cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Walkthrough Wednesdays
704
Views
10
Helpful
5
Replies
david_legrand
Enthusiast

Cisco CVP Rest Client Handshake Exception

Hello,

 

I have developed a CVP script that uses Rest_Client step to collect information from a third party tool.

This scripts starts with a POST request to get a token.

This scripts runs like a charm on PCCE dcloud 12.0

 

When deploying this application on my on Prem platform, running CVP 11.5, I face the following error :

 

Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

 

Do you think this can be caused by Firewall / Network issue, by an error on the CVP components or by my CVP application itself ?

 

Thanks in advance for your help

 

David

1 ACCEPTED SOLUTION

Accepted Solutions

Hi David,

Thanks for sharing this. It is very interesting but you might be right with this TLS issue. I've never faced the problem with TLS most likely because I like to use custom CVP elements for communication with external servers.

If the logs on the CVP don't show the real cause (only the genric error) the good idea would be to capture the packet dumps on the server. They should show you what type of problem you are facing. 2 weeks ago I was struggling with similar problem with CUCM External Call Control Feature over HTTPS. In this Wireshark clearly pointed out the problem.

 

I reviewed the documents that you have shared and in my opinion, you should go with ES25 rather than ES12 as it has fixed this bug CSCvc39129

 

Marek
Web: https://gaman-gt.com, Webex Teams: chat

View solution in original post

5 REPLIES 5

Hi David,

In my opinion, javax.net.ssl.SSLHandshakeException indicates that there is a problem with certificates in your environment. Probably you are using HTTPS URL's for the POST requests. In this case, you will need to exchange the certificates and add them to the trust store.In this scenario CVP acts as a REST client.

 

How to do it, please look a the CVP documentation: https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cust_contact/contact_center/customer_voice_portal/cvp11_0/user/guide/CCVP_BK_14998B8D_00_1101-vxml-server-guide/Two_Way_SSL_Authentication.html and review the chapter: Create One-Way Communication Between VXML and REST Server.

Marek
Web: https://gaman-gt.com, Webex Teams: chat

Hello Marek,

 

Thank you very much for your help. I will try this. I just wonder why in the Cisco dCloud environment, I didn't had to do something like this.

 

I'll let you know.

 

David

Hello Marek,


I have imported what is for me the required public certificate, but it doesn't help.
In the same time, one of my colleague told me that I have to activate TLS1.2, as it is not enabled by default on CVP 11.5

I have activated TLS 1.2 as described in section "Procedure to Enable TLS 1.2 in Interface 2" from following document.

https://www.cisco.com/c/en/us/support/docs/contact-center/unified-customer-voice-portal-1161/214541-how-to-enable-tls-1-2-on-different-inter.html#anc6

I doesn't work, I think I need ES12 according to the table. I will try this next week.

David

Hi David,

Thanks for sharing this. It is very interesting but you might be right with this TLS issue. I've never faced the problem with TLS most likely because I like to use custom CVP elements for communication with external servers.

If the logs on the CVP don't show the real cause (only the genric error) the good idea would be to capture the packet dumps on the server. They should show you what type of problem you are facing. 2 weeks ago I was struggling with similar problem with CUCM External Call Control Feature over HTTPS. In this Wireshark clearly pointed out the problem.

 

I reviewed the documents that you have shared and in my opinion, you should go with ES25 rather than ES12 as it has fixed this bug CSCvc39129

 

Marek
Web: https://gaman-gt.com, Webex Teams: chat

View solution in original post

Hello Marek,

Thanks for your reply. I have installed ES12, I have manually updated the JRE binaries to SE7 121 and I have updated the registry according the Cisco documentation. ( https://www.cisco.com/c/en/us/support/docs/contact-center/unified-customer-voice-portal-1161/214541-how-to-enable-tls-1-2-on-different-inter.html#anc6 )
Without that, CVP 11.5 doesn't support TLS 1.2 which was only supported by the server I am sending requests to.

Next time, I will upgrade to CVP 11.6, it was not possible at that time, that's why I used this way.

Thanks again for your help and to my colleague Matthias Neubacher.

David
Content for Community-Ad

Spotlight Awards 2021