Authentication
When a secure connection is desired, a HTTPS URI must be configured in the External Call Control Profile.
When HTTPS is provisioned, Unified CM uses mutual authentication with a self-signed certificate or a CA issued certificate to communicate to the web service. Unified CM conducts the following verifications when authenticating the server:
- Verification of host - Checks if the certificate subject name matches the host name of the server.
- Verification of peer - Checks if the signature of the certificate is issued by the trust CA in the trust store, or if it matches the imported certificates in the trust store for a self-signed certificate.
Certificate and Key
Generation and Exchange
If mutual authentication using self-signed certificates is required, the Unified CM administrator should generate the required certificate for the web service to import. The administrator of the web service should also generate the certificate for Unified CM to import.
Certificate Format
All certificates must be in Privacy Enhanced Mail (PEM) format or convertible to PEM format.
Transport Layer Security Version
Unified CM supports Transport Layer Security (TLS) for HTTPs connections.
Cipher Specification
In mutual authentication both Unified CM and the web service send the change cipher specification message to notify the receiving party that subsequent records are protected under the just-negotiated CipherSpec and keys.
The following Cipher Spec is supported in Unified CM for external call control:
Cipher Spec: TLS_RSA_WITH_AES_256_CBC_SHA (0x000035)