Certificates for Live Data

Similar documents
Certificates for Live Data Standalone

Reference. Base Configuration Updates

Cisco Finesse Administration Guide Release 11.6(1)

Using SSL to Secure Client/Server Connections

Unified Contact Center Enterprise (UCCE) Single Sign On (SSO) Certificates and Configuration

Manage Finesse IP Phone Agent

Configure the IM and Presence Service to Integrate with the Microsoft Exchange Server

SAML-Based SSO Configuration

Unified CCX Administration Web Interface

Managing Security Certificates in Cisco Unified Operating System

The information in this document is based on these software and hardware versions:

Managing Certificates

Domain Name and Node Name Changes

Step-by-step installation guide for monitoring untrusted servers using Operations Manager

Troubleshooting Single Sign-On

Troubleshooting Single Sign-On

Configuration of Microsoft Live Communications Server for Partitioned Intradomain Federation

Set Up Certificate Validation

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: November 10, 2011

Domain Name and Node Name Changes

Installing and Configuring vcloud Connector

SAML-Based SSO Configuration

VMware Horizon View Deployment

Best Practices for Security Certificates w/ Connect

Secure IIS Web Server with SSL

The following table lists the supported upgrade paths to Cisco Finesse Release 11.5(1).

Unified Communication Cluster Setup with CA Signed Multi Server Subject Alternate Name Configuration Example

Installing and Configuring vcloud Connector

Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS)

Mitel MiVoice Connect Security Certificates

IceWarp SSL Certificate Process

Enabling Microsoft Outlook Calendar Notifications for Meetings Scheduled from the Cisco Unified MeetingPlace End-User Web Interface

Software Installations for Components

Hypertext Transfer Protocol Over Secure Sockets Layer (HTTPS)

User can upgrade the firmware directly using the Web or Console.

Live Data Gadget Failover

App Orchestration 2.6

Using Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS)

Cisco Unified Customer Voice Portal

System Administration

Unified CCX Administration Web Interface

SCCM Plug-in User Guide. Version 3.0

SAML SSO Deployment Guide for Cisco Unified Communications Applications, Release 12.0(1)

Configuring Windows 7 VPN (Agile) Client for authentication to McAfee Firewall Enterprise v8. David LePage - Enterprise Solutions Architect, Firewalls

Quick Start Guide for SAML SSO Access

LDAP Directory Integration

Manage Certificates. Certificates Overview

BROWSER-BASED SUPPORT CONSOLE USER S GUIDE. 31 January 2017

System Setup. Accessing the Administration Interface CHAPTER

LDAP Directory Integration

AXIS Device Manager HTTPS certificate management

AirWatch Mobile Device Management

Setting up Certificate Authentication for SonicWall SRA / SMA 100 Series

akkadian Global Directory 3.0 System Administration Guide

MediaSense Installation

Security Certificate Configuration for XMPP Federation

Configure TFTP Servers

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

Installing a SSL Server Certificate on Client Access Server

Manage Team Resources

VMware AirWatch Certificate Authentication for Cisco IPSec VPN

Cisco CTL Client setup

Cisco Finesse Installation and Upgrade Guide Release 10.5(1)

Quick Start Guide for SAML SSO Access

Upgrade from a Standalone Deployment to a Coresident Deployment (Cisco Unified Intelligence Center with Live Data and IdS)

Manage SAML Single Sign-On

Skype for Business Configuration for Partitioned Intradomain Federation

Using the Terminal Services Gateway Lesson 10

Change Server Domain

Guide to Deploying VMware Workspace ONE. VMware Identity Manager VMware AirWatch 9.1

Endpoint Manager for Mobile Devices Setup Guide

Maintaining Cisco Unity Connection Server

Workspace ONE UEM Certificate Authentication for Cisco IPSec VPN. VMware Workspace ONE UEM 1810

Configuring Cisco Unified MeetingPlace Web Conferencing Security Features

INSTALLING LYNC SERVER 2013 EE POOL ON WINDOWS SERVER 2012

Configure the Cisco DNA Center Appliance

Cisco CTL Client Setup

Certificate Renewal on Cisco Identity Services Engine Configuration Guide

Create Virtual Machines for Components

Cisco Unified Communications Operating System Administration Guide for Cisco Unity Connection Release 12.x

Installation and Configuration Guide for Visual Voic Release 8.5

Guide to Deploying VMware Workspace ONE with VMware Identity Manager. SEP 2018 VMware Workspace ONE

AppController :21:56 UTC Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

Configuring Client Computers for Cisco Unified Communications for RTX

Cisco Unified Serviceability

Migrate Data from Cisco Secure ACS to Cisco ISE

Red Hat Virtualization 4.2

Wavecrest Certificate SHA-512

Sophos Mobile as a Service

Sophos Mobile SaaS startup guide. Product version: 7.1

Cisco Finesse Installation and Upgrade Guide Release 11.5(1)

Guide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1

CHAPTER. Introduction

Installing Your System Using Manual Deployment

Security and Certificates

Load Balancing VMware Workspace Portal/Identity Manager

Unity Connection Version 10.5 SAML SSO Configuration Example

Workspace ONE UEM Integration with RSA PKI. VMware Workspace ONE UEM 1810

A certificate request and installation, can be performed by using the following tools:

Configuring Cisco Mobility Express controller

Transcription:

You must set up security certificates for Finesse and Cisco Unified Intelligence Center with HTTPS. You can: Use the self-signed certificates provided with Finesse and Cisco Unified Intelligence Center. Obtain and install a Certification Authority (CA) certificate from a third-party vendor. Produce a certificate internally. Note As is the case when using other self-signed certificates, agents must accept the Live Data certificates in the Finesse desktop when the sign in before they can use the Live Data gadget. Add Self-Signed, page 1 Obtain and Upload CA Certificate for Live Data, page 2 Produce Certificate Internally, page 3 Deploy Root Certificate for Internet Explorer, page 4 Set Up CA Certificate for Internet Explorer Browser, page 5 Set Up CA Certificate for Firefox Browser, page 6 Add Self-Signed Both Finesse and Unified Intelligence Center are installed with self-signed certificates. If you choose to work with these self-signed certificates (rather than producing your own CA certificate or obtaining a CA certificate from a third-party certificate vendor), you must first export the certificates from the Unified Intelligence Center Publisher and Subscriber. You must then import the certificates into Finesse, importing the Publisher certificate to the Finesse Primary node and the Subscriber certificate to the Finesse Secondary node. As is the case when using other self-signed certificates, agents must accept the Live Data certificates in the Finesse desktop when they sign in before they can use the Live Data gadget. 1

Obtain and Upload CA Certificate for Live Data Sign in to Cisco Unified Operating System Administration on Cisco Unified Intelligence Center (https://<hostname of Cisco Unified Intelligence Center server>/cmplatform). From the Security menu, select Certificate Management. Click Find. Do one of the following: If the tomcat certificate for your server is not on the list, click Generate New. When the certificate generation is complete, reboot your server. Then restart this procedure. If the tomcat certificate for your server is on the list, click the certificate to select it. (Ensure that the certificate you select includes the hostname for the server.) 0 1 2 Click Download.pem file and save the file to your desktop. You must download the certificates that contain the hostnames Cisco Unified Intelligence Center publisher and Cisco Unified Intelligence Center subscriber. Sign in to Cisco Unified Operating System Administration on the primary Finesse server (http://hostname of Finesse server/cmplatform). From the Security menu, select Certificate Management. Click Upload Certificate. From the Certificate Name drop-down list, select tomcat-trust. Click Browse and browse to the location of the.pem files (Cisco Unified Intelligence Center publisher and subscriber certificates). Click Upload File. Restart Cisco Tomcat on the Finesse server. Obtain and Upload CA Certificate for Live Data You must perform the following steps on both the Cisco Unified Intelligence Center publisher server and the Finesse primary server. Use the Certificate Management utility from Cisco Unified Communications Operating System Administration. To open Cisco Unified Communications Operating System Administration, enter the following URL in your browser: https://hostname of Finesse or Cisco Unified Intelligence Center server/cmplatform Generate a CSR. a) Select Security > Certificate Management > Generate CSR. b) From the Certificate Name drop-down list, select tomcat. 2

Produce Certificate Internally c) Click Generate CSR. 0 1 2 3 Download the CSR. a) Select Security > Certificate Management > Download CSR. b) From the Certificate Name drop-down list, select tomcat. c) Click Download CSR. Use the CSR to obtain the signed application certificate and the CA root certificate from the Certificate Authority. When you receive the certificates, select Security > Certificate Management > Upload Certificate. Upload the root certificate. a) From the Certificate Name drop-down list, select tomcat-trust. b) In the Upload File field, click Browse and browse to the root certificate file. c) Click Upload File. Upload the application certificate. a) From the Certificate Name drop-down list, select tomcat. b) In the Root Certificate field, enter the name of the CA root certificate. c) In the Upload File field, click Browse and browse to the application certificate file. d) Click Upload File. After the upload is complete, access the CLI on the primary Finesse server. Enter the command utils service restart Cisco Finesse Notification Service to restart the Cisco Finesse Notification service. Enter the command utils service restart Cisco Tomcat to restart the Cisco Tomcat service. Upload the root certificate and application certificate to the Cisco Unified Intelligence Center publisher server. After the upload is complete, access the CLI on the Cisco Unified Intelligence Center server. Enter the command utils service restart Intelligence Center Openfire Service to restart the Intelligence Center Openfire service. Enter the command utils service restart Intelligence Center Reporting Service to restart the Intelligence Center Reporting service. Produce Certificate Internally Set Up Microsoft Certificate Server This procedure assumes that your deployment includes a Windows Server 2008 Active Directory server. Perform the following steps to add the Active Directory Certificate Services role on the Windows 2008 domain controller. 3

Download CA Certificate 0 Click Start, right-click Computer, and select Manage. In the left pane, click Roles. In the right pane, click Add Roles. The Add Roles Wizard opens. On the Select Server Roles screen, check the Active Directory Certificate Services check box, and then click Next. On the Introduction to Active Directory Certificate Services screen, click Next. On the Select Role Services screen, check the Certification Authority check box, and then click Next. On the Specify Setup Type screen, select Enterprise, and then click Next. On the Specify CA Type screen, select Root CA, and then click Next. Click Next on the Set Up Private Key, Configure Cryptography for CA, Configure CA Name, Set Validity Period, and Configure Certificate Database screens to accept the default values. On the Confirm Installations Selections screen, verify the information, and then click Install. Download CA Certificate This procedure assumes that you are using the Windows Certificate Services. Perform the following steps to retrieve the root CA certificate from the certificate authority. After you retrieve the root certificate, each user must install it in the browser used to access Finesse. On the Windows 2008 domain controller, run the CLI command certutil -ca.cert ca_name.cer. Save the file. Note where you saved the file so you can retrieve it later. Deploy Root Certificate for Internet Explorer In environments where group policies are enforced using the Active Directory domain, the root certificate can be added automatically to each user's Internet Explorer. Adding the certificate automatically simplifies user requirements for configuration. Note To avoid certificate warnings, each user must use the fully qualified domain name (FQDN) of the Finesse server to access the desktop. 4

Set Up CA Certificate for Internet Explorer Browser On the Windows 2008 domain controller, click Start > Administrative Tools > Group Policy Management. Right-click Default Domain Policy and select Edit. In the Group Policy Management Console, go to Computer Configuration > Policies > Window Settings > Security Settings > Public Key Policies. Right-click Trusted Root Certification Authorities and select Import. Import the ca_name.cer file. Go to Computer Configuration > Policies > Windows Settings > Security Settings > Public Key Policies > Certificate Services Client - Auto-Enrollment. From the Configuration Model list, select Enabled. Sign in as a user on a computer that is part of the domain and open Internet Explorer. If the user does not have the certificate, run the command gpupdate.exe /target:computer /force on the user's computer. Set Up CA Certificate for Internet Explorer Browser After obtaining and uploading the CA certificates, either the certificate must be automatically installed via group policy or all users must accept the certificate. In environments where users do not log directly in to a domain or group policies are not utilized, every Internet Explorer user in the system must perform the following steps once to accept the certificate. In Windows Explorer, double-click the ca_name.cer file (in which ca_name is the name of your certificate) and then click Open. Click Install Certificate > Next > Place all certificates in the following store. Click Browse and select Trusted Root Certification Authorities. Click OK. Click Next. Click Finish. A message appears that states you are about to install a certificate from a certification authority (CA). Click Yes. 5

Set Up CA Certificate for Firefox Browser A message appears that states the import was successful. 0 1 2 3 To verify the certificate was installed, open Internet Explorer. From the browser menu, select Tools > Internet Options. Click the Content tab. Click Certificates. Click the Trusted Root Certification Authorities tab. Ensure that the new certificate appears in the list. Restart the browser for certificate installation to take effect. Set Up CA Certificate for Firefox Browser Every Firefox user in the system must perform the following steps once to accept the certificate. Note To avoid certificate warnings, each user must use the fully-qualified domain name (FQDN) of the Finesse server to access the desktop. From the Firefox browser menu, select Options. Click Advanced. Click the Certificates tab. Click View Certificates. Click Authorities. Click Import and browse to the ca_name.cer file (in which ca_name is the name of your certificate). Check the Validate Identical Certificates check box. Restart the browser for certificate installation to take effect. 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback