IP Office ContactStore 7.8 Page 80
15-601038 Issue 4b (06 July 2009)IP Office
These two are linked and cannot be regenerated, so it is important to back up the keystore file. If either one of these
components is lost, you must regenerate the certificate and pay again to get it signed.
9.5.4 Configuring Viewer and Archive to use HTTPS
To allow Viewer and Archive to connect to ContactStore using HTTPS, you must first create and install an customized
certificate for each recorder in your environment. See Installing a Signed SSL Certificate . You must obtain certificates
with the exact recorder names, as entered in the Capture Platform setting in Viewer.
Keep the intermediate and root certificates that you received with the signed certificate and imported into the keystore.
You will also need to import these into Viewer and Archive.
Importing the public certificates into Viewer and Archive
The following procedure describes how to import the public certificates into a windows server. This process must be
followed on both the Viewer and the Archive server. This is necessary so that Viewer and Archive can validate the cscm
server.
1.Choose Start > Run, type mmc, and then click OK. The Microsoft Management Console (MMC) window opens
2.Click File > Add Remove Snap-in.
3.In the Add/Remove Snap-in window, click Add.
4.In the Add Standalone Snap-in window, click Certificates, and then click Add.
5.Choose Computer Account (to manage the certificate store on the local computer), and then click Next. The Select
Computer window opens.
6.Choose Local Computer, and then click Finish.
Now that the snap-in is available you should import any intermediate certificate(s).
1.In the Console window under Certificates, right-click Intermediate Certificate Authorities, and then select All Tasks
> Import. The Certificate Import Wizard window opens.
2.Click Next. The File to Import window displays.
3.Click Browse
4.Browse for the intermediate certificate file, select the Files of type drop-down list X.509 Certificate (*.cer, *.crt),
and select it.
5.Click Next.
6.The Certificate Store dialog box opens.
7.Select Place all certificates in the following store, and then select the Trusted Root Certificate Authorities store click
Next.
8.Check the displayed information, and then click Finish.
Finally import the root certificate.
1.In the Console window under Certificates, right-click Intermediate Certificate Authorities, and then select All Tasks
> Import. The Certificate Import Wizard window opens.
2.Click Next. The File to Import window displays.
3.Click Browse
4.Browse for the root.cer file, select the Files of type drop-down list X.509 Certificate (*.cer, *.crt), and select it.
5.Click Next.
6.The Certificate Store dialog box opens.
7.Select Place all certificates in the following store, and then select the Trusted Root Certificate Authorities store click
Next.
8.Check the displayed information, and then click Finish.
Configure Viewer to use https and a secure port
By default Viewer will not use https or the secure port to connect to the cscm recorder, both these features need to be
enabled on Viewer. This is done using the Viewer utility EyrBSConfigurationViewer which is located in the following
directory on the Viewer server, note by default Viewer uses http and once https is enabled will default to use port 50150.
78