Jump to: navigation, search

Start SIP Feature Server

To start and verify SIP Feature Server:

Warning
Do not start Feature Server until you have checked that the configuration options are correct in the defined Cluster and Cassandra sections, specifically replicationStrategyClassName and replicationOptions. See Cassandra options.
Ensure that Cassandra.yaml has endpoint_snitch: PropertyFileSnitch if replicationStrategyClassName is set to NetworkTopologyStrategy and the resources/cassandra-topology.properties file has accurate entries describing Feature Server Cassandra ring topology.
  1. To run Feature Server in secure (https) mode:
    • Configure your https settings as described in the sections below.
    • In the IVR Profile, set initial-page-url = https://Feature Server IP address or host name:8443/fs
  2. Use Genesys Administrator, not the command line, to start SIP Feature Server. If you are running more than one Feature Server, start the Master first.
  3. In Genesys Administrator, verify that the Feature Server is running.
  4. Verify that the GAX interface is running by logging in as the Default administrator (in other words, the Default user in Configuration Server):
    GAX IP address:port/gax
  5. At this point, only the Default administrator can log into the Feature Server GAX interface. To enable other users to log in as administrators, assign the Administrator role to them.

Jetty 9 configuration

This section describes configuring Jetty version 9.

HTTP configuration

In the command section of the launcher.xml file, configure:
parameter name=http_port
default value=jetty.port=8080

HTTPS configuration

This section provides information on HTTPS configuration.

Configuration of start.ini

Remove the '#' symbol in start.ini file to enable the HTTPS and SSL parameters listed as follows:

  • Enable HTTPS module
    --module=https
  • Configure https port
    https.port=8443
  • Configure HTTPS idle timeout
    https.timeout=30000
  • Enable SSL module
    --module=ssl

Truststore and keystore configuration paths

Jetty 9 defines main configuration rules for truststore and keystore paths in jetty-ssl.xml file. By default, it defines the path as relative to <FS Installation directory>. The default values of Truststore and Keystore path parameters in jetty-ssl.xml are as follows:

  • <Set name="KeyStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.keystore" default="etc/keystore"/></Set>
  • <Set name="TrustStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.truststore" default="etc/keystore"/></Set>

You can define absolute paths in start.ini by using "jetty.keystore" and "jetty.truststore" variables. In this case, jetty-ssl.xml file must be modified as follows:

  • <Set name="KeyStorePath"><Property name="jetty.keystore"/></Set>
  • <Set name="TrustStorePath"><Property name="jetty.truststore"/></Set>
Important
The keystore file must not be removed from the <FS Installation directory>/etc/ folder.

Configuring the following keystore and truststore configuration in the start.ini file will override the configuration in the jetty-ssl.xml file.

  • Setup path to keystore (relative to <FS Installation directory> by default):
    jetty.keystore=etc/keystore
  • Setup path truststore (relative to <FS Installation directory> by default):
    jetty.truststore=etc/keystore
  • Set the obfuscated passwords for keystore (For more details, see Generate Obfuscated passwords topic in this section.):
    jetty.keystore.password=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
    jetty.keymanager.password=OBF:1u2u1wml1z7s1z7a1wnl1u2g
    jetty.truststore.password=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4

Prevention of Feature Server from POODLE attacks

To prevent Feature Server from POODLE attacks, disable SSLv3 in Feature Server by adding the following to the Configure section of the <FS Installation directory>/etc/jetty-ssl.xml file.
<Set name="ExcludeProtocols"> <Array type="java.lang.String"><Item>SSLv3</Item> </Array> </Set>

Generate obfuscated passwords

  1. Navigate to <FS Installation directory> in Linux Shell or Windows Command prompt.
  2. Run the following command to run the Jetty's password utility to obfuscate your passwords:
    java -cp lib/jetty-util-xxx.jar org.eclipse.jetty.util.security.Password your_Password
  • Where -xxx signifies the version of Jetty that you have installed.
  • For example:
  •  java -cp lib/jetty-util-9.2.10.v20150310.jar org.eclipse.jetty.util.security.Password 123456
     OBF:19iy19j019j219j419j619j8
     MD5:e10adc3949ba59abbe56e057f20f883e  123456

    Important
    It is recommend to use Java 8 and above for configuring HTTPS in Jetty 9.

Jetty 7 configuration

This section describes configuring Jetty version 7.

HTTP configuration

In the Options section of the launcher.xml file, configure:
parameter name=http_port
default value= 8080

HTTPS configuration

This section provides information on HTTPS configuration.

Remove the '#' symbol in the start.ini file to enable HTTPS in Jetty 7:
etc/jetty-ssl.xml

The default value of https port in jetty-ssl.xml file:
<Set name="Port">8443</Set>

Generate obfuscated passwords

  1. Navigate to <FS Installation directory> in Linux Shell or Windows Command prompt.
  2. Run the following command to run the Jetty's password utility to obfuscate your passwords:
    java -cp lib/jetty-util-xxx.jar org.eclipse.jetty.util.security.Password your_Password
  • Where -xxx signifies the version of Jetty that you have installed.
  • For example:
  •  java -cp lib/jetty-util-7.6.0.v20120127.jar org.eclipse.jetty.util.security.Password 123456
     OBF:19iy19j019j219j419j619j8
     MD5:e10adc3949ba59abbe56e057f20f883e

SSL configuration

Jetty 7 defines main configuration rules for SSL parameters in jetty-ssl.xml file. The default values of SSL parameters in jetty-ssl.xml are as follows:

  • <Set name="keystore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set>
  • <Set name="password">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
  • <Set name="keyPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set>
  • <Set name="truststore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set>
  • <Set name="trustPassword">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>


External links for configuring certificates in Jetty

Feedback

Comment on this article:

blog comments powered by Disqus
This page was last modified on May 17, 2018, at 06:50.