I've been investigating the security options within the Genesys Platform actually just as the latest Tech Tutorial was coming up.
I've been able to enable mutual-tls between GAX and Config Server, Message Server and SCS correctly, but was looking to do the same with Genesys Administrator (version 8.1.311.03) but have limited success.
If I define tls-mutual=0 on the ports for Config Server and SCS then a secure connection is successfully made, but if I attempt to have tls-mutual=1, then it fails to connect.
I have updated. the Web.Config for GA with the below (thumbprint partially masked):
<!-- Client certificate thumbprint which will be using for establishing of GA secured connections in mutual mode -->
<add key="ClientCertificate" value="8e ee cb 9....... 0c 7d a3 f9" />
- When reviewing the GA logs, it doesn't looks like this is even used when connecting to Config Server. Additionally when I check the config server logs I see the below, which I worked out during the GAX work meant there was no certificate being offered back from the client (GA in this case). For GAX it was because I missed the
mf_tls_mutual=true
option in gax.properties.
error 8009030e querying client certificate
No credentials are available in the security package
- When connecting to SCS, I can see the below in the GA logs. It doesn't note if it found the certificate, which I've tried making available at the Local Machine and Local User store in Windows, and given I have pretty much the same settings for GAX, would hope it would work.
2019-03-14 19:48:32,826 [5] DEBUG App.Monitoring.Management.GScsNetConnection [Jason McLennan] - The client certificate thumbprint '8e ee cb.....7d a3 f9' is retrieved from settings
2019-03-14 19:48:32,858 [Genesyslab.PCT.Invoker.AbstractChannelDefault] INFO App.Monitoring.Management.GScsNetConnection [(Unauthenticated user)] -
SCS connection -842452685 is broken: protocol has been closed
2019-03-14 19:48:32,858 [Genesyslab.PCT.Invoker.AbstractChannelDefault] INFO App.Monitoring.Management.GScsNetConnection [(Unauthenticated user)] -
SCS connection closing reason: Exception occured during channel opening
2019-03-14 19:48:32,858 [Genesyslab.PCT.Invoker.AbstractChannelDefault] INFO App.Monitoring.Management.GScsNetConnection [(Unauthenticated user)] -
SCS connection closing details: Authentication failed because the remote party has closed the transport stream
.
Is mutual TLS even an option for either of these connections in GA?
#PlatformAdministration#Security------------------------------
Jason Mclennan
Commonwealth Bank of Australia
------------------------------