Revision as of 10:43, October 20, 2016 by Priyam (talk | contribs) (Configure Jetty version 9 for Feature Server)
Jump to: navigation, search

Start SIP Feature Server

To start and verify SIP Feature Server:

Warning
Do not start Feature Server until you have set the configuration options replicationStrategyClassName and replicationOptions. See Cassandra options.
  1. To run Feature Server in secure (https) mode:
    • Open the start.ini file and uncomment etc/jetty-ssl.xml
    • In the IVR Profile, set initial-page-url = https://Feature Server IP address or host name:8443/fs
  2. Use Genesys Administrator, not the command line, to start SIP Feature Server. If you are running more than one Feature Server, start the Master first.
  3. In Genesys Administrator, verify that the Feature Server is running.
  4. Verify that the GAX interface is running by logging in as the Default administrator (in other words, the Default user in Configuration Server):
    GAX IP address:port/gax
  5. At this point, only the Default administrator can log into the Feature Server GAX interface. To enable other users to log in as administrators, assign the Administrator role to them.

Configure Jetty version 9 for Feature Server

This section provides detailed information about Jetty version 9 configuration files.

Configuration paths for TrustStore and KeyStore

Jetty 9 defines main configuration rules for paths for truststore and keystore in jetty-ssl.xml file. By default it defines paths as relative path to <FS Installation directory>. The default values in jetty-ssl.xml are as follows:

  • <Set name="KeyStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.keystore" default="etc/keystore"/></Set>
  • <Set name="TrustStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.truststore" default="etc/keystore"/></Set>

It is possible to define absolute paths in start.ini or launcher.xml by using "jetty.keystore" and "jetty.truststore" variables. In this case jetty-ssl.xml file should be modified as follows:

  • <Set name="KeyStorePath"><Property name="jetty.keystore" default="etc/keystore"/></Set>
  • <Set name="TrustStorePath"><Property name="jetty.truststore" default="etc/keystore"/></Set>

Note The keystore file must not be removed from <FS Installation directory>/etc/ folder.


  • Configure start.ini
    File start.ini contains SSL options. Options disabled by default by "#' symbol. Remove "#" symbol to enable particular SSL option.
  • Enable HTTPS module
    # --module=https
  • Configure https port
    # https.port=8443
  • Configure HTTPS idle timeout
    # https.timeout=30000
  • Enable SSL module
    # --module=ssl
  • Setup path to keystore (relative to $JETTY_HOME by default)
    # jetty.keystore=etc/keystore
  • Setup path truststore (relative to $JETTY_HOME by default)
    # jetty.truststore=etc/keystore
  • Set the passwords
    # jetty.keystore.password=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
    # jetty.keymanager.password=OBF:1u2u1wml1z7s1z7a1wnl1u2g
    # jetty.truststore.password=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4


HTTP Configuration

  • In the command section of the launcher.xml file, add:
    jetty.port=8080
  • Comment default value for http port. Default value should be used from launcher.xml file:
    ## HTTP port to listen on
    #jetty.port=8080

HTTPS Configuration

  • In the command section of the launcher.xml file, add:
    https.port=8443
  • To enable https module, add the following to start.ini file:
    # Module: https
    --module=https
  • To add HTTPS idle timeout:
    # HTTPS idle timeout in milliseconds
    https.timeout=30000
  • To enable ssl module:
    # Module: ssl
    --module=ssl
  • To specify keystore and truststore:
    ## Set up a demonstration keystore and truststore
    jetty.keystore=etc/keystore
    jetty.truststore=etc/keystore
  • To specify passwords for keystore, keymanager, and truststore:
    File $FS_HOME/start.ini contains Secure Password Obfuscation for:
    jetty.keystore.password=OBF:1f2o1x0r1z0f1z0f1x1v1f1q
    jetty.keymanager.password=OBF:1f2o1x0r1z0f1z0f1x1v1f1q
    jetty.truststore.password=OBF:1f2o1x0r1z0f1z0f1x1v1f1q

Prevent Feature Server from POODLE attacks

Disable SSLv3 in Jetty jetty-ssl.file. Edit $FS_HOME/etc/jetty-ssl.xml file. Add the following code to the Configure section of the jetty-ssl.xml file.

<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory"> 

<Set name="ExcludeProtocols">
<Array type="java.lang.String"><Item>SSLv3</Item>
</Array>
</Set>

</Configure>

Comments or questions about this documentation? Contact us for support!