Author Topic: WDE - TLS  (Read 2563 times)

Offline PFCCWA

  • Hero Member
  • *****
  • Posts: 655
  • Karma: -7
WDE - TLS
« on: October 12, 2020, 02:05:14 PM »
Hello,

I have read WDE is able to connect to configuration server using TLS.

[b]From Genesys Security Guide:[/b]
[i]Supporting Components
This section lists the Genesys components that currently support TLS and on what connections.[b] For detailed information about TLS support by Genesys components, see the corresponding product documentation.[/b]
Workspace Desktop Edition (formerly known as Interaction Workspace) Components
Secure data exchange is supported on the following Workspace Desktop Edition connections:
• Between Workspace Desktop Edition and Stat Server
• Between Workspace Desktop Edition and T-Server
• Between Workspace Desktop Edition and Configuration Server
Workspace Desktop Edition can connect to any Genesys application configured for TLS, and whose Host is assigned a certificate.[/i]

What i cannot find is how this is achieved or whether i should just follow general Genesys to Genesys application guide to configuring TLS?

If i check the WDE Deployment Guide it refers me back to the Security Guide.
[i]Transport Layer Security (TLS)
Workspace supports Transport Layer Security (TLS), which is a cryptographic protocol that provides security and data integrity for communications over networks such as the Internet. TLS encrypts the segments of network connections at the transport layer from end to end. [b]For more information about TLS, refer to the Genesys TLS Configuration chapter of the Genesys 8.1 Security Deployment Guide[/b][/i]

So to achieve this, do i follow the 'Secure Connections (TLS) chapter of the security guide?  the 'Simple TLS on UNix' seems to be our configuration (WDE on virtual environment, CS on Unix).

thanks,

Offline cavagnaro

  • Administrator
  • Hero Member
  • *****
  • Posts: 7641
  • Karma: 56330
Re: WDE - TLS
« Reply #1 on: October 13, 2020, 01:29:14 AM »
You implement TLS on the server, not on the client

Offline keisim

  • Newbie
  • *
  • Posts: 4
  • Karma: 0
Re: WDE - TLS
« Reply #2 on: October 29, 2020, 07:09:37 PM »
First, as [b]cavagnaro[/b] mentioned, you need to configure an additional Auto Detect (Upgrade) port in Config Server, and configure the certificates, preferably at the Host level.

Then on the WDE workstation you need to import the CA certificate into the Local Machine or Current User certificate store. I was using Current User because I had mutual TLS configured, so I had to import the client certificate anyway.

Additionally, you set [i]ssl-version[/i] to [i]TLS1.2[/i] in [b]interactionworkspace.exe.config[/b], and TLS to CS encryption should work.
« Last Edit: October 30, 2020, 07:17:31 AM by keisim »

Offline PFCCWA

  • Hero Member
  • *****
  • Posts: 655
  • Karma: -7
Re: WDE - TLS
« Reply #3 on: February 15, 2021, 09:43:19 PM »
Hello,

I am trying to set this up, am sure the correct process has been followed by wont work (states cannot upgrade to TLS connection).
We have WDE v8.5- installed in virtual environment.
Config Server proxy v8.5 (load balanced). All have autodetect configured.
The Trusted CA is defined at host level (under network security/trusted CA field).
The Config Servers are installed in unix host, security pack v85 installed and LD_LIBRARY_PATH defined.
It is a simple TLS i am trying to set up.
So presume no TLS config is required in WDE application object (i did try as well by adding 'tls-=1' and trusted CA path of config server proxy in transport parameter field).
In Config Server proxy, the port is set to autodetect.  CS Proxy host has Trusted CA defined (also tried in port, trusted CA field).
Always the same error in CS Proxy logs
[b][i]21:33:43.021 Std 08102 Secure connection error, 'SC(12): Error performing SSL handshake'
Secure connection error, SC(12): Error performing SSL handshake
@21:33:43.0215 SC(12): OpenSSL reported errors:
@21:33:43.0216 error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher[/i][/b]

thanks

Offline gen_den

  • Full Member
  • ***
  • Posts: 176
  • Karma: 0
Re: WDE - TLS
« Reply #4 on: September 01, 2021, 06:35:00 PM »
Hello PFCCWA,

were you able to achieve this WDE-TLS connection?

I need to enable the TLS between WDE SIP endpoint and SIP server and I am also struggling same.