# Adding TLS to ECC / CURRI Endpoint
Call Telemetry supports TLS on ECC / CURRI Endpoint.
You need to generate a public and private certificate file. You will need to make your own certificate request. Generating the actual certificate is beyond the scope of this tech article. I assume you will come back with .PEM files of a public and private key.
Once created, you need 2 files
- appliance.pem
- appliance_key.pem
# Copy the Cert
Copy them to /home/calltelemetry/cert/ folder on the Call Telemetry server. The easiest and most secure way is to use SFTP on port 2222 to upload the file to the server. Create the folder "cert" under /home/calltelemetry
# Add to Docker, under web:
Add this line to the docker-compose.yml. It will mount the "cert" folder into the docker container, allowing your cert to be used.
web:
image: "calltelemetry/web:0.6.9"
environment:
(...skipped...)
(add these line below)
- CERT_PUBLIC=/home/app/cert/appliance.pem
- CERT_KEY=/home/app/cert/appliance_key.pem
volumes:
- .cert:/home/app/cert
# Restart Docker Service
systemctl restart docker-compose-app.service
# Test with Browser
Open https://calltelemetry-server:8443 (which is the CURRI API) and confirm the certificate is presented correctly with your browser.
# Add the Certificate to Cisco Callmanager Service
- Add the CA Root so that your certifiate is trusted.
# Restart Callmanager Service
# Change ECC Service to HTTPS
Within Callmanager, Change the ECC profile to https://calltelemetry-server:8443 and save