Jump to: navigation, search

Configuring System Security

Genesys Pulse has features that enhance your system security. This section discusses Genesys Pulse security features and describes how to configure them.

TLS: Configuring the Genesys Pulse Database

You must configure your Oracle, Microsoft SQL, or PostgreSQL server to use TLS. In addition to the appropriate procedure below, refer to the documentation that came with your database for information on how to use TLS security.

Oracle

  1. Set up the Genesys Pulse database (for Oracle).
  2. Configure Oracle as described in the related database guides, and configure a TCPS listener. See Management Framework documentation for more information.
  3. Configure the jdbc_url option in the [pulse] section of your Genesys Pulse DAP application object:
    jdbc_url=jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=<Database host>)(PORT=<Database port>))(CONNECT_DATA=(SERVICE_NAME=<Database Service name>)))

SSL connection using TLS v1.2
JDK 7 and JDK 8 releases support TLS v1.2 protocol. Other protocols, such as TLS v1.1, TLS v1, SSL v3, and SSL v2 have security vulnerabilities. Genesys recommends to use the latest standard TLS v1.2 version and use more secure SSL cipher suites.

The correct JDBC Thin driver is required in order to use TLS v1.2.

Important
If you are using the ojdbc8.jar from 12.2.0.1 version then you are all set.
If you are using the 12.1.0.2 JDBC driver, you need to either download the 12.1.0.2 patched driver or apply the patch (that allows TLS v1.2) for the bug 19030178. The patch allows TLS v1.2 but does not enable it by default. So, you must set the oracle.net.ssl_version=1.2 property. This property can be set either as the system property (using -D) or through the datasource properties.


MS SQL

  1. Set up the Genesys Pulse database (for MS SQL).
  2. Configure Microsoft SQL Server as described in the related database guides. See Management Framework documentation for more information.
  3. Configure the jdbc_url option in the [pulse] section of your Genesys Pulse DAP application object:
    jdbc_url=jdbc:sqlserver://<Database host>:<Database port>;databaseName=<Database name>;encrypt=true;trustServerCertificate=false

PostgreSQL

  1. Set up the Genesys Pulse database (for PostgreSQL).
  2. Configure PostgreSQL as described in the related database guides. See Management Framework documentation for more information.
  3. Configure the jdbc_url option in the [pulse] section of your Genesys Pulse DAP application object:
    jdbc_url=jdbc:postgresql://<Database host>:<Database port>/<Database name>?ssl=true&sslcert=<path to certificate>&sslkey=<path to key>&sslrootcert=<path to root cerificate>&sslmode=verify-full
Important
The certificate key must be in the pkcs8 format. You can use the openssl utility to convert the key:
openssl pkcs8 -topk8 -nocrypt -inform PEM -outform DER -in <server.key> -out <server-key.pk8>
This page was last modified on February 26, 2019, at 07:26.

Feedback

Comment on this article:

blog comments powered by Disqus