Configuring Secure JTAPI
- Daniel Balog
Follow the guide below to configure secure JTAPI connection between the Verba and the Cisco systems.
Cisco UCM configuration
CUCM security
The secure JTAPI configuration requires the CUCM to be in mixed mode. For the necessary configuration steps, refer to the official Cisco configuration guide: CUCM Mixed Mode with Tokenless CTL
Service activation
Check if the Certificate Authority Proxy Function (CAPF), Certificate Trust List Provider (CTL), and CTIManager services are activated.
Step 1 - Open the Cisco Unified Serviceability Navigation > Cisco Unified Serviceability > Go.
Step 2 - Open the Tools > Service activation
Step 3 - Select the server(s) and press Go
Step 4 - Make sure that both Cisco CTL Provider and Cisco Certificate Authority Proxy Function are activated.
Step 5 - If the functions were not active, restart the CUCM server. You will now have CCM listening on TCP port 2443 for secure SCCP connections and CTIManager listening on 2749 for secure JTAPI/QBE connections.
Create/Configure the application user
Step 1 - Open the Cisco Unified CM Administration Navigation > Cisco Unified CM Administration > Go.
Step 2 - Create an application user based on Creating an application user for the JTAPI connection
Step 3 - On the User Management / Application User / Application User Configuration add the user to the groups' CTI Enabled, CTI Secure Connection, and CTI Allow Reception of SRTP Key Material under Permissions Information for the user.
Adding the user to the Secure CTI and SRTP Key Material groups mean that this JTAPI user will ONLY be allowed to connect on the secure port of 2749 using certs.
Step 4 - Under Users > User Settings > Application User CAPF Profile select Add new.
Each instance of the Verba Cisco JTAPI Service must have its own CAPF profile. If more than one server is configured, the process of configuring the CAPF profile has to be repeated for each of them.
Select the correct application user, define an Instance ID, and select the certificate operation of Install / Upgrade, and save. The Certificate Operation Status will be Operation Pending
Verba server configuration
Configure the secure connection on the Verba server
Step 1 - Go to Applications > Plugins, and download the JTAPI client for your operating system
Step 2 - Install the downloaded client on the server and start the JTAPI preferences tool
Step 3 - Configure the Cisco Unified tab with the IP of the CUCM and the log folder on the Log Destination tab
Step 4 - On the Security tab, enable security tracing and configure the fields according to the environment, check the Enable Secure Connection and press OK.
Step 5 - Check the \lib\ folder for a JtapiClientKeyStore file. If the file is created, the Certificate Operation Status in CUCM will change.
Step 6 - Copy the JTAPI.ini file to Verba\bin folder overwriting the original. The file contains the SecurityProperty description for the location of the certificate.
Step 7 - In the Verba Web Interface go to System > Servers > Select your Recording (or Single) Server > Service Control tab, and start/restart the Verba Cisco JTAPI Service.
Step 8 - Verify the connection