Skip to content

Adding TLS to CURRI API Endpoint

Call Telemetry supports TLS on Extended Call Control CURRI API Endpoints.

You need to generate a public and private certificate file. You will need to make your own certificate request. Generating the actual certificate is beyond the scope of this tech article. I assume you will come back with .PEM files of a public and private key.

They can be any name, but for this example, I will use:

  • appliance.pem (public certificate)
  • appliance_key.pem (private key)

Copy the Certificate to the Call Telemetry Server

Copy them to /home/calltelemetry/cert/ folder on the Call Telemetry server. The easiest and most secure way is to use SFTP on port 2222 to upload the file to the server. Create the folder "cert" under the /home/calltelemetry folder.

Update the Docker Compose File

Add this line to the docker-compose.yml. It will mount the "cert" folder into the docker container, allowing your cert to be used.

web:
    image: "calltelemetry/web:0.6.9"
    environment:
      (...skipped...)
      (add these line below)
      - CERT_PUBLIC=/home/app/cert/appliance.pem
      - CERT_KEY=/home/app/cert/appliance_key.pem
    volumes:
      - .cert:/home/app/cert

Restart Docker Service

systemctl restart docker-compose-app.service

Verify the Certificate

Open https://calltelemetry-server:8443 (which is the CURRI API) and confirm the certificate is presented correctly with your browser. screenshot showing new certificate in a browser

Enabling TLS on Cisco Callmanager

You will need to add the certificate to the Cisco Callmanager service as a trusted certificate.

Follow these steps to enable TLS on the Cisco Callmanager.

  • Go to Cisco Callmanager, OS Administration, Security
  • Go to Certificate Management
  • Upload the certificate file into the Callmanager Store
  • Upload applicable CA Roots so that your certifiate is trusted.
  • Restart Callmanager Service

Change ECC Service to HTTPS

Within Cisco Callmanager, open your Extended Call Control Profile and change the profile address to https://calltelemetry-server:8443 and save the profile.