Server Certificate Configuration

Certificates signed from Trusted Certified Authority are required to run Voice Server applications in Secure mode. The servers exchange these certificates with clients during a TLS handshake while establishing secure connections. Currently, the Message Server and IIS on the machine hosting Ivanti Voice need these certificates to run in a secure mode.

This certificate is not same as the cloud certificate used for the tenant in case of SaaS integration. A separate SSL certificate signed by Certified Authority needs to be purchased (if already not available) for the domain to host Voice Server in Secure mode.

Converting Certificate to PEM format using openssl

To convert a PFX file to separate public and private key PEM files (Used by message server to host websocket connection for Voice toolbar in SaaS Integration (Ivanti Service Manager):

Extracts the private key from a PFX to a PEM file:

openssl pkcs12 -in filename.pfx -nocerts -out key.pem -nodes

Exports the certificate (includes the public key only):

openssl pkcs12 -in filename.pfx -nokeys -out cert.pem -nodes

Configuring Server Certificates in Host Configuration

The path for the certificates and key files can be configured at <install_dir>\Data\Hostconfiguration.xml under the attributes "CertFile" and "KeyFile" of the Certificate element.

The <install_dir> is usually C:\Program Files\Ivanti\IP Communications Management.

Example

<Host>

<Database Connection="Provider=SQLOLEDB;Data Source=(local);Initial Catalog=IPCM_1;User ID=sa;Password=sa" LogWSLocalPort="7773" LogConnection="Provider=SQLOLEDB;Data Source=(local);Initial Catalog=IPCM_1;User ID=sa;Password=sa">

</Database>

<Certificate CertFile="Certificate Dir/cert.pem" KeyFile="Certificate Dir/key.pem">

</Certificate>

<Host>