Revision as of 07:52, August 29, 2017 by Lpotturi (talk | contribs) (Secure Transport Configuration)
Jump to: navigation, search

Secure Transport Configuration

This section describes how to configure Transport Layer Security (TLS) for the Genesys Interaction Recording solution.

Server-Side Configuration

The following components must configure secure transports for HTTP.

Configuring TLS for Interaction Recording Web Services (Web Services)

See Interaction Recording Web Services security configuration.

Configuring TLS for Recording Processor Script

  1. Configure HTTPS on the primary recording server. For more information, see the "Configure SSL" section of Configuring Recording Processor Script.
    1. For Windows, make sure the pyOpenSSL is installed. pyOpenSSL is already be installed on RHEL6.
    2. Create a self-signed certificate and private key for the Recording Processor host. For example, on ubuntu run: openssl req -new -x509 -days 1024 -nodes -out cert228.pem -keyout cert228key.pem
    3. In the rp_server section of the Recording Processor's configuration file, set the following parameters:
      • ssl_certificate—Point to the certificate PEM file. For example, ssl_certificate=cert228.pem.
      • ssl_private_key—To point to the private key file. For example, cert228.pem.
    4. Send the self-signed certificate PEM file to any MCP client that needs to validate the certificate during the SSL handshake. See the "Enable Secure Communication" section of the GVP 8.5 User's Guide.
    5. Restart Recording Processor.
  2. Configure HTTPS on the backup recording server by following the same instructions as above using a new certificate and private key.

Configuring TLS for Recording Crypto Server

See Configuring an HTTP Port.

Configuring TLS for the WebDAV Server

See Configuring TLS for the WebDAV Server.

Configuring TLS for the Interaction Receiver and SpeechMiner UI Server

See Enabling HTTPS for SpeechMiner.

Configuring TLS for the HTTP Load Balancer

See Configuring TLS for the HTTP Load Balancer in a single-tenant environment.
See Configuring TLS for the HTTP Load Balancer in a multi-tenant environment.

Client-Side Configuration

Configuring TLS for the Media Control Platform (MCP)

To add a Certificate Authority (CA):

  1. Place the CA file on the MCP.
  2. Using Genesys Administrator or Genesys Administrator Extension, in the fm section set the ssl_ca_info option to the location of the CA file.
  3. Restart MCP.

To add client-side authentication:

  1. Place the certificate file (PEM format) on the MCP.
  2. Using Genesys Administrator or Genesys Administrator Extension, in the fm section set the ssl_cert optiont to the location of the certification file.
  3. Restart MCP.

For more information about the MCP options, see the Voice Platform Media Control Platform Configuration Options.

Configuring TLS for the IVR Profile

Using Genesys Administrator Extension, navigate to the Recording tab of the IVR Profile. Update the following addresses with the HTTPS locations:

  • Storage Destination
  • Recording Processor URI
  • SpeechMiner Interaction Receiver
  • PpeechMiner Destination for Analytics only

Configuring TLS for the Recording Processor Script

The Recording Processor Script creates three client connections, to:

  • Interaction Recording Web Services (Web Services)
  • SpeechMiner Interaction Receiver
  • Backup Recording Processor Script

For details on configuring each connection, refer to the appropriate section at the Configure SSL link on the page Deploying Recording Processor Script.

Adding the Server Certificate to Interaction Recording Web Services (Web Services) KeyStore

Interaction Recording Web Services (RWS) creates client connections to the following:

  • Configuration Server
  • SIP Server
  • Interaction Server
  • WebDAV
  • Recording Crypto Server
  • SpeechMiner Interaction Receiver
  • Cassandra

For details on configuring each connection using TLS, refer to the appropriate section in Configuring Security.

Comments or questions about this documentation? Contact us for support!