# Adding TLS to CURRI API Endpoint
Call Telemetry supports TLS on Extended Call Control CURRI API Endpoints.
You need to generate a public and private certificate file. You will need to make your own certificate request. Generating the actual certificate is beyond the scope of this tech article. I assume you will come back with .PEM files of a public and private key.
They can be any name, but for this example, I will use:
- appliance.pem (public certificate)
- appliance_key.pem (private key)
# Copy the Certificate to the Call Telemetry Server
Copy them to /home/calltelemetry/cert/ folder on the Call Telemetry server. The easiest and most secure way is to use SFTP on port 2222 to upload the file to the server. Create the folder "cert" under the /home/calltelemetry folder.
# Update the Docker Compose File
Add this line to the docker-compose.yml. It will mount the "cert" folder into the docker container, allowing your cert to be used.
web:
image: "calltelemetry/web:0.6.9"
environment:
(...skipped...)
(add these line below)
- CERT_PUBLIC=/home/app/cert/appliance.pem
- CERT_KEY=/home/app/cert/appliance_key.pem
volumes:
- .cert:/home/app/cert
# Restart Docker Service
systemctl restart docker-compose-app.service
# Verify the Certificate
Open https://calltelemetry-server:8443 (which is the CURRI API) and confirm the certificate is presented correctly with your browser.
# Enabling TLS on Cisco Callmanager
You will need to add the certificate to the Cisco Callmanager service as a trusted certificate.
Follow these steps to enable TLS on the Cisco Callmanager.
- Go to Cisco Callmanager, OS Administration, Security
- Go to Certificate Management
- Upload the certificate file into the Callmanager Store
- Upload applicable CA Roots so that your certifiate is trusted.
- Restart Callmanager Service
# Change ECC Service to HTTPS
Within Cisco Callmanager, open your Extended Call Control Profile and change the profile address to https://calltelemetry-server:8443 and save the profile.