Revision as of 13:25, October 20, 2016 by Priyam (talk | contribs)
Jump to: navigation, search

Start SIP Feature Server

To start and verify SIP Feature Server:

Warning
Do not start Feature Server until you have set the configuration options replicationStrategyClassName and replicationOptions. See Cassandra options.
  1. To run Feature Server in secure (https) mode:
    • Open the start.ini file and uncomment etc/jetty-ssl.xml
    • In the IVR Profile, set initial-page-url = https://Feature Server IP address or host name:8443/fs
  2. Use Genesys Administrator, not the command line, to start SIP Feature Server. If you are running more than one Feature Server, start the Master first.
  3. In Genesys Administrator, verify that the Feature Server is running.
  4. Verify that the GAX interface is running by logging in as the Default administrator (in other words, the Default user in Configuration Server):
    GAX IP address:port/gax
  5. At this point, only the Default administrator can log into the Feature Server GAX interface. To enable other users to log in as administrators, assign the Administrator role to them.

Configure Jetty version 9 for Feature Server

This section provides detailed information about the Jetty version 9 configuration files.

HTTP Configuration

In the command section of the launcher.xml file, configure:
parameter name=http_port
default value=jetty.port=8080

HTTPS Configuration

This section provides information on HTTPS configuration.

Configuration of start.ini

  • Enable HTTPS module
    --module=https
  • Configure https port
    https.port=8443
  • Configure HTTPS idle timeout
    https.timeout=30000
  • Enable SSL module
    --module=ssl

Truststore and Keystore Configuration Paths

Jetty 9 defines main configuration rules for paths for truststore and keystore in jetty-ssl.xml file. By default, it defines paths as relative path to <FS Installation directory>. The default values in jetty-ssl.xml are as follows:

  • <Set name="KeyStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.keystore" default="etc/keystore"/></Set>
  • <Set name="TrustStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.truststore" default="etc/keystore"/></Set>

You can define absolute paths in start.ini or launcher.xml by using "jetty.keystore" and "jetty.truststore" variables. In this case, jetty-ssl.xml file must be modified as follows:

  • <Set name="KeyStorePath"><Property name="jetty.keystore"/></Set>
  • <Set name="TrustStorePath"><Property name="jetty.truststore"/></Set>
Important
The keystore file must not be removed from the <FS Installation directory>/etc/ folder.

Configuring the following keystore and truststore configuration in the start.ini file will override the configuration in the jetty-ssl.xml file:

  • Setup path to keystore (relative to <FS Installation directory> by default)
    # jetty.keystore=etc/keystore
  • Setup path truststore (relative to <FS Installation directory> by default)
    # jetty.truststore=etc/keystore
  • Set the passwords
    # jetty.keystore.password=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
    # jetty.keymanager.password=OBF:1u2u1wml1z7s1z7a1wnl1u2g
    # jetty.truststore.password=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4

Prevention of Feature Server from POODLE Attacks

The following procedure shows how to prevent Feature Server from POODLE attacks:

  1. Disable SSLv3 in Jetty jetty-ssl.file and modify the <FS Installation directory>/etc/jetty-ssl.xml file.
  2. Add the following to the Configure section of the jetty-ssl.xml file: 
<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
<Set name="ExcludeProtocols">
<Array type="java.lang.String"><Item>SSLv3</Item>
</Array>
</Set>
</Configure>

Configuration Certificates in Jetty version 9

Comments or questions about this documentation? Contact us for support!