Xactview + SSL + Active Directory
Some customers needs to use SSL on Xactview and also some of them syncs their users with Active Directory, this guide will shows how to enable SSL and a fix for the known issue when syncing AD users.
We need to verify that Xactview server is running (Admin > iSymphonyV3) we should see something like this:
We need to be running a valid certificate, I will use my domain:
mypbx.rocks with LetsEncrypt as an example.
We are going to run these commands on the CLI: (be sure to replace mypbx.rocks for the customer's fqdn)
openssl pkcs12 -export -in /etc/asterisk/keys/mypbx.rocks/fullchain.pem -inkey /etc/asterisk/keys/mypbx.rocks/private.pem -name isymphony -out isymphony.pkcs12 |
That command is going to ask you for a password, you will have to re-submit the password. I used abc1234 as a password.
keytool -importkeystore -deststorepass isymphony -destkeypass isymphony -destkeystore isymphony.jks -srckeystore isymphony.pkcs12 -srcstoretype PKCS12 -alias isymphony |
That command is going to convert the pcks12 file into a jks file (needed by iSymphony)
You need to copy the jks file into /opt/xactview3/server/conf/ so run this command:
cp ./isymphony.jks /opt/xactview3/server/conf |
We need to edit security.xml you will find that file on /opt/xactview3/server/conf
We are going to replace line 5 ( <SSLKeystore filename="" keystorePassword="" keyPassword="" certAlias="" /> ) with this line:
Also, as we need to access to the Administrator Panel and the Client Panel we are going to search for the servlets, you will need replace
<SSL enabled="false" /> to <SSL enabled="true" /> only on the servlets you need to have access.
In this example I only enabled it on servlets "client" and "administrator" (at the bottom of the file)
Client servlet:
Administrator servlet:
We save the file and we restart the service with: service XactViewServerV3 restart
Now, we are almost done, you need to go again to Admin > iSymphonyV3 and change the port (default is 58080, SSL uses 55050) also, you need to check "Use SSL" at the Server API Connection Settings.
That means customer needs to open port 55050 on his router in order to be able to access from outside the box.
After that, XactView should be working from outside using SSL =)
Finally, if the customer is using AD, you need to do this:
Edit file /opt/xactview3/server/jvm.args and add this inside:
If your XactView does not have ssl configured, change the port to "80" and protocol to "http" respectively.
Finally, you need to restart the service in order to apply the changes, after that AD users should be able to login to your XactView.