
Configure ORM in CVP: |
Step 5 |
Configure JMX of Call Server in CVP: |
Step 6 |
Configure JMX of VXMLServer in CVP: |
Step 7 |
Restart Cisco CVP Call Server and VXML Server. |
Step 8 |
Repeat the steps for all the Call Servers. |
On Call Server or VXML Server or Reporting Server
Procedure
Step 1 |
Import the certificate to the callserver keystore by running %CVP_HOME%\jre\bin\keytool.exe -import -trustcacerts -keystore %CVP_HOME%\conf\security\.keystore -storetype JCEKS -alias wsm_oamp_certificate -file %CVP_HOME%\conf\security\<oamp_security.cer>. |
Step 2 |
Enter the keystore password when prompted. |
Step 3 |
Restart the Operation Console Server and the Call Server. |
On OAMP
Log in to the Operations Console Server. Retrieve the keystore password from the security.properties file.
![]() Note |
At the command prompt, enter more %CVP_HOME%\conf\security.properties. Security.keystorePW = <Returns the keystore password> Enter the keystore password when prompted. |
Procedure
Step 1 |
Export the OAMP certificate by running %CVP_HOME%\jre\bin\keytool.exe -export -v -keystore %CVP_HOME%\conf\security\.keystore -storetype JCEKS -alias oamp_certificate -file %CVP_HOME%\conf\security\<oamp_security.cer>. |
Step 2 |
Enter the keystore password when prompted. |
Step 3 |
Copy the WSM certificate you exported from the Call Server/VXML Server/Reporting Server to %CVP_HOME%\conf\security\ and import the certificate to the callserver key store by running %CVP_HOME%\jre\bin\keytool.exe -import -trustcacerts -keystore %CVP_HOME%\conf\security\.keystore -storetype JCEKS -alias oamp_wsm_certificate -file %CVP_HOME%\conf\security\<wsm_security.cer>. |
Step 4 |
Enter the keystore password when prompted. |
On Call Server or VXML Server or Reporting Server
Log in to the Call Server or VXML Server or Reporting Server. Retrieve the keystore password from the security.properties file.
![]() Note |
At the command prompt, enter more %CVP_HOME%\conf\security.properties. Security.keystorePW = <Returns the keystore password> Enter the keystore password when prompted. |
Procedure
Step 1 |
Export the WSM certificate by running %CVP_HOME%\jre\bin\keytool.exe -export -v -keystore %CVP_HOME%\conf\security\.keystore -storetype JCEKS -alias wsm_certificate -file %CVP_HOME%\conf\security\<wsm_security.cer>. |
||
Step 2 |
Enter the keystore password when prompted. |
||
Step 3 |
Copy the OAMP certificate exported from the OAMP to %CVP_HOME%\conf\security\ and import the certificate to the callserver keystore by running %CVP_HOME%\jre\bin\keytool.exe -import -trustcacerts -keystore %CVP_HOME%\conf\security\.keystore -storetype JCEKS -alias wsm_oamp_certificate -file %CVP_HOME%\conf\security\<oamp_security.cer>. |
||
Step 4 |
Enter the keystore password when prompted. |
||
Step 5 |
Import the WSM certificate into the call server keystore by running %CVP_HOME%\jre\bin\keytool.exe -import -trustcacerts -keystore %CVP_HOME%\conf\security\.keystore -storetype JCEKS -alias vxml_wsm_certificate -file %CVP_HOME%\conf\security\<wsm_security.cer>. |
||
Step 6 |
Enter the keystore password when prompted.
|
![]() Note |
To enable Courtesy Callback feature in the secure mode, you must exchange the Call Server and Reporting Server certificates and place the certificates in %CVP_HOME%\conf\security\.keystore of each server. |
On Call Server or VXML Server or Reporting Server
Log in to the CVP/Reporting Server. Retrieve the keystore password from the security.properties file.
![]() Note |
At the command prompt, enter more %CVP_HOME%\conf\security.properties. Security.keystorePW = <Returns the keystore password> Enter the keystore password when prompted. |
Procedure
Step 1 |
Export the following certificates: |
Step 2 |
Enter the keystore password when prompted. |
Step 3 |
Copy all the generated certificates from the %CVP_HOME%\conf\security\ folder of the Call/VXML/Reporting Server machine to the %CVP_HOME%\conf\security\ folder on the OAMP machine. |
Step 4 |
On the OAMP machine, export the OAMP Server certificate by running %CVP_HOME%\jre\bin\keytool.exe -export -v -keystore %CVP_HOME%\conf\security\.keystore -storetype JCEKS -alias oamp_certificate -file %CVP_HOME%\conf\security\oamp_security.cer |
Step 5 |
Enter the keystore password when prompted. |
Step 6 |
Copy the generated OAMP Server certificate from the %CVP_HOME%\conf\security\ folder of the OAMP machine to the %CVP_HOME%\conf\security\ folder of the CVP/Reporting Server machine. |
Step 7 |
On the CVP/Reporting Server machine, import the OAMP Server certificate by running %CVP_HOME%\jre\bin\keytool.exe -import -trustcacerts -keystore %CVP_HOME%\conf\security\.keystore -storetype JCEKS -alias oamp_certificate -file %CVP_HOME%\conf\security\oamp_security.cer |
Step 8 |
Enter the keystore password when prompted. |
Step 9 |
Trust this certificate? [no]: yes |
Step 10 |
Configure WSM in CVP: |
Step 11 |
Configure JMX of callserver in CVP. Go to c:\cisco\cvp\conf\jmx_callserver.conf. Update the file as shown and save the file:
|
Step 12 |
Configure JMX of VXMLServer in CVP. Go to c:\cisco\cvp\conf\jmx_vxml.conf. Edit the file as shown and save the file:
|
Step 13 |
Restart the Operation Console Server and the Call Server machines. |
On OAMP
Log in to the Operations Console Server. Retrieve the keystore password from the security.properties file.
![]() Note |
At the command prompt, enter more %CVP_HOME%\conf\security.properties. Security.keystorePW = <Returns the keystore password> Enter the keystore password when prompted. |
Procedure
Step 1 |
Import the following certificates:
|
Step 2 |
Enter the keystore password when prompted. |
Step 3 |
Trust this certificate? [no]: yes |
Step 4 |
Restart OAMP service. |
Step 5 |
Log into OAMP. To enable secure communication between OAMP and Call Server or VXML Server or Reporting Server, navigate to Enable secure communication with the Ops console check box. Save and deploy both Call Server and VXML Server. . Check the |
CA-Signed Certificates
On OAMP
Log in to the Operations Console Server. Retrieve the keystore password from the security.properties file.
![]() Note |
At the command prompt, enter more %CVP_HOME%\conf\security.properties Security.keystorePW = <Returns the keystore password> Enter the keystore password when prompted. |
Procedure
Step 1 |
Generate CSR on OAMP by running %CVP_HOME%\jre\bin\keytool.exe -storetype JCEKS -keystore %CVP_HOME%\conf\security\.keystore -certreq -alias oamp_certificate -file %CVP_HOME%\conf\security\oamp.csr |
Step 2 |
Enter the keystore password when prompted. |
Step 3 |
Sign the certificate on a CA. |
Step 4 |
Copy the root CA certificate and the CA-signed certificate to %CVP_HOME%\conf\security\ |
Step 5 |
Import the root CA certificate by running %CVP_HOME%\jre\bin\keytool.exe -storetype JCEKS -keystore %CVP_HOME%\conf\security\.keystore -import -v -trustcacerts -alias root -file %CVP_HOME%\conf\security\<filename_of_root_cert> |
Step 6 |
Enter the keystore password when prompted. |
Step 7 |
Import the CA-signed certificate by running %CVP_HOME%\jre\bin\keytool.exe -storetype JCEKS -keystore %CVP_HOME%\conf\security\.keystore -import -v -trustcacerts -alias oamp_certificate -file %CVP_HOME%\conf\security\<filename_of_CA_signed_cert> |
Step 8 |
Run the regedit command: Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Apache Software Foundation\Procrun 2.0\OPSConsoleServer\Parameters\Java\Options
|
On Call Server/VXML Server/Reporting Server/WSM Server
Log in to the Call Server or VXML Server or Reporting Server or WSM Server. Retrieve the keystore password from the security.properties file.
![]() Note |
At the command prompt, enter more %CVP_HOME%\conf\security.properties Security.keystorePW = <Returns the keystore password> Enter the keystore password when prompted. |
Procedure
Step 1 |
Generate CSR on Call Server by running %CVP_HOME%\jre\bin\keytool.exe -storetype JCEKS -keystore %CVP_HOME%\conf\security\.keystore -certreq -alias callserver_certificate -file %CVP_HOME%\conf\security\callserver.csr |
||
Step 2 |
Repeat Step 1 for VXML Server, Reporting Server, and WSM Server. |
||
Step 3 |
Sign the certificate on a CA. |
||
Step 4 |
Copy the root CA certificate and the CA-signed certificate to %CVP_HOME%\conf\security\ |
||
Step 5 |
Import the root CA certificate by running %CVP_HOME%\jre\bin\keytool.exe -storetype JCEKS -keystore %CVP_HOME%\conf\security\.keystore -import -v -trustcacerts -alias root -file %CVP_HOME%\conf\security\<filename_of_root_cert> |
||
Step 6 |
Enter the keystore password when prompted. |
||
Step 7 |
Import the CA-signed certificate by running %CVP_HOME%\jre\bin\keytool.exe -storetype JCEKS -keystore %CVP_HOME%\conf\security\.keystore -import -v -trustcacerts -alias callserver_certificate -file %CVP_HOME%\conf\security\<filename_of_CA_signed_cert> |
||
Step 8 |
Repeat Step 7 for VXML Server, Reporting Server, and WSM Server. |
||
Step 9 |
Configure WSM in CVP: |
||
Step 10 |
Configure JMX of callserver in CVP: |
||
Step 11 |
Configure JMX of VXMLServer in CVP: Go to c:/cisco/cvp/conf/jmx_vxml.conf Edit the file as shown and save the file:
|
||
Step 12 |
Restart the Operation Console Server and the CVP server.
|
||
Step 13 |
Repeat the steps for Call Server, VXML Server, and Reporting Server. |