Realtime Call Policy Engine for Cisco Callmanager

# Adding TLS to ECC / CURRI Endpoint

Call Telemetry supports TLS on ECC / CURRI Endpoint.

You need to generate a public and private certificate file. You will need to make your own certificate request. Generating the actual certificate is beyond the scope of this tech article. I assume you will come back with .PEM files of a public and private key.

Once created, you need 2 files

  • appliance.pem
  • appliance_key.pem

# Copy the Cert

Copy them to /home/calltelemetry/cert/ folder on the Call Telemetry server. The easiest and most secure way is to use SFTP on port 2222 to upload the file to the server. Create the folder "cert" under /home/calltelemetry

# Add to Docker, under web:

Add this line to the docker-compose.yml. It will mount the "cert" folder into the docker container, allowing your cert to be used.

web:
    image: "calltelemetry/web:0.6.9"
    environment:
      (...skipped...)
      (add these line below)
      - CERT_PUBLIC=/home/app/cert/appliance.pem
      - CERT_KEY=/home/app/cert/appliance_key.pem
    volumes:
      - .cert:/home/app/cert

# Restart Docker Service

systemctl restart docker-compose-app.service

# Test with Browser

Open https://calltelemetry-server:8443 (which is the CURRI API) and confirm the certificate is presented correctly with your browser. secure_shot

# Add the Certificate to Cisco Callmanager Service

  • Add the CA Root so that your certifiate is trusted.

# Restart Callmanager Service

# Change ECC Service to HTTPS

Within Callmanager, Change the ECC profile to https://calltelemetry-server:8443 and save

Load Testing CURRI Call Capacity