Feedback

  • Contents
 

Import a certificate

Identify the location and format of your own corporate (or third-party) line certificate and line private key or a line authority certificate you wish to use on this IC server.  You do not normally need to use this dialog if you use the CIC Default line authority and CIC Default Line certificates provided with Interaction Center.  

This dialog is also used in Setup Assistant to import your own server group certificate and private key on a pair of switchover IC servers.  See the IC Setup Assistant help for more information about server group certificates.

Using your own line certificate, private key and authority certificate

If your company has already established its own root certificate authority and manages its own certificates, you can choose to use your own authority certificate, line certificate and private key for the IC server instead of the default IC-generated certificate authority and line certificates.

If you are using your own certificates, you must also specify the Type and Format information, and whether the private key is password protected.

Switchover server pair considerations

In the case where you have two IC servers in a switchover pair, certificate authority files (e.g., YourLinesAuthorityCertificate.cer) are automatically replicated to the backup switchover server as soon as both servers are running and the switchover service is enabled. This is to ensure that the same certificate authority file and public key is always resident on both servers.  The private key is not copied over the network, to avoid a potential security breach.

Each switchover server must have its own unique line certificate and private key, which are generated for each server by your root certificate authority (CA).  Once the line certificates are generated, you can manually copy the line certificates via a USB flash drive to install the line certificates on each IC server, then use the Import dialog on the Line Certificates page to import the certificates. See Transferring certificate files for a recommended secure procedure for transferring certificates via a USB flash drive.

Note: Even though it is technically possible to use the Import dialog to browse and directly import a certificate over the network, we strongly recommend against this. If the network is already compromised and a network packet sniffer is in use, the certificate and its private key could be intercepted, which defeats the purpose of enabling security on the lines.  

Name:

Enter a descriptive name for this line or authority certificate. This name appears in the Line Certificates or Authority Certificates page. It also appears on the Line Configuration page.

Certificate Path

Browse to the directory location of the certificate (e.g., YourLineCertificate.cer or YourCertificateAuthority.cer) you wish to use for this IC server.

Certificate Type

Note: This field is applicable if you are using your own line certificate/private key or certificate authority. Otherwise, use the default selection.

Select one of the following CIC-supported certificate file format storage types:

  • X.509: Standard specification for public key certificates, in either DER or PEM format.

  • PKCS 7: Contains one or more certificates in either DER or PEM format.

  • PKCS 12:  Defines a file format to store keys and certificates in either DER or PEM format.

Certificate Format

Note: This field is applicable if you are using your own line certificate/private key or certificate authority. Otherwise, use the default selection.

Select one of the following CIC-supported certificate file encoding formats:

  • DER – Binary encoding

  • PEM – Base64 encoding

Private Key Path

Browse to the directory location of the line certificate private key file (e.g., YourLinesPrivateKey.bin) you wish to use.

Private Key Format

Note: This field is applicable if you are using your own line certificate private key certificate. Otherwise, use the default selection.

Select one of the following IC-supported key file encoding formats:

  • DER – Binary encoding

  • PEM – Base64 encoding

My private key is password protected

Note: This field is applicable if you are using your own certificate/private key. Otherwise, use the default selection.

Select this check box if a password is attached to the private key file.

Password

Enter the private key password.

Transferring certificate files

When transferring a line certificate from one server to another, use the following procedure.

  1. Insert a USB flash drive in the source server, where the certificate was generated.

  2. Browse to the directory on the source server that contains the original certificate to be transferred.

  3. Copy the Line Certificate file (e.g., ICSrvOneLineCertificate.cer) and its Private Key file (e.g., ICSrvOneLinePrivateKey.bin) to the USB drive.

  4. Eject the USB drive from the source server.

  5. Insert the USB drive in the destination IC server, where you want to copy the certificate.

  6. From the SIP/TLS Line Certificates Configuration page in Interaction Administrator, click the Import… button to open the Import Certificate dialog.

  7. In the Import Certificate dialog on the destination server, browse to the locations of the certificate and private key files on the USB drive in the Certificate Path and Private Key Path fields, for example, F:\ICSrvOneLineCertificate.cer and F:\ICSrvOneLinePrivateKey.bin.  

  8. Click OK and you will see the newly generated certificate listed on the SIP/TLS Line Certificates Configuration page.

  9. Delete the certificate and private key files on the USB drive.

  10. Eject the USB drive from the destination server.

  11. Repeat this process for any additional IC servers, using a uniquely generated line certificate for each IC server.

  12. (Recommended) As an additional security procedure, re-format the USB drive:

  • Open My Computer on the desktop

  • Right-click USB Drive and select Format...

  • In the Format USB Drive dialog, select Start.