SSL Encryption Utility
Unified CCE web servers are configured for secure access (HTTPS). Cisco provides SSL Encryption Utility (SSLUtil.exe) to help you configure web servers for use with SSL.
 Note |
The SSL Encryption Utility is supported on servers running Windows Server. |
Operating system facilities such as IIS can also accomplish the operations performed by the SSL encryption utility; however the Cisco utility simplifies the process.
SSLUtil.exe is located in the <ICMInstallDrive>\icm\bin folder. You can invoke the SSL Encryption Utility in standalone mode or automatically as part of setup.
The SSL Encryption Utility generates log messages pertaining to the operations that it performs. When it runs as part of setup, log messages are written to the setup log file. When the utility is in standalone mode, the log messages appear in the SSL Utility Window and the <SystemDrive>\temp\SSLUtil.log file.
The SSL Encryption Utility performs the following major functions:
-
SSL Configuration
-
SSL Certificate Administration
SSL is available for Unified CCE web applications installed on Windows Server. You can configure Internet Script Editor for SSL.
SSL Installation During Setup
By default, setup enables SSL for Unified CCE Internet Script Editor application.
Note |
If you use IIS manager to modify SSL settings while the SSL Configuration Utility is open, the SSL Configuration Utility does not reflect those changes until you restart the utility. |
The SSL Configuration Utility also facilitates creation of self-signed certificates and installation of the created certificate in IIS. You can also remove a certificate from IIS using this tool. When invoked as part of setup, the SSL Configuration Utility sets SSL port in IIS to 443 if it is found to be blank.
To use SSL for Internet Script Editor, accept the default settings during installation and the supported servers use SSL.
When the utility runs during setup a self-signed certificate is generated (using OpenSSL), imported into the Local Machine Store, and installed on the web server. Virtual directories are enabled and configured for SSL with 128-bit encryption.
Note |
During setup, if a certificate exists or the web server has an existing server certificate installed, a log entry is added and no changes take effect. Use the utility in standalone mode or directly use the IIS Services Manager to do any certificate management changes. |
SSL Encryption Utility in Standalone Mode
In standalone mode, the SSL Configuration Utility displays the list of Unified ICM instances installed on the local machine. When Unified ICM instance is selected, the web applications installed and their SSL settings are displayed. You can then alter the SSL settings for the web application.
The SSL Configuration Utility also facilitates the creation of self-signed certificates and the installation of the created certificate in IIS. You can also remove a certificate from IIS using this tool. When invoked as part of setup, the SSL Configuration Utility sets SSL port in IIS to 443 if it is found to be blank.
Transport Layer Security (TLS) Requirement
Contact center enterprise solutions use Transport Layer Security (TLS). Refer to your browser's documentation for details on how to configure support for TLS. See the Unified CCE Solution Compatibility Matrix at https://www.cisco.com/c/en/us/support/customer-collaboration/unified-contact-center-enterprise/products-device-support-tables-list.html for the supported TLS versions.
Note |
For backward compatibility with the earlier versions of clients, you can downgrade the Unified CCE Windows systems to earlier versions of TLS by following Microsoft procedures. If you apply security hardening without configuring support for TLS, your browser cannot connect to the web server. An error message indicates that the page is either unavailable or that the website is experiencing technical difficulties. |
Feedback