Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9286
Views
5
Helpful
20
Replies

Cisco Cube and Genesys CX - Setup TLS connection

MiB
Level 1
Level 1

‎01-13-2023 12:13 AM

Hi all,

I'm trying to configure a trunk between my Cisco CUBES(ISR4431) to Genesys Cloud for a new implementation

Has anybody made this challange ?

It works with SIP/RTP and SIP/SRTP but when i switch to SIP with TLS it fails.

TLS Handshake between Cube an Genesys is completed and cube sents a invite to Genesys but no response to this, TLS Connection will be closed from Genesys side. Otherwise, call from Genesys cloud, i can see TLS Handshake in pcap at my cube but i dont get data from there after tls is completed.

Unfortunately, the genesys colleagues have almost no information and access to the system as it is a cloud service.

(Their service partner looks like they don't have a clue either)

 

I run 17.06.03a on cube, TLS to CUCM works fine

may someone has implemented this successfully

Thanks

 

 

 

1 person had this problem
Labels:
0 Helpful
20 Replies 20

Hermanus Janse van Vuuren
Level 5
Level 5
In response to MiB

‎03-04-2025 10:58 AM

no worries, thank you, thought it might need some special setup like MS teams. Will figure it out as I go a long, have had a connection to genesys on-prem edges so could be the same setup then just pointing to the cloud.

Best Regards
0 Helpful

alisha_rascon01
Level 1
Level 1

‎12-27-2023 10:09 PM - edited ‎01-12-2024 09:45 PM

Setting up a TLS (Transport Layer Security) connection between Cisco Cube and Genesys CX involves configuring both systems to use secure communication. Here's a general guide on how you can achieve this:

Cisco Cube TLS Configuration:

1. Generate Certificates:

- Obtain or generate X.509 certificates for the Cisco Cube. You may use a certificate authority (CA) to sign these certificates.

2. Upload Certificates to Cisco Cube:

- Upload the generated certificates (public and private key) to the Cisco Cube.

- Use the following commands on the Cisco Cube:

voice service voip
tls srtp
certificate <certificate_name> [password <password>]

3. Configure SIP TLS on Cisco Cube:

- Enable SIP TLS on the Cisco Cube using the following commands:

voice service voip
sip
bind control source-interface <interface_name>
tls bind source-interface <interface_name>

4. Define SIP Profile:

- Define a SIP profile that uses TLS. Example:

voice class sip-profiles 1

request ANY sip-header Via modify "<sip_profile_name>"

5. Apply SIP Profile:

- Apply the SIP profile to your voice service configuration:

voice service voip

sip

sip-profiles 1

csrlima
Level 3
Level 3
In response to alisha_rascon01

‎10-15-2025 02:26 AM

Hi, very usefull information , but i still have doubts about certificates:
Is not enought to use/download certififcates from Genesys Webpage and install it in Cisco Cube? We need also to generate certificates from cube side and sign it by a public CA , is that correct? Can you detail better the process to know what i have to buy/ask as requirements more for this integration? IP public adress , certificate public, domain , fqdn , a record,...
Thanks in advance

 

 

 
0 Helpful

Hermanus Janse van Vuuren
Level 5
Level 5
In response to csrlima

‎10-15-2025 07:37 PM

Correct you need to download the Root certificate from Genesys site and upload that on the Cube a s a trusted root certificate.

You also need to generate a CSR with the CUBE's FQDN and get that signed by the public CA.

This FQDN needs to have a DNS record reachable from the internet, either direct or via a NAT from a Firewall for some extra security which is advisable.

Genesys talks back to the Public IP/FQDN and cube talks to Genesys DNS record and you need to have both the genesys root certificate loaded on CUBE plus a trusted signed public CA certificate on the Cube for the bi directional trust for the TLS connection. We have found that if you only have a signed certificate on the CUBE traffic towards genesys will work for example inbound calls, but outbound calls will fail, you need the genesys root certificate on the cube to allow outbound calls from genesys to pstn.

I have successfully configured both MS Teams and Genesys SIP TLS connections on a C8000 Cube and it really work well.

Best Regards
0 Helpful

Roger Kallberg
VIP
VIP
In response to csrlima

‎10-15-2025 09:45 PM

For the certificate part in your router acting as an SBC you can reference this document that I wrote recently. How to handle certificates on Cisco routers 



Response Signature


eljose_lol
Level 1
Level 1

‎03-11-2024 03:44 PM

Hello MIB, Trying to set up TLS between CUBE and Genesys, could you please sharing the configuration that you used in CUBE ? 

0 Helpful
Customers Also Viewed These Support Documents