08-26-2022 03:16 PM
There were some security-related changes in the Finesse HTTP configuration , starting version 12.5
That’s what the Cisco documents say:
Security Enhancements
In Cisco Finesse the following security changes are implemented:
• By default, Cisco Finesse Notification Service unsecure XMPP port 5222 and BOSH/WebSocket (HTTP)
port 7071 are disabled.
Use the CLI command utils finesse set_property webservices enableInsecureOpenfirePort true to
enable these ports.
• Validation of the X.509 certificate is enforced. It is mandatory to have the following valid non-expired
X.509 CA or self-signed certificates, which must be imported into the Cisco Finesse trust store.
• Cisco Finesse node certificates are available by default. The administrator must verify the validity
of the certificates, as non-expired certificates are invalid.
• Valid non-expired Cisco Finesse primary certificate must be present on the secondary Cisco
Finesse.
• Valid non-expired Cisco Finesse secondary certificate must be present on the primary Cisco
Finesse.
• Import the CUCM certificate to both the primary and secondary Finesse nodes.
• Import the IdS certificate to both the primary and secondary Finesse nodes.
• Import the Customer Collaboration Platform server certificates to both the primary and secondary
Finesse nodes in the Unified CCE.
• Import the LiveData server certificates to both the primary and secondary Finesse nodes in the
Unified CCE.
• Import the Cloud Connect server certificates to both the primary and secondary Finesse nodes in
the Unified CCE.
Here are the questions:
08-27-2022 04:18 AM
There's a Cisco defect that references port 5223 and 5222 in 12.5 and enabling access, but unfortunately it looks like it is only visible to Cisco right now. Based on the description though, it might contain what you're looking for, so maybe ask Cisco if they can give you more information?
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv16362
12.5(1)
Release Pending
Cisco Finesse
08-29-2022 06:43 AM
Thanks.
Sorry but I'm not allowed to access that https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv16362 link .
If possible , could you please copy its content to this conversation thread?
08-29-2022 04:43 PM
All that Cisco shows is above, the rest is Cisco internal use only so you'd have to open a ticket and have them tell you what else it says.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide