Genesys Cloud - Main

I am trying to configure Audiohook  for my Dev Genesys and Verint environment. We have it configured in genesys pointing to a url that points to a outside IP in my firewall. that is then NAT'd to the internal Verint server. The Verint recorder server has the auth ID's from Genesys.  In this scenerio, where do i load the certificate for the URL? In my prod environment, we have a load balancer where the cert lives but thats not an option in my DEV environments. thanks for any help.

Hello Edward, 

Audiohook config in a dev environment can be tricky but since you're using a direct connection through NAT without a LB I have a couple of ideas for handling the SLL cert. 

1. The cert should be installed on the Verint recorder server itself, since this is the endpoint thats actually terminating the TLS connection. This is because Audiohook uses websockets over TLS as its transport protocol.
2. You need to make sure that the cert is valid for the external URL that Genesys is pointing to, the cert is properly trusted in the chain of trust and that the private key is securly stored on the Verint recorder server. 

NAT'ing the traffic you need to make sure the cert's Common Name or Subject Alternative Name matches the external URL that Genesys is using to connect and the Verint web server configuration should be configured to use this cert for the HTTPS/WSS connections. 

Since you are using a dev environment and most likely a self-signed cert I would double check to make sure its added to the trust store in your Genesys org as well. 

Hope this helps!

I am trying to configure Audiohook  for my Dev Genesys and Verint environment. We have it configured in genesys pointing to a url that points to a outside IP in my firewall. that is then NAT'd to the internal Verint server. The Verint recorder server has the auth ID's from Genesys.  In this scenerio, where do i load the certificate for the URL? In my prod environment, we have a load balancer where the cert lives but thats not an option in my DEV environments. thanks for any help.

Thanks Cameron! the cert is a digicert one and the CN is the public url and it has sans with the hostname and installed in the personal cert store on the host. Is that the correct certstore?

Hello Edward, 

Audiohook config in a dev environment can be tricky but since you're using a direct connection through NAT without a LB I have a couple of ideas for handling the SLL cert. 

1. The cert should be installed on the Verint recorder server itself, since this is the endpoint thats actually terminating the TLS connection. This is because Audiohook uses websockets over TLS as its transport protocol.
2. You need to make sure that the cert is valid for the external URL that Genesys is pointing to, the cert is properly trusted in the chain of trust and that the private key is securly stored on the Verint recorder server. 

NAT'ing the traffic you need to make sure the cert's Common Name or Subject Alternative Name matches the external URL that Genesys is using to connect and the Verint web server configuration should be configured to use this cert for the HTTPS/WSS connections. 

Since you are using a dev environment and most likely a self-signed cert I would double check to make sure its added to the trust store in your Genesys org as well. 

Hope this helps!

I am trying to configure Audiohook  for my Dev Genesys and Verint environment. We have it configured in genesys pointing to a url that points to a outside IP in my firewall. that is then NAT'd to the internal Verint server. The Verint recorder server has the auth ID's from Genesys.  In this scenerio, where do i load the certificate for the URL? In my prod environment, we have a load balancer where the cert lives but thats not an option in my DEV environments. thanks for any help.

Hello Edward, 

Since you are using a digicert certificate the personal cert store on the host is not the best place, at least for this use case. 

Since this is for your server auth the cert should be the cert should be stored in the Computers Personal Store (local -> computer -> personal) AND the root CA cert should be in the trusted root cert authorities store. 

Cheers,

Thanks Cameron! the cert is a digicert one and the CN is the public url and it has sans with the hostname and installed in the personal cert store on the host. Is that the correct certstore?

Hello Edward, 

Audiohook config in a dev environment can be tricky but since you're using a direct connection through NAT without a LB I have a couple of ideas for handling the SLL cert. 

1. The cert should be installed on the Verint recorder server itself, since this is the endpoint thats actually terminating the TLS connection. This is because Audiohook uses websockets over TLS as its transport protocol.
2. You need to make sure that the cert is valid for the external URL that Genesys is pointing to, the cert is properly trusted in the chain of trust and that the private key is securly stored on the Verint recorder server. 

NAT'ing the traffic you need to make sure the cert's Common Name or Subject Alternative Name matches the external URL that Genesys is using to connect and the Verint web server configuration should be configured to use this cert for the HTTPS/WSS connections. 

Since you are using a dev environment and most likely a self-signed cert I would double check to make sure its added to the trust store in your Genesys org as well. 

Hope this helps!

I am trying to configure Audiohook  for my Dev Genesys and Verint environment. We have it configured in genesys pointing to a url that points to a outside IP in my firewall. that is then NAT'd to the internal Verint server. The Verint recorder server has the auth ID's from Genesys.  In this scenerio, where do i load the certificate for the URL? In my prod environment, we have a load balancer where the cert lives but thats not an option in my DEV environments. thanks for any help.