Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3429
Views
10
Helpful
5
Replies

Cisco CVP Rest Client Handshake Exception

Go to solution
david_legrand
Level 4
Level 4

‎03-02-2020 03:54 AM

Hello,

 

I have developed a CVP script that uses Rest_Client step to collect information from a third party tool.

This scripts starts with a POST request to get a token.

This scripts runs like a charm on PCCE dcloud 12.0

 

When deploying this application on my on Prem platform, running CVP 11.5, I face the following error :

 

Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

 

Do you think this can be caused by Firewall / Network issue, by an error on the CVP components or by my CVP application itself ?

 

Thanks in advance for your help

 

David

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marek (gaman-gt.com)
Level 3
Level 3
In response to david_legrand

‎03-20-2020 10:28 PM

Hi David,

Thanks for sharing this. It is very interesting but you might be right with this TLS issue. I've never faced the problem with TLS most likely because I like to use custom CVP elements for communication with external servers.

If the logs on the CVP don't show the real cause (only the genric error) the good idea would be to capture the packet dumps on the server. They should show you what type of problem you are facing. 2 weeks ago I was struggling with similar problem with CUCM External Call Control Feature over HTTPS. In this Wireshark clearly pointed out the problem.

 

I reviewed the documents that you have shared and in my opinion, you should go with ES25 rather than ES12 as it has fixed this bug CSCvc39129

 

Marek
Web: https://gaman-gt.com

View solution in original post

5 Replies 5

Go to solution
Marek (gaman-gt.com)
Level 3
Level 3

‎03-02-2020 10:04 PM

Hi David,

In my opinion, javax.net.ssl.SSLHandshakeException indicates that there is a problem with certificates in your environment. Probably you are using HTTPS URL's for the POST requests. In this case, you will need to exchange the certificates and add them to the trust store.In this scenario CVP acts as a REST client.

 

How to do it, please look a the CVP documentation: https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cust_contact/contact_center/customer_voice_portal/cvp11_0/user/guide/CCVP_BK_14998B8D_00_1101-vxml-server-guide/Two_Way_SSL_Authentication.html and review the chapter: Create One-Way Communication Between VXML and REST Server.

Marek
Web: https://gaman-gt.com
0 Helpful

Go to solution
david_legrand
Level 4
Level 4
In response to Marek (gaman-gt.com)

‎03-04-2020 09:06 AM

Hello Marek,

 

Thank you very much for your help. I will try this. I just wonder why in the Cisco dCloud environment, I didn't had to do something like this.

 

I'll let you know.

 

David

0 Helpful

Go to solution
david_legrand
Level 4
Level 4
In response to Marek (gaman-gt.com)

‎03-20-2020 04:44 PM

Hello Marek,


I have imported what is for me the required public certificate, but it doesn't help.
In the same time, one of my colleague told me that I have to activate TLS1.2, as it is not enabled by default on CVP 11.5

I have activated TLS 1.2 as described in section "Procedure to Enable TLS 1.2 in Interface 2" from following document.

https://www.cisco.com/c/en/us/support/docs/contact-center/unified-customer-voice-portal-1161/214541-how-to-enable-tls-1-2-on-different-inter.html#anc6

I doesn't work, I think I need ES12 according to the table. I will try this next week.

David
0 Helpful

Go to solution
Marek (gaman-gt.com)
Level 3
Level 3
In response to david_legrand

‎03-20-2020 10:28 PM

Hi David,

Thanks for sharing this. It is very interesting but you might be right with this TLS issue. I've never faced the problem with TLS most likely because I like to use custom CVP elements for communication with external servers.

If the logs on the CVP don't show the real cause (only the genric error) the good idea would be to capture the packet dumps on the server. They should show you what type of problem you are facing. 2 weeks ago I was struggling with similar problem with CUCM External Call Control Feature over HTTPS. In this Wireshark clearly pointed out the problem.

 

I reviewed the documents that you have shared and in my opinion, you should go with ES25 rather than ES12 as it has fixed this bug CSCvc39129

 

Marek
Web: https://gaman-gt.com

Go to solution
david_legrand
Level 4
Level 4
In response to Marek (gaman-gt.com)

‎03-24-2020 04:31 AM

Hello Marek,

Thanks for your reply. I have installed ES12, I have manually updated the JRE binaries to SE7 121 and I have updated the registry according the Cisco documentation. ( https://www.cisco.com/c/en/us/support/docs/contact-center/unified-customer-voice-portal-1161/214541-how-to-enable-tls-1-2-on-different-inter.html#anc6 )
Without that, CVP 11.5 doesn't support TLS 1.2 which was only supported by the server I am sending requests to.

Next time, I will upgrade to CVP 11.6, it was not possible at that time, that's why I used this way.

Thanks again for your help and to my colleague Matthias Neubacher.

David
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents