Jump to: navigation, search

Using TLS with UCS

UsersGuide.png Purpose: To set up UCS to use TLS.

Overview

This page describes setting up UCS to use TLS for secure connections. The procedure can also be used with E-mail Server, a component of Genesys eServices. For clients of UCS, see Using TLS with UCS Clients. This page refers to keytool, which is a key and certificate management utility included in JDK or JRE installations. For instance, when you install Java Environment and Libraries for eServices and UCS, keytool is placed in the \jre\bin directory.

Procedure

  1. Generate a certificate, in any of the following ways:
    • Use Windows Certificate Services, as described in the "Certificate Generation and Installation" chapter of the Genesys Security Guide.
    • Use keytool with the—genkey parameter; for example:
    keytool -genkey -v -alias hostname.example.com 
-dname "CN=hostname.example.com,OU=IT,O=ourcompany,C=FR" -keypass theKeyPassword 
-keystore certificate.jks -storepass theKeystorePassword -keyalg "RSA" -sigalg "SHA1withRSA" 
-keysize 2048 -validity 3650
    • Use any other tool, such as openSSL.
  2. In the Genesys configuration environment, assign the certificate to the Host on which UCS is running, as described in the "Genesys TLS Configuration" chapter of the Genesys Security Guide.
  3. If you generated a Windows certificate, you must use Microsoft Management Console to make the certificate usable by UCS.
  4. Locate the certificate and copy it to a selected location on UCS’s host.
  5. Set configuration options in your UCS Application object.
    • Prior to release 8.1.0, add the following options to the cview section. See the Configuration Options page for full descriptions.
      • keyPassword, keystorePassword, keystorePath, keystoreType
        • If you used keystore, set values for these options according to the values used in the command line (as in the example in Step 1).
        • If you used Microsoft Management Console, keystoreType must be PCKS12, and keystorePassword and keyPassword must both be equal to the password that you defined in the export procedure.
      • port-https—Choose a value that is appropriate for your environment. You can also configure the port-http option, but it is not required.

    This screenshot shows a pre-8.1.0 UCS configured to listen on both HTTP and HTTPS ports. OptionsHTTPS2.jpg

Next Steps

Optionally, configure the clients of UCS to use TLS, as described on the Using TLS with UCS Clients page.

This page was last edited on July 17, 2020, at 15:52.
Comments or questions about this documentation? Contact us for support!