12-31-2013 08:02 AM - edited 03-16-2019 09:03 PM
We are running Unity Connection Server 9.1 and CUCI-Lync 8.6. I know how to configure the CUCI client to make encrypted connections to Unity but, Is there a way to configure Unity Connection to ONLY accept encrypted TLS IMAP connections?
Thanks,
Chris
01-03-2014 11:57 AM
Hi
I just worked a simialr TAC case and there's no real "best practice" .You have the option to encrypt traffic or not the one you alrady know .The clients used to connect to UC are what initiate an encrypted request, not the server. And of course, in the following doc, it indicates that the clients needs to be configured to use encryption (which may be different for all kinds of clients out there) and the self signed certificate should work just fine as long as the client has accepted the certificate and added it to its local certificate store.
An example in this scenario TAC would end up going step by step through the configuration guide to make sure everything was done, so we will want to eliminate anything covered in the documentation first.
http://www.cisco.com/en/US/docs/voice_ip_comm/connection/8x/administration/guide/8xcucsag215.html
As referenced in CSCuc04100, the feature is still not yet implemented or planned. So it's still up to the customer's client configurations or infrastructure to prevent non-secure IMAP connections. There is no way currently to force it from the Unity Connection server's configuration yet.
Best regards,
Paulo Dobles
Cisco TAC Support Engineer, Unity
01-03-2014 01:23 PM
Hi Paulo,
I started reading your post and it sounded so familiar. LOL, turns out your post here was word for word in the e-mail you sent to another tech at my company that opened "the similar TAC case" you refered to.
Thanks for your reply!
Regards,
Chris
01-03-2014 01:29 PM
Ok, I see. Could you please share the procedure you used to configure the CUCI client to make encrypted connections to Unity for future reference.
Thanks
Best regards,
Paulo Dobles
01-03-2014 01:51 PM
To configure CUCI-Lync 8.5 for encrypted connection to Unity Connection Server 9.1
Make the following settings In the registry of the Client computer (Win 7)
Computer\HKEY_CURRENT_USER\Software\Policies\Cisco Systems, Inc.\Client Services Framework\AdminData
"VVM_Mailstore_ImapProtocol_0"="TLS"
"VVM_Mailstore_ImapProtocol_1"="TLS"
"VVM_Mailstore_ImapPort_0"="7993"
"VVM_Mailstore_ImapPort_1"="7993"
"VVM_Mailstore_EncryptedConnection"="true"
After you have made these changes restart Cisco UC and your connection will be encrypted.
I believe these are the same registry key changes for CUCI v9.2 as well.
As far as blocking unencrypted connections, we are looking to create ACL's on the Unity server switch port to deny TCP 143 connections as our interim solution.
Chris
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide