Encryption Option

Use the Management Console to select a certificate for Ivanti Voice to use to encrypt sensitive data such as user names and passwords used to connect to Ivanti Voice. The certificates are managed by Windows and in most cases users use the default certificate; however, you can also opt to encrypt passwords using a third-party certificate.

  1. In the Management Console, from the View menu, select Options. The Options dialog box opens.
  2. Click the Certificate tab.
  3. Select the Encrypt sensitive information check box if you want to use encryption.
  4. In the Encryption Certificate area, select one of the following:
    • Use user’s default certificate - Select this option to protect the settings using your Windows account security.
    • Select certificate from the list - Select this option if you have a certificate you want to use instead of the certificate Windows generates automatically, then select a certificate from the list.
  5. Click OK.

Adding Encryption to TCP Connections

Ivanti Voice currently supports the encryption of two TCP Connections: Foundation Sync server to message server and VxAgent to AppPart.

Adding Encryption to the Connection Between the Foundation Sync Server and the Message Server.

Enable encryption for the connection between the Foundation Sync server and the message server.

  1. Change the UseTLS flag to true:
    1. Navigate to the hostconfiguration.xml file found in your installation data folder.

      For example, most users' installation files can be found at C > Program Files(x86) > Ivanti > IP Communications Management > Data.

    2. Open the HostConfiguration.xml file using a text editor.
    3. Under Foundation Sync Service, find the UseTLS attribute.
    4. Set the value of UseTLS to True.
  2. Create a .cer certificate and set the hostname to localhost.
  3. Add the certificate to the Certificates folder of the installation directory:
    1. Usually found at C: > Program Files(x86) > Ivanti > IP Communications Management > Data > Certificates.
    2. Give the certificate local service permission; both server and client services are running with local service account.
    3. Make note of the certificate file path.
  4. Add the certificate in the personal and trusted root certification authorities sections of Microsoft Management Console.
  5. Link the certificate file path in the hostconfiguration.xml file under InternalCertificate.
    1. Navigate to the hostconfiguration.xml file found in your installation data folder.

      2. Most users' installation files can be found at C > Program Files(x86) > Ivanti > IP Communications Management > Data.

    2. Open the hostconfiguration.xml file using a text editor.
    3. Under InternalCertificate, add the certificate file path.

Adding Encryption to the Connection Between VxAgent and AppPart

Enable encryption for the connection between VxAgent and AppPart.

  1. Change the UseTLS flag to true:
    1. Navigate to the hostconfiguration.xml file found in your installation data folder.

      2. Most users' installation files can be found at C > Program Files(x86) > Ivanti > IP Communications Management > Data.

    2. Open the hostconfiguration.xml file using a text editor.
    3. Under Foundation Sync Service, find the UseTLS attribute.
    4. Set the value of UseTLS to True.
  2. Add the certificate and key files to the Certificates folder of the installation directory:
    1. Usually found at C: > Program Files(x86) > Ivanti > IP Communications Management > Data > Certificates.
    2. Make note of the certificate file path.
  3. Link the certificate file path in the hostconfiguration.xml file under Certificate.
    1. Navigate to the hostconfiguration.xml file found in your installation data folder.

      2. Most users' installation files can be found at C > Program Files(x86) > Ivanti > IP Communications Management > Data.

    2. Open the hostconfiguration.xml file using a text editor.
    3. Under Certificate, add the certificate file path.