05-27-2015 05:56 AM - edited 03-14-2019 02:49 PM
Hi,
We are having CVP 10.5 into our environment and we also we are having 3 CVP Call/VXML server which is running on standalone model.
Now my customer want to have NetScaler load balancer into our environment for load balancing all 3 Call/VXML server.
Also, he want to have HTTPS communication between CVP and NetScaler so for that I have given 7443 port number to my load balancer team to do necessary configuration.
They were also asking from my side to provide certificate to upload into the NetScaler load banalcer.
Please suggest how and from where, i can generate certificate on CVP server and also do i need to do any configuration on CVP server to have successful HTTPS communication between load blancer and CVP.
Also, do i need to upload any certificate on VXML Gateway?
Please suggest.
Regards,
Shambhu
05-28-2015 10:41 AM
Hi Shambhu,
To secure HTTPS between Cisco Gateways and Call Server and VXML Server to the gateway for HTTPS, import either the Call Server certificate or the VXML Server certificate on the IOS device during device configuration.
Procedure
________________________________
Step 1
Enter https://ip_address_of_callserver:8443/cvp/diag in the address bar of the web browser to access the secure Call Server or https://ip_address_of_vxmlserver:7443/CVP/Server to access the secure VXML Server.
The Security Alert dialog box appears.
Step 2
Click View Certificate.
Step 3
Select the Details tab.
Step 4
Click Copy to File.
The Certificate Export Wizard dialog appears.
Step 5
Click Base-64 encoded X.509 (.CER), and then click Next.
Step 6
Specify a file name in the File to Export dialog box, and then click Next.
Step 7
Click Finish.
A message indicates that the export was successful.
Step 8
Click OK, and close the Security Alert dialog box.
Step 9
Open the exported file in Notepad and copy the Operations Console certificate information that appears between the ---BEGIN CERTIFICATE-- and --END CERTIFICATE-- tags to the IOS device.
Step 10
Access the IOS device in privileged EXEC mode.
For more information, see the Cisco IOS CLI documentation.
Step 11
Access global configuration mode by entering configuration terminal.
Step 12
Create and enroll a trustpoint by entering the following commands:
crypto pki trustpoint xxxx
en terminal
exit
where xxxx is a trustpoint name.
The IOS device exits conf t mode and returns to privileged EXEC mode.
Step 13
Copy the certificate exported to the Notepad to the IOS device:
a. Enter crypto pki auth <xxxx> where xxxx is the trustpoint name specified in the previous step.
b. Paste the certificate from the Notepad clipboard.
c. Enter quit.
o A message displays describing the certificate attributes.
o A confirmation prompt appears.
Step 14
Enter yes.
A message indicates that the certificate is successfully imported
05-29-2015 02:01 AM
Thanks Jitender for your response.
I already tried to generate the certificate with above steps but unfortunately its not working.
I am failing on first step itself.
When i am putting https://ip_address_of_vxmlserver:7443/CVP/Server in IE its says 'page not found'.
Please suggest.
05-04-2017 08:18 AM
Jitender, Hello.
Thanks for your response.
I was checking the step 1, and I think you should put the Operations Console Server link instead of Call Server link. Could you confirm?
Regards.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide