IVR HTTPS configuration guide

Setup SSL certificate for IVR

Setup your SSL certificate (reference)

  1. Launch Internet Information Services (IIS) Manager.
  2. Select your server name (host) where IVR services are installed.
  3. Open Server Certificates under the IIS section.
  4. Import or complete your SSL certificate.

Bind Your Certificate to IVR's websites (reference)

  1. Open Bindings of the website where IVR services are installed.
  2. Add binding for HTTPS:
    • Type: https
    • IP address: All Unassigned
    • Port: 443
    • SSL certificate: Select your SSL certificate.

Make SSL required for IVR services (reference)

  1. Select IVRCompSrv virtual directory.
  2. Open SSL Settings under IIS section.
  3. Enable the Require SSL option, then apply the change with the Apply link in the Actions section.
  4. Repeat step 1-3. for IVRWS and IVRDesigner.

Install your SSL certificate to Trusted Root store

Install your SSL certificate to the Trusted Root Certification Root store.

Configure IVR Engine for HTTPS

Endpoint service

  1. Open Endpoint service configuration file UCMAIVR.exe.config in IVR/EndPoint folder.
  2. Change IVRWS URL to use HTTPS. Set ivrwsurl parameter at /configuration/appSettings/add path to https://[ServerFQDN]/IVRWS/IVRWS.asmx.

IVRCompSrv service

  1. Open IVRCompSrv configuration file Web.config in IVR/IVRCompSrv folder.
  2. Change IVRWS URL to use HTTPS. Set IVRWSUrl parameter at /configuration/compsrv/component/initparameters/param path to <![CDATA[https://[ServerFQDN]/IVRWS/IVRWS.asmx]]>.

License Manager

  1. Open License Manager configuration file LSMgr.exe.config in IVR/LSMgr folder.
  2. Change IVRWS URL to use HTTPS. Set ivrwsurl parameter at /configuration/appSettings/add path to https://[ServerFQDN]/IVRWS/IVRWS.asmx.

Node Service

  1. Open Node Service configuration file NodeService.exe.config in IVR/NodeService folder.
  2. Change IVRWS URL to use HTTPS. Set ivrwsurl parameter at /configuration/appSettings/add path to https://[ServerFQDN]/IVRWS/IVRWS.asmx.

Configure IVR Designer for HTTPS

  1. Open IVRDesigner configuration file Web.config in IVRDesigner folder.
  2. Change the IVRWS URL to use HTTPS. Set address attribute at /configuration/system.serviceModel/client/endpoint path to https://[ServerFQDN]/IVRWS/IVRWS.asmx)

  3. Replace the /configuration/system.serviceModel/bindings/basicHttpBinding/binding/security node to use TLS certificate with the following (reference):

    <security mode="Transport">
    <transport clientCredentialType="None"/>
    <message clientCredentialType="Certificate" algorithmSuite="Default" />
</security>

Add support for TLS 1.2

IVR is using .NET Framework 3.5, 4.0 and 4.5, so TLS 1.2 needs to be configured for these .NET Framework versions. Execute the following steps to configure TLS 1.2 for all required .NET Framework version.

Enable TLS 1.2 on Windows Servers (source)

  1. Launch regedit.exe.

  2. In registry, go to:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols

  3. Create a new key entry with a name TLS 1.2 and create another subkey Client and Server.

  4. Under the subkey Server (an under subkey Client if it is required on your server), create another DWORD Enabled with a value of 1.

  5. Still under the subkey Server, create a DWORD DisabledByDefault with a value of 0.

  6. You must create a subkey DisabledByDefault entry in the appropriate subkey (Client, Server) and set the DWORD value to 0 since this entry is set to 1 by default.

  7. Reboot the server and test.

Enable TLS 1.2 for .NET Framework 3.5 (source)

  1. Launch regedit.exe.

  2. Go to:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727

  3. Create a new entry SystemDefaultTlsVersions with a DWORD value set to 1.

  4. Create a new entry SchUseStrongCrypto with a DWORD value set to 1.

  5. Go to:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319

  6. Create a new entry SystemDefaultTlsVersions with a DWORD value set to 1.

  7. Create a new entry SchUseStrongCrypto with a DWORD value set to 1.

  8. For 64-bit OS, the same changes also needed for the following locations:

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727

  9. Create a new entry SystemDefaultTlsVersions with a DWORD value set to 1.

  10. Create a new entry SchUseStrongCrypto with a DWORD value set to 1.

  11. Go to:

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319

  12. Create a new entry SystemDefaultTlsVersions with a DWORD value set to 1.

  13. Create a new entry SchUseStrongCrypto with a DWORD value set to 1.

  14. Test.

Note

Before disabling TLS 1.0 or TLS 1.1 protocols on the server, make sure Management Service connection is configured properly in the configuration of the IVRCompSrv service.

Sorry, your browser does not support inline SVG. article updatedarticle updated3/28/2022 4:35:51 PM (UTC)3/28/2022 4:35:51 PM (UTC)