Jump to: navigation, search

Start SIP Feature Server

To start and verify SIP Feature Server:

Warning
Do not start Feature Server until you have checked that the configuration options are correct in the defined Cluster and Cassandra sections, specifically replicationStrategyClassName and replicationOptions. See Cassandra options.
Ensure that Cassandra.yaml has endpoint_snitch: PropertyFileSnitch if replicationStrategyClassName is set to NetworkTopologyStrategy and the resources/cassandra-topology.properties file has accurate entries describing Feature Server Cassandra ring topology.
  1. To run Feature Server in secure (https) mode:
    • Configure your https settings as described in the sections below.
    • In the IVR Profile, set initial-page-url = https://Feature Server IP address or host name:8443/fs
  2. Use Genesys Administrator, not the command line, to start SIP Feature Server. If you are running more than one Feature Server, start the Master first.
  3. In Genesys Administrator, verify that the Feature Server is running.
  4. Verify that the GAX interface is running by logging in as the Default administrator (in other words, the Default user in Configuration Server):
    GAX IP address:port/gax
  5. At this point, only the Default administrator can log into the Feature Server GAX interface. To enable other users to log in as administrators, assign the Administrator role to them.

TLS configuration

Minimum Java versions that are required to support TLS in SIP Feature server are:

  • Java 6 Update 120 or later
  • Java 7 Update 95 or later
  • Java 8
  • Java 11

By default, SIP Feature Server will use only TLSv1.3. Other protocols will be disabled. Configuration changes with respect to SSL/TLS directly in Java would affect SIP Feature Server and override SIP Feature Server configurations.

In the command section of the launcher.xml file, configure:

  • Parameter name = com.genesyslab.voicemail.application.encryption
  • Value = true
  • Parameter name = jdk.tls.client.protocols
  • Value = TLSv1.3

In the jetty-ssl.context.xml file, add the following TLS protocol through which SIP Feature Server connections are described.

<Set name="IncludeProtocols">
  <Array type="java.lang.String">
    <Item>TLSv1.2</Item>
  </Array>
</Set>
<Set name="ExcludeProtocols">
  <Array type="java.lang.String"> 
    <Item>TLSv1.1</Item>
    <Item>SSLv3</Item>
  </Array>
</Set>
Important
When TLS is enabled in SIP Feature Server, configure the SIP Feature Server host certificates in the GAX truststore.

Jetty 9 configuration

This section describes configuring Jetty version 9.

HTTP configuration

In the command section of the launcher.xml file, configure:
parameter name=http_port
default value=jetty.port=8080

HTTPS configuration

This section provides information on HTTPS configuration.

Configuration of start.ini

Remove the '#' symbol in start.ini file to enable the HTTPS and SSL parameters listed as follows:

  • Enable HTTPS module
    --module=https
  • Configure https port
    https.port=8443
  • Configure HTTPS idle timeout
    https.timeout=30000
  • Enable SSL module
    --module=ssl

Truststore and keystore configuration paths

Jetty 9 defines main configuration rules for truststore and keystore paths in jetty-ssl-context.xml file. By default, it defines the path as relative to <FS Installation directory>. The default values of Truststore and Keystore path parameters in jetty-ssl-context.xml are as follows:

  • <Set name="KeyStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.keystore" default="etc/keystore"/></Set>
  • <Set name="TrustStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.truststore" default="etc/keystore"/></Set>

You can define absolute paths in start.ini by using "jetty.keystore" and "jetty.truststore" variables. In this case, jetty-ssl-context.xml file must be modified as follows:

  • <Set name="KeyStorePath"><Property name="jetty.keystore"/></Set>
  • <Set name="TrustStorePath"><Property name="jetty.truststore"/></Set>
Important
The keystore file must not be removed from the <FS Installation directory>/etc/ folder.

Configuring the following keystore and truststore configuration in the start.ini file will override the configuration in the jetty-ssl-context.xml file.

  • Setup path to keystore (relative to <FS Installation directory> by default):
    jetty.keystore=etc/keystore
  • Setup path truststore (relative to <FS Installation directory> by default):
    jetty.truststore=etc/keystore
  • Set the obfuscated passwords for keystore (For more details, see Generate Obfuscated passwords topic in this section.):
    jetty.keystore.password=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
    jetty.keymanager.password=OBF:1u2u1wml1z7s1z7a1wnl1u2g
    jetty.truststore.password=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4

Prevention of Feature Server from POODLE attacks

To prevent Feature Server from POODLE attacks, disable SSLv3 in Feature Server by adding the following to the Configure section of the <FS Installation directory>/etc/jetty-ssl.xml file.
<Set name="ExcludeProtocols"> <Array type="java.lang.String"><Item>SSLv3</Item> </Array> </Set>

Generate obfuscated passwords

  1. Navigate to <FS Installation directory> in Linux Shell or Windows Command prompt.
  2. Run the following command to run the Jetty's password utility to obfuscate your passwords:
    java -cp lib/jetty-http-xxx.jar:lib/jetty-util-xxx.jar org.eclipse.jetty.util.security.Password your_Password
  • Where -xxx signifies the version of Jetty that you have installed.
  • On Linux, use a colon (:) instead of a semi-colon (;) to separate the two JAR names.
  •  For example:
     {FS Installation directory}>java -cp lib/jetty-http- 9.2.10.v20150310.jar;lib/jetty-util- 9.2.10.v20150310.jar org.eclipse.jetty.http.security.Password 123456  123456
     OBF:19iy19j019j219j419j619j8
     MD5:e10adc3949ba59abbe56e057f20f883e

Configuration of jetty-ssl.xml

In order for the HTTPS connection to select the port as per the configuration, enable the following configuration in the jetty-ssl.xml file:

<Set name="host"><Property name="jetty.ssl.host" deprecated="jetty.host" /></Set>
<Set name="port"><Property name="jetty.ssl.port" deprecated="ssl.port" default="8443" /></Set>

Jetty 7 configuration

This section describes configuring Jetty version 7.

HTTP configuration

In the Options section of the launcher.xml file, configure:
parameter name=http_port
default value= 8080

HTTPS configuration

This section provides information on HTTPS configuration.

Remove the '#' symbol in the start.ini file to enable HTTPS in Jetty 7:
etc/jetty-ssl.xml

The default value of https port in jetty-ssl.xml file:
<Set name="Port">8443</Set>

SSL configuration

Jetty 7 defines main configuration rules for SSL parameters in jetty-ssl.xml file. The default values of SSL parameters in jetty-ssl.xml are as follows:

  • <Set name="keystore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set>
  • <Set name="password">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
  • <Set name="keyPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set>
  • <Set name="truststore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set>
  • <Set name="trustPassword">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>

External links for configuring certificates in Jetty

This page was last edited on August 4, 2023, at 07:06.
Comments or questions about this documentation? Contact us for support!