Certificates for Live Data Standalone

Similar documents
Certificates for Live Data

Reference. Base Configuration Updates

Cisco Finesse Administration Guide Release 11.6(1)

Unified CCX Administration Web Interface

Unified Contact Center Enterprise (UCCE) Single Sign On (SSO) Certificates and Configuration

SAML-Based SSO Configuration

Using SSL to Secure Client/Server Connections

SCCM Plug-in User Guide. Version 3.0

Configure the IM and Presence Service to Integrate with the Microsoft Exchange Server

SAML-Based SSO Configuration

The information in this document is based on these software and hardware versions:

Managing Security Certificates in Cisco Unified Operating System

System Administration

Managing Certificates

Troubleshooting Single Sign-On

Software Installations for Components

Troubleshooting Single Sign-On

Unified Communication Cluster Setup with CA Signed Multi Server Subject Alternate Name Configuration Example

Manage Finesse IP Phone Agent

Installing and Configuring vcloud Connector

Installing and Configuring vcloud Connector

Manage Certificates. Certificates Overview

Step-by-step installation guide for monitoring untrusted servers using Operations Manager

This document describes the configuration of Secure Sockets Layer (SSL) decryption on the FirePOWER Module using ASDM (On-Box Management).

The following table lists the supported upgrade paths to Cisco Finesse Release 11.5(1).

Cisco Unified Customer Voice Portal

Upgrade from a Standalone Deployment to a Coresident Deployment (Cisco Unified Intelligence Center with Live Data and IdS)

Configuring Windows 7 VPN (Agile) Client for authentication to McAfee Firewall Enterprise v8. David LePage - Enterprise Solutions Architect, Firewalls

AXIS Device Manager HTTPS certificate management

Set Up Certificate Validation

User can upgrade the firmware directly using the Web or Console.

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: November 10, 2011

Configure Cisco Finesse

LDAP Directory Integration

Guide to Deploying VMware Workspace ONE. VMware Identity Manager VMware AirWatch 9.1

LDAP Directory Integration

Configuration of Microsoft Live Communications Server for Partitioned Intradomain Federation

Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS)

Workspace ONE UEM Certificate Authentication for Cisco IPSec VPN. VMware Workspace ONE UEM 1810

Mitel MiVoice Connect Security Certificates

IceWarp SSL Certificate Process

Integrating AirWatch and VMware Identity Manager

Certificate Management

Guide to Deploying VMware Workspace ONE with VMware Identity Manager. SEP 2018 VMware Workspace ONE

Status Web Evaluator s Guide Software Pursuits, Inc.

Load Balancing VMware Workspace Portal/Identity Manager

Best Practices for Security Certificates w/ Connect

Configure TFTP Servers

Guide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1

AirWatch Mobile Device Management

Security Certificate Configuration for XMPP Federation

Hypertext Transfer Protocol Over Secure Sockets Layer (HTTPS)

Secure IIS Web Server with SSL

Cisco Finesse Installation and Upgrade Guide Release 10.5(1)

Using Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS)

BROWSER-BASED SUPPORT CONSOLE USER S GUIDE. 31 January 2017

Workspace ONE UEM Integration with RSA PKI. VMware Workspace ONE UEM 1810

Cisco Unified Serviceability

VMware Horizon View Deployment

Setting up Certificate Authentication for SonicWall SRA / SMA 100 Series

Enabling Microsoft Outlook Calendar Notifications for Meetings Scheduled from the Cisco Unified MeetingPlace End-User Web Interface

MediaSense Installation

System Setup. Accessing the Administration Interface CHAPTER

Upgrade Side A. Upgrade Side A Tasks

Domain Name and Node Name Changes

Common Ground Upgrade

Unified CCX Administration Web Interface

Domain Name and Node Name Changes

Cisco Finesse Installation and Upgrade Guide Release 11.5(1)

Troubleshooting Web Inbox

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

VMware AirWatch Certificate Authentication for Cisco IPSec VPN

Manage SAML Single Sign-On

Create Golden Template

Migrate Data from Cisco Secure ACS to Cisco ISE

Cisco Remote Expert Manager Agent s Workstation Setup Guide

Configuring Remote Access using the RDS Gateway

Cisco CTL Client setup

Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1

vrealize Suite Lifecycle Manager 1.0 Installation and Management vrealize Suite 2017

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

VMware AirWatch Integration with RSA PKI Guide


Unified CCX Upgrade. Unified CCX Upgrade Types. This chapter explains how to upgrade Unified CCX.

User guide NotifySCM Installer

BlackBerry AtHoc Networked Crisis Communication. Cisco IP Phone Blast NDS Installation Guide

Installing the Cisco Unified MeetingPlace Web Server Software

Common Ground Upgrade

Configure High Availability and Scalability

Configure the Cisco DNA Center Appliance

The Unified CVP upgrade process has been described in this chapter in the following sections:

Policy Manager for IBM WebSphere DataPower 7.2: Configuration Guide

Cisco CTL Client Setup

akkadian Global Directory 3.0 System Administration Guide

SAML SSO Deployment Guide for Cisco Unified Communications Applications, Release 12.0(1)

Preupgrade. Preupgrade overview

App Orchestration 2.6

Installing Your System Using Manual Deployment

CSM - How to install Third-Party SSL Certificates for GUI access

AMS Device View Installation Guide. Version 2.0 Installation Guide May 2018

Transcription:

Certificates and Secure Communications, on page 1 Export Self-Signed Live Data Certificates, on page 2 Import Self-Signed Live Data Certificates, on page 3 Produce Certificate Internally, on page 4 Deploy Root Certificate for Internet Explorer, on page 5 Set Up CA Certificate for Internet Explorer Browser, on page 5 Set Up CA Certificate for Firefox Browser, on page 6 Certificates and Secure Communications If you use HTTPS for secure Finesse, Cisco Unified Intelligence Center, and Live Data server-to-server communication, you must set up security certificates. For the Finesse and Cisco Unified Intelligence Center servers to communicate with the Live Data server, you must import the Live Data certificates and Cisco Unified Intelligence Center certificates into Finesse, and the Live Data certificates into Cisco Unified Intelligence Center: On Server Finesse Live Data Cisco Unified Intelligence Center Import Certificates From Live Data and Cisco Unified Intelligence Center None Live Data You can: Use the self-signed certificates provided with Live Data. When using self-signed certificates, agents must accept the Live Data certificates in the Finesse desktop when they sign in before they can use the Live Data gadget. Produce a Certification Authority (CA) certificate internally. Obtain and install a Certification Authority (CA) certificate from a third-party vendor. 1

Obtain and Upload Third-party CA Certificate Related Topics Export Self-Signed Live Data Certificates, on page 2 Import Self-Signed Live Data Certificates, on page 3 Set Up Certificates for Live Data Set up Microsoft Certificate Server for Windows Server 2012 R2, on page 4 Obtain and Upload Third-party CA Certificate You can use a Certification Authority (CA) certificate provided by a third-party vendor to establish an HTTPS connection between the Live Data, Finesse, and Cisco Unified Intelligence Center servers. To use third-party CA certificates: From the Live Data servers, generate and download Certificate Signing Requests (CSR) for root and application certificates. Obtain root and application certificates from the third party vendor. Upload the appropriate certificates to the Live Data, Unified Intelligence Center, and Finesse servers. Follow the instructions provided in the Unified CCE Solution: to Obtain and Upload Third-Party CA certificates (Version 11.x) technical note at : https://www.cisco.com/c/en/us/support/docs/ customer-collaboration/unified-contact-center-enterprise-1101/ 200286-Unified-CCE-Solution--to-Obtai.html. Export Self-Signed Live Data Certificates Live Data installation includes the generation of self-signed certificates. If you choose to work with these self-signed certificates (rather than producing your own CA certificate or obtaining a CA certificate from a third-party certificate vendor), you must first export the certificates from Live Data and Cisco Unified Intelligence Center, as described in this procedure. You must export from both Side A and Side B of the Live Data and Cisco Unified Intelligence Center servers. You must then import the certificates into Finesse, importing both Side A and Side B certificates into each side of the Finesse servers. As is the case when using other self-signed certificates, agents must accept the Live Data certificates in the Finesse desktop when they sign in before they can use the Live Data gadget. Sign in to Cisco Unified Operating System Administration on the Live Data server (http://hostname of Live Data server/cmplatform). From the Security menu, select Certificate Management. Click Find. Do one of the following: If the tomcat-trust certificate for your server is not on the list, click Generate New. When the certificate generation is complete, reboot your server. Then restart this procedure. If the tomcat-trust certificate for your server is on the list, click the certificate to select it. (Ensure that the certificate you select includes the hostname for the server.) 2

Import Self-Signed Live Data Certificates Click Download.pem file and save the file to your desktop. Be sure to perform these steps for both Side A and Side B. After you have downloaded the Live Data certificates, sign in to Cisco Unified Operating System Administration on the Cisco Unified Intelligence Center server (http://hostname of CUIC server/cmplatform), and repeat steps 2 to 5. What to do next You must now import the Live Data and Cisco Unified Intelligence Center certificates into the Finesse servers. Related Topics Import Self-Signed Live Data Certificates, on page 3 Import Self-Signed Live Data Certificates To import the certificates into the Finesse servers, use the following procedure. Sign in to Cisco Unified Operating System Administration on the Finesse server using the following URL: http://fqdn of Finesse server:8443/cmplatform From the Security menu, select Certificate Management. Click Upload Certificate. From the Certificate Name drop-down list, select tomcat-trust. Click Browse and browse to the location of the Live Data or Cisco Unified Intelligence Center certificate (with the.pem file extension). Select the file, and click Upload File. Repeat steps 3 to 6 for the remaining unloaded certificate. After you upload both certificates, restart Cisco Finesse Tomcat on the Finesse server. What to do next Be sure to perform these steps for both Side A and Side B. Related Topics Export Self-Signed Live Data Certificates, on page 2 3

Produce Certificate Internally Produce Certificate Internally Set up Microsoft Certificate Server for Windows Server 2012 R2 This procedure assumes that your deployment includes a Windows Server 2012 R2 (Standard) Active Directory server. Perform the following steps to add the Active Directory Certificate Services role on the Windows Server 2012 R2 (Standard) domain controller. Before you begin Before you begin, Microsoft.Net Framework 3.5 Service Pack 1 must be installed. See Windows Server 2012 documentation for instructions. In Windows, open the Server Manager. In the Quick Start window, click Add Roles and Features. Step 9 0 1 2 3 4 5 In the Set Installation Type tab, select Role-based or feature-based installation, and then click Next. In the Server Selection tab, select the destination server then click Next. In the Server Roles tab, check the Active Directory Certificate Services box, and then click the Add Features button in the pop-up window. In the Features and AD CS tabs, click Next to accept default values. In the Role Services tab, verify that the Certification Authority box is checked, and then click Next. In the Confirmation tab, click Install. After the installation is complete, click the Configure Active Directory Certificate Service on the destination server link. Verify that the credentials are correct (for the domain Administrator user), and then click Next. In the Role Services tab, check the Certification Authority box, and then click Next. In the Setup Type tab, select Enterprise CA, and then click Next. In the CA Type tab, select Root CA, and then click Next. In the Private Key, Cryptography, CA Name, Validity Period, and Certificate Database tabs, click Next to accept default values. Review the information in the Confirmation tab, and then click Configure. Download CA certificate This procedure assumes that you are using the Windows Certificate Services. Perform the following steps to retrieve the root CA certificate from the certificate authority. After you retrieve the root certificate, each user must install it in the browser used to access Finesse. 4

Deploy Root Certificate for Internet Explorer On the Windows domain controller, run the CLI command certutil -ca.cert ca_name.cer, in which ca_name is the name of your certificate. Save the file. where you saved the file so you can retrieve it later. Deploy Root Certificate for Internet Explorer In environments where group policies are enforced via the Active Directory domain, the root certificate can be added automatically to each user's Internet Explorer. Adding the certificate automatically simplifies user requirements for configuration. To avoid certificate warnings, each user must use the fully-qualified domain name (FQDN) of the Finesse server to access the desktop. On the Windows domain controller, navigate to Administrative Tools > Group Policy Management. Users who have strict Group Policy defined on the Finesse Agent Desktop are required to disable Cross Document Messaging from Group Policy Management to ensure proper functioning of Finesse on Internet Explorer 11. Right-click Default Domain Policy and select Edit. In the Group Policy Management Console, go to Computer Configuration > Policies > Window Settings > Security Settings > Public Key Policies. Right-click Trusted Root Certification Authorities and select Import. Import the ca_name.cer file. Go to Computer Configuration > Policies > Windows Settings > Security Settings > Public Key Policies > Certificate Services Client - Auto-Enrollment. Step 9 From the Configuration Model list, select Enabled. Sign in as a user on a computer that is part of the domain and open Internet Explorer. If the user does not have the certificate, run the command gpupdate.exe /target:computer /force on the user's computer. Set Up CA Certificate for Internet Explorer Browser After obtaining and uploading the CA certificates, either the certificate must be automatically installed via group policy or all users must accept the certificate. 5

Set Up CA Certificate for Firefox Browser In environments where users do not log directly in to a domain or group policies are not utilized, every Internet Explorer user in the system must perform the following steps once to accept the certificate. Step 9 0 1 2 3 In Windows Explorer, double-click the ca_name.cer file (in which ca_name is the name of your certificate) and then click Open. Click Install Certificate > Next > Place all certificates in the following store. Click Browse and select Trusted Root Certification Authorities. Click OK. Click Next. Click Finish. A message appears that states you are about to install a certificate from a certification authority (CA). Click Yes. A message appears that states the import was successful. To verify the certificate was installed, open Internet Explorer. From the browser menu, select Tools > Internet Options. Click the Content tab. Click Certificates. Click the Trusted Root Certification Authorities tab. Ensure that the new certificate appears in the list. Restart the browser for certificate installation to take effect. If using Internet Explorer 11, you may receive a prompt to accept the certificate even if signed by private CA. Set Up CA Certificate for Firefox Browser Every Firefox user in the system must perform the following steps once to accept the certificate. To avoid certificate warnings, each user must use the fully-qualified domain name (FQDN) of the Finesse server to access the desktop. From the Firefox browser menu, select Options. Click Advanced. 6

Click the Certificates tab. Click View Certificates. Click Authorities. Click Import and browse to the ca_name.cer file (in which ca_name is the name of your certificate). Check the Validate Identical Certificates check box. Restart the browser for certificate installation to take effect. 7

8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback