Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
489
Views
4
Helpful
5
Replies

decrypting UCCX traffic with Firepower

tato386
Level 6
Level 6

‎06-14-2025 02:40 PM

Hello,

I need to get the private key of the tomcat cert that is installed on my UCCX for this.  From my research it seems that it is not feasible or even possible to extract it from the OS but it seems like I should be able to create a cert and key with OpenSSL and then import the files into the OS.  So now I have a public CA signed cert and the private key for this cert but cannot find a way to import it.

I have tried both GUI and CLI.  I have tried with standard and passwordless PKCS12.  I have tried with un-encrypted key in PEM file.  Nothing seems to work.  Has anybody had success in doing this?  Would TAC be able to help me?

Thanks,

 

0 Helpful
5 Replies 5

Roger Kallberg
VIP
VIP

‎06-14-2025 07:17 PM

What is your use case for decrypting UCCX traffic in Firepower?



Response Signature


tato386
Level 6
Level 6
In response to Roger Kallberg

‎06-15-2025 01:17 PM

traditionally we have not exposed the Finesse desktop interface to the Internet but this has caused a mish-mash of access methods.  We have some users that use RDP to access from an inside machine, others that VPN in and also kept a static list of public IPs allowed thru the firewall.  We feel that making sure we keep abreast of patches and use all the security features available on the FTD platform it will mitigate the risk to an acceptable level and allow users to just hit the Finesse URL directly from the Internet. 

0 Helpful

Roger Kallberg
VIP
VIP
In response to tato386

‎06-15-2025 08:21 PM - edited ‎06-15-2025 08:21 PM

In general it is a quite bad idea to allow access to your contact centre system from internet. I would recommend you to not do that. Agents who are located off the corporate premises should use some sort VPN service to access their agent front end.

On your question, on a CVOS system you cannot access the private key of the certificate, nor can you create the certificate off system and upload it to the system. TAC will not help you with getting the private key.



Response Signature


Elliot Dierksen
VIP
VIP
In response to Roger Kallberg

‎06-16-2025 06:51 AM

I strongly agree with @Roger Kallberg on this. Finesse is not sufficiently hardened for it to be accessible directly from the internet. That is a a very risky idea.

tato386
Level 6
Level 6

‎06-16-2025 09:54 AM

thanks for the advice.  we will certainly keep your recommendations in mind.

0 Helpful
Customers Also Viewed These Support Documents