Avaya Callback Assist Application Notes for HTTPS Configuration

Similar documents
Using Manage Alarm Tool

User Guide for Avaya Equinox Add-in for IBM Lotus Notes

IP Office 9.0 IP Office Server Edition Reference Configuration

Avaya Aura Call Center Elite Multichannel Documentation Roadmap

Avaya Call Management System Documentation Roadmap

Release Notes for Operation Support System Release

Implementing Avaya Flare Experience for Windows

Avaya Aura Call Center Elite Documentation Roadmap

Avaya Client Applications Configurator User Guide

Avaya Callback Assist Considerations for Avaya Call Management System

User Guide for Scopia Video Gateway for Microsoft Lync and Skype for Business

IP Office Release 9.0

IP Office. TAPI Link Installation Issue 12a - (14 January 2013)

Release Notes for Avaya Aura Appliance Virtualization Platform Release

IP Office Basic Edition

Upgrading Intelligent Customer Routing

Avaya Aura Messaging Web Access Feature Description

IP Office. Embedded Voic User Guide (IP Office Mode) Issue 12a (26 February 2013)

Administering Avaya Flare Experience for Windows

Administering Avaya Flare Communicator for ipad Devices and Windows

Using Avaya Communicator for Microsoft Lync 2013 on IP Office Platform

Avaya Call Redirection Manager Snap-in Reference

Using Avaya Aura Messaging Web Access

IP Office 6.1 Embedded Voic Mailbox User Guide

Avaya Agent for Desktop Release Notes

IP Office Platform. Using Voic Pro in Intuity Mode Issue 10a - (16 January 2015)

Intelligent Customer Routing. Release Notes

Avaya Agile Communication Environment Communicator Add-in User Guide

Using Avaya Communicator for Microsoft Lync 2010 on IP Office Platform

IP Office Platform. Avaya IP Office Platform Embedded Voic User Guide (Intuity Mode) Issue 15b - (22 January 2015)

Avaya Software Keycode Installation Guide

Avaya Aura Call Center Elite Documentation Roadmap

Avaya Aura Contact Center Documentation Roadmap

Avaya Callback Assist Release Notes

Engagement Call Control Release Notes

Avaya Aura System Platform Overview

Avaya Callback Assist Application Notes for SSL or TLS Configuration

Administering Intelligent Customer Routing

IP Office. IP Office Mailbox Mode User Guide Issue 11b - (15 May 2010)

IP Office Release 7.0 IP Office Essential Edition - Quick Version Embedded Voic User Guide

Avaya Aura Documentation Catalog

Avaya Aura 6.2 Feature Pack 3

Administering Avaya Flare Experience for ipad Devices and Windows

Avaya Agile Communication Environment Web Browser and Office Add-ins Application Fundamentals

IP Office Phone Guide Issue 04a - (Friday, April 20, 2018)

Avaya Agile Communication Environment Mobility Application for BlackBerry

IP Office. Using a Voic Pro IP Office Mode Mailbox Issue 11a - (Thursday, April 5, 2018)

Administering standalone Avaya WebLM

Avaya one-x Communicator Centralized Administration Tool

Avaya Aura Contact Center Documentation Roadmap

Intelligent Customer Routing. Developer Guide

IP Office Platform. Using Voic Pro in Intuity Mode Issue 10d - (20 May 2016)

Using the Avaya IP Office Contact Center Salesforce Plug-In

IP Office Intuity Mailbox Mode User Guide

WLAN Release Notes. Release Notes for Avaya Wireless Orchestration System (WOS) Version Avaya Inc - External Distribution

Avaya CallPilot Mini Message Networking User Guide

Avaya Aura Presence Services Overview and Specification

WLAN Release Notes. Release Notes for Avaya Wireless Orchestration System (WOS-E) Version Avaya Inc - External Distribution

Quick Install for Avaya Aura Device Services

Quick Install for Avaya Aura Device Services

Avaya Agent for Desktop Release Notes

Deployment Guide for Avaya Equinox Add-in for IBM Lotus Notes

Using Avaya Aura Conferencing Conference Manager for Microsoft Outlook

Using the Contact Center Agent Browser application

Using Avaya Communicator for ipad on IP Office Platform

Using Avaya VDI Communicator

Using Avaya Aura Messaging

Avaya Message Networking 6.3 GA Release Notes

Release Notes for Avaya Engagement Designer Release 3.1 Service Pack 2 ( ) Release Notes Issue 1, 2/18/2016

Telset Administration

Release Notes for Avaya Aura Communication Manager Messaging R VMware vappliance Software with SP5 (for CMM )

Avaya Aura Contact Center Documentation Roadmap

Quick Start to Deploying Avaya Breeze Snap-ins

Avaya Branch Gateways 6.3 (build ) Release Notes

Avaya VDI Communicator Overview and Planning

Using Avaya Flare Communicator for ipad Devices

Avaya one-x Mobile Client for BlackBerry - Avaya one-x Client

Avaya Callback Assist Release Notes

BCM50 Rls 6.0. Router IP Routing. Task Based Guide

System-wide Call Appearance (SWCA) Features Card. Avaya Business Communications Manager Release 6.0

Administering Avaya one-x Agent Central Management using Avaya Control Manager

Implementing and Administering Services-VM on Avaya Aura System Platform

Administering Avaya Aura Collaboration Environment

AVAYA. Avaya Engagement Designer Release Notes

Using Avaya Web Collaboration Agent for Android

Avaya Aura Contact Center Performance Management

Using Avaya Desktop Wallboard for Supervisor and Contact Center Manager

Avaya Message Networking 6.3 Service Pack1 Patch1 Release Notes

Release Notes for Avaya Proactive Contact 5.0 Agent. Release Notes for Avaya Proactive Contact 5.0 Agent

Avaya Callback Assist Application Notes for PostgreSQL Replication

IP Office Platform 9.1

Using Avaya VDI Agent

Using Avaya CRM Connector 2.1 for Call Center Elite and POM

Avaya Aura Session Manager Release 6.1 Service Pack 1 Release Notes

Avaya IQ Standard Reports

IP Office Contact Center IVR Editor Scenarios Task Based Guide

Avaya Aura WebLM 7.0 on VMware Release Notes

Avaya IQ High Availability and Survivability

Avaya Scopia Desktop Client User Guide

Administering Avaya IP Office Contact Center Task Flow Editor

Transcription:

Avaya Callback Assist Application Notes for HTTPS Configuration Release 4.4.1.0 August 2016

2015-2016 Avaya Inc. All Rights Reserved. Notice While reasonable efforts have been made to ensure that the information in this document is complete and accurate at the time of printing, Avaya assumes no liability for any errors. Avaya reserves the right to make changes and corrections to the information in this document without the obligation to notify any person or organization of such changes. Documentation disclaimer Documentation means information published by Avaya in varying mediums which may include product information, operating instructions and performance specifications that Avaya may generally make available to users of its products and Hosted Services. Documentation does not include marketing materials. Avaya shall not be responsible for any modifications, additions, or deletions to the original published version of documentation unless such modifications, additions, or deletions were performed by Avaya. End User agrees to indemnify and hold harmless Avaya, Avaya's agents, servants and employees against all claims, lawsuits, demands and judgments arising out of, or in connection with, subsequent modifications, additions or deletions to this documentation, to the extent made by End User. Link disclaimer Avaya is not responsible for the contents or reliability of any linked websites referenced within this site or documentation provided by Avaya. Avaya is not responsible for the accuracy of any information, statement or content provided on these sites and does not necessarily endorse the products, services, or information described or offered within them. Avaya does not guarantee that these links will work all the time and has no control over the availability of the linked pages. Warranty Avaya provides a limited warranty on Avaya hardware and software. Refer to your sales agreement to establish the terms of the limited warranty. In addition, Avaya s standard warranty language, as well as information regarding support for this product while under warranty is available to Avaya customers and other parties through the Avaya Support website: http://support.avaya.com or such successor site as designated by Avaya. Please note that if You acquired the product(s) from an authorized Avaya Channel Partner outside of the United States and Canada, the warranty is provided to You by said Avaya Channel Partner and not by Avaya. Licenses THE SOFTWARE LICENSE TERMS AVAILABLE ON THE AVAYA WEBSITE, HTTP://SUPPORT.AVAYA.COM/LICENSEINFO OR SUCH SUCCESSOR SITE AS DESIGNATED BY AVAYA, ARE APPLICABLE TO ANYONE WHO DOWNLOADS, USES AND/OR INSTALLS AVAYA SOFTWARE, PURCHASED FROM AVAYA INC., ANY AVAYA AFFILIATE, OR AN AVAYA CHANNEL PARTNER (AS APPLICABLE) UNDER A COMMERCIAL AGREEMENT WITH AVAYA OR AN AVAYA CHANNEL PARTNER. UNLESS OTHERWISE AGREED TO BY AVAYA IN WRITING, AVAYA DOES NOT EXTEND THIS LICENSE IF THE SOFTWARE WAS OBTAINED FROM ANYONE OTHER THAN AVAYA, AN AVAYA AFFILIATE OR AN AVAYA CHANNEL PARTNER; AVAYA RESERVES THE RIGHT TO TAKE LEGAL ACTION AGAINST YOU AND ANYONE ELSE USING OR SELLING THE SOFTWARE WITHOUT A LICENSE. BY INSTALLING, DOWNLOADING OR USING THE SOFTWARE, OR AUTHORIZING OTHERS TO DO SO, YOU, ON BEHALF OF YOURSELF AND THE ENTITY FOR WHOM YOU ARE INSTALLING, DOWNLOADING OR USING THE SOFTWARE (HEREINAFTER REFERRED TO INTERCHANGEABLY AS YOU AND END USER ), AGREE TO THESE TERMS AND CONDITIONS AND CREATE A BINDING CONTRACT BETWEEN YOU AND AVAYA INC. OR THE APPLICABLE AVAYA AFFILIATE ( AVAYA ). Avaya grants You a license within the scope of the license types described below, with the exception of Heritage Nortel Software, for which the scope of the license is detailed below. Where the order documentation does not expressly identify a license type, the applicable license will be a Designated System License. The applicable number of licenses and units of capacity for which the license is granted will be one (1), unless a different number of licenses or units of capacity is specified in the documentation or other materials available to You. Software means computer programs in object code, provided by Avaya or an Avaya Channel Partner, whether as stand-alone products, pre-installed on hardware products, and any upgrades, updates, patches, bug fixes, or modified versions thereto. Designated Processor means a single stand-alone computing device. Server means a Designated Processor that hosts a software application to be accessed by multiple users. Instance means a single copy of the Software executing at a particular time: (i) on one physical machine; or (ii) on one deployed software virtual machine ( VM ) or similar deployment. License type(s) Designated System(s) License (DS). End User may install and use each copy or an Instance of the Software only on a number of Designated Processors up to the number indicated in the order. Avaya may require the Designated Processor(s) to be identified in the order by type, serial number, feature key, Instance, location or other specific designation, or to be provided by End User to Avaya through electronic means established by Avaya specifically for this purpose. Concurrent User License (CU). End User may install and use the Software on multiple Designated Processors or one or more Servers, so long as only the licensed number of Units are accessing and using the Software at any given time. A Unit means the unit on which Avaya, at its sole discretion, bases the pricing of its licenses and can be, without limitation, an agent, port or user, an e-mail or voice mail account in the name of a person or corporate function (e.g., webmaster or helpdesk), or a directory entry in the administrative database utilized by the Software that permits one user to interface with the Software. Units may be linked to a specific, identified Server or an Instance of the Software. Database License (DL). End User may install and use each copy or an Instance of the Software on one Server or on multiple Servers provided that each of the Servers on which the Software is installed communicates with no more than one Instance of the same database. CPU License (CP). End User may install and use each copy or Instance of the Software on a number of Servers up to the number indicated in the order provided that the performance capacity of the Server(s) does not exceed the performance capacity specified for the Software. End User may not re-install or operate the Software on Server(s) with a larger performance capacity without Avaya s prior consent and payment of an upgrade fee. Named User License (NU). You may: (i) install and use the Software on a single Designated Processor or Server per authorized Named User (defined below); or (ii) install and use the Software on a Server so long as only authorized Named Users access and use the Software. Named User, means a user or device that has been expressly authorized by Avaya to access and use the Software. At Avaya s sole discretion, a Named User may be, without limitation, designated by name, corporate function (e.g., webmaster or helpdesk), an e-mail or voice mail account in the name of a person or corporate function, or a directory entry in Callback Assist Application Notes for HTTPS Configuration August 2016 2

the administrative database utilized by the Software that permits one user to interface with the Software. Shrinkwrap License (SR). You may install and use the Software in accordance with the terms and conditions of the applicable license agreements, such as shrinkwrap or clickthrough license accompanying or applicable to the Software ( Shrinkwrap License ). Copyright Except where expressly stated otherwise, no use should be made of materials on this site, the Documentation, Software, Hosted Service, or hardware provided by Avaya. All content on this site, the documentation, Hosted Service, and the product provided by Avaya including the selection, arrangement and design of the content is owned either by Avaya or its licensors and is protected by copyright and other intellectual property laws including the sui generis rights relating to the protection of databases. You may not modify, copy, reproduce, republish, upload, post, transmit or distribute in any way any content, in whole or in part, including any code and software unless expressly authorized by Avaya. Unauthorized reproduction, transmission, dissemination, storage, and or use without the express written consent of Avaya can be a criminal, as well as a civil offense under the applicable law. Third Party Components Third Party Components mean certain software programs or portions thereof included in the Software or Hosted Service may contain software (including open source software) distributed under third party agreements ( Third Party Components ), which contain terms regarding the rights to use certain portions of the Software ( Third Party Terms ). As required, information regarding distributed Linux OS source code (for those products that have distributed Linux OS source code) and identifying the copyright holders of the Third Party Components and the Third Party Terms that apply is available in the products, Documentation or on Avaya s website at: http://support.avaya.com/copyright or such successor site as designated by Avaya. You agree to the Third Party Terms for any such Third Party Components. THIS PRODUCT IS LICENSED UNDER THE AVC PATENT PORTFOLIO LICENSE FOR THE PERSONAL USE OF A CONSUMER OR OTHER USES IN WHICH IT DOES NOT RECEIVE REMUNERATION TO (i) ENCODE VIDEO IN COMPLIANCE WITH THE AVC STANDARD ( AVC VIDEO ) AND/OR (ii) DECODE AVC VIDEO THAT WAS ENCODED BY A CONSUMER ENGAGED IN A PERSONAL ACTIVITY AND/OR WAS OBTAINED FROM A VIDEO PROVIDER LICENSED TO PROVIDE AVC VIDEO. NO LICENSE IS GRANTED OR SHALL BE IMPLIED FOR ANY OTHER USE. ADDITIONAL INFORMATION MAY BE OBTAINED FROM MPEG LA, L.L.C. SEE HTTP://WWW.MPEGLA.COM. Note to Service Provider The product or Hosted Service may use Third Party Components subject to Third Party Terms that do not allow hosting and require a Service Provider to be independently licensed for such purpose. It is your responsibility to obtain such licensing. Preventing Toll Fraud Toll Fraud is the unauthorized use of your telecommunications system by an unauthorized party (for example, a person who is not a corporate employee, agent, subcontractor, or is not working on your company's behalf). Be aware that there can be a risk of Toll Fraud associated with your system and that, if Toll Fraud occurs, it can result in substantial additional charges for your telecommunications services. Avaya Toll Fraud intervention If You suspect that You are being victimized by Toll Fraud and You need technical assistance or support, call Technical Service Center Toll Fraud Intervention Hotline at +1-800-643-2353 for the United States and Canada. For additional support telephone numbers, see the Avaya Support website: http://support.avaya.com or such successor site as designated by Avaya. Suspected security vulnerabilities with Avaya products should be reported to Avaya by sending mail to: securityalerts@avaya.com. Downloading Documentation For the most current versions of Documentation, see the Avaya Support website: http://support.avaya.com, or such successor site as designated by Avaya. Contact Avaya Support See the Avaya Support website: http://support.avaya.com for product or Hosted Service notices and articles, or to report a problem with your Avaya product or Hosted Service. For a list of support telephone numbers and contact addresses, go to the Avaya Support website: http://support.avaya.com (or such successor site as designated by Avaya), scroll to the bottom of the page, and select Contact Avaya Support. Trademarks The trademarks, logos and service marks ( Marks ) displayed in this site, the Documentation, Hosted Service(s), and product(s) provided by Avaya are the registered or unregistered Marks of Avaya, its affiliates, or other third parties. Users are not permitted to use such Marks without prior written consent from Avaya or such third party which may own the Mark. Nothing contained in this site, the Documentation, Hosted Service(s) and product(s) should be construed as granting, by implication, estoppel, or otherwise, any license or right in and to the Marks without the express written permission of Avaya or the applicable third party. Avaya is a registered trademark of Avaya Inc. All non-avaya trademarks are the property of their respective owners. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. Callback Assist Application Notes for HTTPS Configuration August 2016 3

Table of Contents Table of Contents Introduction... 5 Prerequisites... 5 Protocols... 5 Configuration procedure... 5 Keystore and Certificates... 6 Importing an existing certificate to keystore... 6 Creating a new keystore with self-signed certificate... 8 Exporting certificate file from keystore... 9 Configuring SSL for the web administration application... 9 Configuring SSL for Dialogs... 11 Configuring Avaya Aura Experience Portal... 12 Configuring OD applications... 13 Configuring SSL for Web services... 14 Glossary... 16 Callback Assist Application Notes for HTTPS Configuration August 2016 4

Introduction The Avaya Callback Assist application notes for HTTPS configuration provides description of the procedures required for configuring HTTPS support for Administration, Dialogs, and Web Services Tomcat instances. The Administration, Dialogs, and Web Services applications are deployed on individual Tomcat servers under the Callback Assist installation folder. The following table shows the applications, the name of the corresponding Tomcat instances, and the http ports used: Application Name Tomcat Server names http port Administration apache-tomcat-adminapp 80 Dialogs apache-tomcat-ddapps 8080 Web Services apache-tomcatwebcallback 8081 Prerequisites Callback Assist software is already installed. The following table shows the tomcat instances and the corresponding ports which are used for enabling SSL. Ensure that the ports are free on the system where Callback Assist is installed. Tomcat instance https port apache-tomcat-adminapp 443 apache-tomcat-ddapps 8444 apache-tomcat-webcallback 8446 Protocols The Tomcat instances used in Callback assist use JSSE as underlying SSL library. The Supported protocol versions are SSLv3 and TLSv1. Configuration procedure This guide uses a single certificate file for configuring all the three Tomcat instances. Create a new folder inside the Callback Assist installation folder to place the keystore file: 1. Navigate to the Callback Assist installation folder: cd /opt/avaya/callbackassist 2. Create a new folder with folder name ssl: mkdir ssl Callback Assist Application Notes for HTTPS Configuration August 2016 5

Keystore and Certificates A keystore file with certificate is required to configure https. If a certificate is already available, then import the certificate into the keystore file. If you do not have a certificate, then you can generate a selfsigned certificate and use. Importing an existing certificate to keystore 1. Copy the certificate file and the key file to the following path: /opt/avaya/callbackassist/ssl 2. Convert both the files into a single PKCS12 file: openssl pkcs12 -export -in /opt/avaya/callbackassist/ssl/callback.crt -inkey /opt/avaya/callbackassist/ssl/callback.key > /opt/avaya/callbackassist/ssl/callback.p12 3. Navigate to the JDK bin folder: cd /opt/avaya/callbackassist/jdk/bin 4. Import the certificate into keystore:./keytool -importkeystore -srckeystore /opt/avaya/callbackassist/ssl/callback.p12 -destkeystore /opt/avaya/callbackassist/ssl/keystore.jks -srcstoretype pkcs12 5. Enter the source and destination keystore passwords. 6. Change the alias name to callback:./keytool -keystore /opt/avaya/callbackassist/ssl/keystore.jks - changealias -alias 1 -destalias callback [root@rhel60epaep ssl]# openssl pkcs12 -export -in /opt/avaya/callbackassist/ssl/callback.crt -inkey /opt/avaya/callbackassist/ssl/callback.key > /opt/avaya/callbackassist/ssl/callback.p12 Enter Export Password: Verifying - Enter Export Password: [root@rhel60epaep ssl]# cd /opt/avaya/callbackassist/jdk/bin [root@rhel60epaep bin]#./keytool -importkeystore -srckeystore /opt/avaya/callbackassist/ssl/callback.p12 -destkeystore /opt/avaya/callbackassist/ssl/keystore.jks -srcstoretype pkcs12 Enter destination keystore password: Re-enter new password: Enter source keystore password: Entry for alias 1 successfully imported. Import command completed: 1 entries successfully imported, 0 entries failed or cancelled Callback Assist Application Notes for HTTPS Configuration August 2016 6

[root@rhel60epaep ssl]#./keytool -keystore /opt/avaya/callbackassist/ssl/keystore.jks -changealias -alias 1 -destalias callback Enter keystore password: [root@rhel60epaep ssl]# Callback Assist Application Notes for HTTPS Configuration August 2016 7

Creating a new keystore with self-signed certificate To create a new keystore that contains a single self-signed certificate, run the following from the terminal command line: 1. Navigate to the JDK bin folder. cd /opt/avaya/callbackassist/jdk/bin 2. Run the command./keytool -genkey -alias callback -keyalg RSA -keystore /opt/avaya/callbackassist/ssl/keystore.jks Note: The cert generation must pass customer security requirements so the command may change. After you run the command, the system prompts you for the keystore password. The default password used by Tomcat is "changeit" (all lower case), although you can specify a custom password if you want. You also need to specify the custom password in the server.xml configuration file, as described later. Next, the system prompts you for general information about this certificate, such as company, contact name, and so on. This information will be displayed to the users who attempt to access a secure page in your application, thus making sure that the information provided here matches what they will expect. Finally, the system prompts you for the key password, which is the password specific to this certificate, and different from the passwords for other certificates stored in the same keystore file. You must use the same password here that you used for the keystore password. This is a restriction of the Tomcat implementation. At present, the keytool prompt indicates that pressing the ENTER key automatically enters the key password for you. After successful completion of all the procedures, the system creates a keystore file with a certificate that can be used by your server in the path /opt/avaya/callbackassist/ssl. [root@rhel60epaep 4.1.6]# cd /opt/avaya/callbackassist [root@rhel60epaep callbackassist]# mkdir ssl [root@rhel60epaep callbackassist]# cd /opt/avaya/callbackassist/jdk/bin [root@rhel60epaep bin]#./keytool -genkey -alias callback -keyalg RSA -keystore /opt/avaya/callbackassist/ssl/keystore.jks Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: avaya What is the name of your organizational unit? [Unknown]: aps What is the name of your organization? [Unknown]: avaya Callback Assist Application Notes for HTTPS Configuration August 2016 8

What is the name of your City or Locality? [Unknown]: chennai What is the name of your State or Province? [Unknown]: TN What is the two-letter country code for this unit? [Unknown]: IN Is CN=avaya, OU=aps, O=avaya, L=chennai, ST=TN, C=IN correct? [no]: yes Enter key password for <callback> (RETURN if same as keystore password): [root@rhel60epaep bin]# Exporting certificate file from keystore 1. Navigate to the JDK bin folder: cd /opt/avaya/callbackassist/jdk/bin 2. Run the keytool command:./keytool -export -keystore /opt/avaya/callbackassist/ssl/keystore.jks -alias callback -file /opt/avaya/callbackassist/ssl/callback.cer 3. Enter the keystore password. 4. The certificate file is created under the path: /opt/avaya/callbackassist/ssl [root@rhel60epaep bin]# cd /opt/avaya/callbackassist/jdk/bin [root@rhel60epaep bin]#./keytool -export -keystore /opt/avaya/callbackassist/ssl/keystore.jks -alias callback -file /opt/avaya/callbackassist/ssl/callback.cer Enter keystore password: Certificate stored in file </opt/avaya/callbackassist/ssl/callback.cer> [root@rhel60epaep bin]# Configuring SSL for the web administration application 1. Stop the Callback Assist administration application server: /sbin/service tomcat-adminapp stop 2. Navigate to the config folder of the administration Tomcat instance: cd /opt/avaya/callbackassist/apache-tomcat-adminapp/conf 3. Edit the server.xml file: vi server.xml 4. Comment the connector with port 80 to prevent http access of the application. 5. Uncomment the connector with port 8443 and add the following attributes. a. port="443" b. keystorefile="/opt/avaya/callbackassist/ssl/keystore.jks" Callback Assist Application Notes for HTTPS Configuration August 2016 9

c. keystorepass="changeit" d. keyalias="callback" By default, both SSLv3 and TLSv1 are supported. To enforce TLSv1 protocol, the following attribute changes are required: a. sslprotocol="tlsv1" b. sslenabledprotocols="tlsv1" Tomcat supports TLSv1.1 and TLSv1.2 via the JSSE in JDK 7+ versions. 6. After the changes, the connectors should look as follows (SSL Protocol): <!-- <Connector port="80" protocol="http/1.1" connectiontimeout="20000" redirectport="8443" />--> <!-- A "Connector" using the shared thread pool--> <!-- <Connector executor="tomcatthreadpool" port="8080" protocol="http/1.1" connectiontimeout="20000" redirectport="8443" /> --> <!-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation --> <Connector port="443" protocol="http/1.1" scheme="https" secure="true" SSLEnabled="true" connectiontimeout="20000" keystorefile="/opt/avaya/callbackassist/ssl/keystore.jks" keystorepass="changeit" keyalias="callback" clientauth="false" sslprotocol="tls" /> 7. Save the changes and start the Tomcat server: /sbin/service tomcat-adminapp start The administration application is now accessible through the following URL: https://<server-hostname>/admin Callback Assist Application Notes for HTTPS Configuration August 2016 10

Configuring SSL for Dialogs The following procedure configures SSL for the OD modules. 1. Stop the Dialogs Tomcat server : /sbin/service tomcat-ddapps stop 2. Navigate to the config folder of the dialogs tomcat instance: cd /opt/avaya/callbackassist/apache-tomcat-ddapps/conf 3. Edit the server.xml file vi server.xml 4. Comment the connector with port 8080 to prevent http access of the applications. 5. Uncomment the connector with port 8443 and add the following attributes. a. port="8444" b. connectiontimeout="20000" c. keystorefile="/opt/avaya/callbackassist/ssl/keystore.jks" d. keystorepass="changeit" e. keyalias="callback By default both SSLv3 and TLSv1 are supported. To enforce TLSv1 protocol, change the following attribute as follows: a. sslprotocol="tlsv1" b. sslenabledprotocols="tlsv1" Tomcat supports TLSv1.1 and TLSv1.2 via the JSSE in JDK 7+ versions. 6. After the changes, the connectors in server.xml should look as follows: <!-- <Connector port="8080" protocol="http/1.1" connectiontimeout="20000" redirectport="8443" />--> <!-- A "Connector" using the shared thread pool--> <!-- <Connector executor="tomcatthreadpool" port="8080" protocol="http/1.1" connectiontimeout="20000" redirectport="8443" /> --> <!-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation --> Callback Assist Application Notes for HTTPS Configuration August 2016 11

<Connector port="8444" protocol="http/1.1" scheme="https" secure="true" SSLEnabled="true" connectiontimeout="20000" keystorefile="/opt/avaya/callbackassist/ssl/keystore.jks" keystorepass="changeit" keyalias="callback" clientauth="false" sslprotocol="tls" /> 7. Save the changes and start the Tomcat server: /sbin/service tomcat-ddapps start Configuring Avaya Aura Experience Portal You must add the certificate file to the trusted certificates list of the Experience Portal for enabling the https access of the dialogs from VoicePortal. 1. On the Web browser, enter the Experience Portal EPM Administration URL: https://<fqdn>/voiceportal 2. In the User Name field, enter the user name. 3. Click Submit. 4. In the Password field, enter the password. 5. Click Logon. 6. Click Security> Certificates. 7. Click on the Trusted Certificates tab. 8. Enter name as callback. 9. Select the Type as application. 10. Click the browse button and upload the callback.cer certificate file. 11. Click continue. 12. Click save. After a successful upload, the screen looks as follows: Callback Assist Application Notes for HTTPS Configuration August 2016 12

Configuring OD applications Update the application section of the voice portal with new https URLs. The following table lists the http URLs and the corresponding https URLs. HTTP URL http://< callback-application-serverhostname>:8080/cbactiagent/start http://cba_fqdn:8080/cbascripts/cbacallco ntrol or http://<cba_fqdn>:8080/cbascripts/cbacall Control?EmergencyDestination=XXXXXX HTTPS URL http://<callback-application-serverhostname>:8080/cbacticustomer/start https://<callback-application-serverhostname>:8444/cbacticustomer/start https://< callback-application-serverhostname >:8444/CBACTIAgent/Start http://<callback-application-serverhostname>:8080/runtimeconfig/ https://<callback-application-serverhostname>:8444/runtimeconfig/ https://cba_fqdn:8444/cbascripts/cbacallco ntrol or https://<cba_fqdn>:8444/cbascripts/cbacall Control?EmergencyDestination=XXXXXX Callback Assist Application Notes for HTTPS Configuration August 2016 13

Configuring SSL for Web services The following procedure configures SSL for the Webcallback Webservice. 1. Stop the WebCallback application server: /sbin/service tomcat-webcallback stop 2. Navigate to the config folder of the webcallback tomcat instance: cd /opt/avaya/callbackassist/apache-tomcat-webcallback/conf 3. Edit the server.xml file vi server.xml 4. Comment the connector with port 8081 to prevent http access of the application. 5. Uncomment the connector with port 8443 and add the following attributes. a. port="8446" b. keystorefile="/opt/avaya/callbackassist/ssl/keystore.jks" c. keystorepass="changeit" d. connectiontimeout="20000" e. keyalias="callback" By default both SSLv3 and TLSv1 are supported. To enforce TLSv1 protocol, the make the attribute changes as follows: a. sslprotocol="tlsv1" b. sslenabledprotocols="tlsv1" Tomcat supports TLSv1.1 and TLSv1.2 via the JSSE in JDK 7+ versions. 6. After the changes, the connectors in server.xml should look as follows: <!--<Connector port="8081" protocol="http/1.1" connectiontimeout="20000" redirectport="8443" /> --> <!-- A "Connector" using the shared thread pool--> <!-- <Connector executor="tomcatthreadpool" port="8080" protocol="http/1.1" connectiontimeout="20000" redirectport="8443" /> --> <!-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation --> <Connector port="8446" protocol="http/1.1" scheme="https" secure="true" SSLEnabled="true" connectiontimeout="20000" Callback Assist Application Notes for HTTPS Configuration August 2016 14

keystorefile="/opt/avaya/callbackassist/ssl/keystore.jks" keystorepass="changeit" keyalias="callback" clientauth="false" sslprotocol="tls" /> 7. Save the changes and start the Tomcat server: /sbin/service tomcat-webcallback start WSDL document location After the SSL configuration changes, the WSDL documents are available at the following location: Release 4.0 URL: https://<server_ip_address>:8446/webcallback/webcallback40?wsdl Release 4.1 URL: https://<server_ip_address>:8446/webcallback/webcallback41?wsdl Callback Assist Application Notes for HTTPS Configuration August 2016 15

Glossary Glossary For more information, see the following: http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html http://docs.oracle.com/javase/6/docs/technotes/guides/security/sunproviders.html#sunjssepr ovider Callback Assist Application Notes for HTTPS Configuration August 2016 16

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback