Start SIP Feature Server
To start and verify SIP Feature Server:
- To run Feature Server in secure (https) mode:
- Open the start.ini file and uncomment etc/jetty-ssl.xml
- In the IVR Profile, set initial-page-url = https://Feature Server IP address or host name:8443/fs
- Use Genesys Administrator, not the command line, to start SIP Feature Server. If you are running more than one Feature Server, start the Master first.
- In Genesys Administrator, verify that the Feature Server is running.
- Verify that the GAX interface is running by logging in as the Default administrator (in other words, the Default user in Configuration Server):
- GAX IP address:port/gax
- At this point, only the Default administrator can log into the Feature Server GAX interface. To enable other users to log in as administrators, assign the Administrator role to them.
Configure Jetty version 9 for Feature Server
This section provides detailed information about the Jetty version 9 configuration files.
HTTP Configuration
In the command section of the launcher.xml file, configure:
parameter name=http_port
default value=jetty.port=8080
HTTPS Configuration
This section provides information on HTTPS configuration.
Configuration of start.ini
Remove the '#' symbol in start.ini file to enable the HTTPS and SSL parameters listed as follows:
- Enable HTTPS module
- --module=https
- Configure https port
- https.port=8443
- Configure HTTPS idle timeout
- https.timeout=30000
- Enable SSL module
- --module=ssl
Truststore and Keystore Configuration Paths
Jetty 9 defines main configuration rules for truststore and keystore paths in jetty-ssl.xml file. By default, it defines the path as relative to <FS Installation directory>. The default values of Truststore and Keystore path parameters in jetty-ssl.xml are as follows:
- <Set name="KeyStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.keystore" default="etc/keystore"/></Set>
- <Set name="TrustStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.truststore" default="etc/keystore"/></Set>
You can define absolute paths in start.ini by using "jetty.keystore" and "jetty.truststore" variables. In this case, jetty-ssl.xml file must be modified as follows:
- <Set name="KeyStorePath"><Property name="jetty.keystore"/></Set>
- <Set name="TrustStorePath"><Property name="jetty.truststore"/></Set>
Configuring the following keystore and truststore configuration in the start.ini file will override the configuration in the jetty-ssl.xml file.
- Setup path to keystore (relative to <FS Installation directory> by default):
- # jetty.keystore=etc/keystore
- Setup path truststore (relative to <FS Installation directory> by default):
- # jetty.truststore=etc/keystore
- Set the obfuscated passwords for keystore:
- # jetty.keystore.password=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
- # jetty.keymanager.password=OBF:1u2u1wml1z7s1z7a1wnl1u2g
- # jetty.truststore.password=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
Prevention of Feature Server from POODLE Attacks
To prevent Feature Server from POODLE attacks, disable SSLv3 in Feature Server by adding the following to the Configure section of the <FS Installation directory>/etc/jetty-ssl.xml file.
<Set name="ExcludeProtocols">
<Array type="java.lang.String"><Item>SSLv3</Item>
</Array>
</Set>
Generate Obfuscated passwords
- Navigate to <FS Installation directory> in Linux Shell or Windows Command prompt.
- Run the following command to run the Jetty's password utility to obfuscate your passwords:
java -cp lib/jetty-http-xxx.jar:lib/jetty-util-xxx.jar org.eclipse.jetty.util.security.Password your_Password
where -xxx signifies the version of Jetty that you have installed.
On Linux, use a colon (:) instead of a semi-colon (;) to separate the two JAR names.
For example:
{FS Installation directory}>java -cp lib/jetty-http- 9.2.10.v20150310.jar;lib/jetty-util- 9.2.10.v20150310.jar org.eclipse.jetty.http.security.Password 123456
123456
OBF:19iy19j019j219j419j619j8
MD5:e10adc3949ba59abbe56e057f20f883e