Hi Shambhu, To secure HTTPS

shambhuchaursiya · ‎05-27-2015

Hi,

We are having CVP 10.5 into our environment and we also we are having 3 CVP Call/VXML server which is running on standalone model.

Now my customer want to have NetScaler load balancer into our environment for load balancing all 3 Call/VXML server.

Also, he want to have HTTPS communication between CVP and NetScaler so for that I have given 7443 port number to my load balancer team to do necessary configuration.

They were also asking from my side to provide certificate to upload into the NetScaler load banalcer.

Please suggest how and from where, i can generate certificate on CVP server and also do i need to do any configuration on CVP server to have successful HTTPS communication between load blancer and CVP.

Also, do i need to upload any certificate on VXML Gateway?

Please suggest.

Regards,

Shambhu

Jitender Bhandari · ‎05-28-2015

Hi Shambhu,

To secure HTTPS between Cisco Gateways and Call Server and VXML Server to the gateway for HTTPS, import either the Call Server certificate or the VXML Server certificate on the IOS device during device configuration.
Procedure
________________________________
Step 1

Enter https://ip_address_of_callserver:8443/cvp/diag in the address bar of the web browser to access the secure Call Server or https://ip_address_of_vxmlserver:7443/CVP/Server to access the secure VXML Server.
The Security Alert dialog box appears.

Step 2

Click View Certificate.

Step 3

Select the Details tab.

Step 4

Click Copy to File.
The Certificate Export Wizard dialog appears.

Step 5

Click Base-64 encoded X.509 (.CER), and then click Next.

Step 6

Specify a file name in the File to Export dialog box, and then click Next.

Step 7

Click Finish.
A message indicates that the export was successful.

Step 8

Click OK, and close the Security Alert dialog box.

Step 9

Open the exported file in Notepad and copy the Operations Console certificate information that appears between the ---BEGIN CERTIFICATE-- and --END CERTIFICATE-- tags to the IOS device.

Step 10

Access the IOS device in privileged EXEC mode.
For more information, see the Cisco IOS CLI documentation.

Step 11

Access global configuration mode by entering configuration terminal.

Step 12

Create and enroll a trustpoint by entering the following commands:
                                    crypto pki trustpoint xxxx
                                    en terminal
                                    exit

where xxxx is a trustpoint name.
The IOS device exits conf t mode and returns to privileged EXEC mode.

Step 13

Copy the certificate exported to the Notepad to the IOS device:
a.     Enter crypto pki auth <xxxx> where xxxx is the trustpoint name specified in the previous step.
b.     Paste the certificate from the Notepad clipboard.
c.     Enter quit.
o    A message displays describing the certificate attributes.
o    A confirmation prompt appears.

Step 14

Enter yes.
A message indicates that the certificate is successfully imported

shambhuchaursiya · ‎05-29-2015

Thanks Jitender for your response.

I already tried to generate the certificate with above steps but unfortunately its not working.

I am failing on first step itself.

When i am putting https://ip_address_of_vxmlserver:7443/CVP/Server in IE its says 'page not found'.

Please suggest.

LCMC · ‎05-04-2017

Jitender, Hello.

Thanks for your response.

I was checking the step 1, and I think you should put the Operations Console Server link instead of Call Server link. Could you confirm?

Regards.

Luis Coiro

Process to Generate Certificate on CVP Call/VXML Server