Configure connections with TLS and authentication
From Genesys Documentation
This topic is part of the manual Genesys Web Services and Applications Private Edition Guide for version Current of Genesys Web Services and Applications.
Contents
Learn how to configure Transport Layer Security and authentication for connections to third-party services and non-containerized Genesys servers.
Related documentation:
RSS:
Genesys Web Services and Applications (GWS) supports secure connections to third-party services and legacy Genesys servers using Transport Layer Security (TLS) version 1.2.
To enable TLS, you must download and unpack the gws-services Helm chart locally. Next, create any required certificates for the services and put the truststores under the gws-services directory of the unpacked chart. For example: gws-services/crts/gwsPlatformSettingPostgresTrustore.p12. Following this example, the setting for the PostgreSQL truststore would be:secretsTls.postgres.truststores.gws-plaftom-setting-postgres-truststore: crts/gwsPlatformSettingPostgresTrustore.p12Important
When you Deploy GWS Services, make sure to point to your local files during the installation.TLS for third-party services
GWS supports TLS connections to the third-party services Redis, PostgreSQL, and Elasticsearch. To enable TLS for these services, set the following parameters in the values.yaml file:
- gwsServices.gwsAppProvisioning.postgres.enableTls
- postgres.enableTls
- elasticSearch.enableTls
- redis.enableTls
Redis
| Parameter | Description | Valid values | Default |
|---|---|---|---|
| secretsTls.redis.enabled | Specifies whether a Kubernetes secret is created for the TLS connection to the Redis cluster. | true or false | false |
| secretsTls.redis.truststores.gws-platform-datacollector-redis-truststore | The Redis client truststore path for the GWS Data Collector Service. | A valid path to the truststore file, relative to the gws-services directory. | "" |
| secretsTls.redis.truststores.gws-platform-ixn-redis-truststore | The Redis client truststore path for the GWS Interaction Service. | A valid path to the truststore file, relative to the gws-services directory. | "" |
| secretsTls.redis.truststores.gws-app-workspace-redis-truststore | The Redis client truststore path for the GWS Workspace Service. | A valid path to the truststore file, relative to the gws-services directory. | "" |
| secretsTls.redis.truststores.gws-app-provisioning-redis-truststore | The Redis client truststore path for Agent Setup. | A valid path to the truststore file, relative to the gws-services directory. | "" |
| secretsTls.redis.truststores.gws-platform-voice-redis-truststore | The Redis client truststore path for the GWS Voice Service. | A valid path to the truststore file, relative to the gws-services directory. | "" |
| secretsTls.redis.passwords.gws-platform-datacollector-redis-truststore-password | The Redis client truststore password for the GWS Data Collector Service. | A valid password | "" |
| secretsTls.redis.passwords.gws-platform-ixn-redis-truststore-password | The Redis client truststore password for the GWS Interaction Service. | A valid password | "" |
| secretsTls.redis.passwords.gws-app-workspace-redis-truststore-password | The Redis client truststore password for the GWS Workspace Service. | A valid password | "" |
| secretsTls.redis.passwords.gws-app-provisioning-redis-truststore-password | The Redis client truststore password for Agent Setup. | A valid password | "" |
| secretsTls.redis.passwords.gws-platform-voice-redis-truststore-password | The Redis client truststore password for the GWS Voice Service. | A valid password | "" |
PostgreSQL
| Parameter | Description | Valid values | Default |
|---|---|---|---|
| secretsTls.postgres.enabled | Specifies whether a Kubernetes secret is created for the TLS connection to PostgreSQL. | true or false | false |
| secretsTls.postgres.truststores.gws-platform-setting-postgres-truststore | The PostgreSQL client truststore path for the GWS Setting Service. | A valid path to the truststore file, relative to the gws-services directory. | "" |
| secretsTls.postgres.passwords.gws-platform-setting-postgres-truststore-password | The PostgreSQL client truststore password for the GWS Setting Service. | A valid password | "" |
| secretsTls.postgresprovisioning.enabled | Specifies whether a Kubernetes secret is created for the Agent Setup TLS connection to PostgreSQL. | true or false | false |
| secretsTls.postgresprovisioning.truststores.gws-app-provisioning-postgres-truststore | The PostgreSQL client truststore path for Agent Setup. | A valid path to the truststore file, relative to the gws-services directory. | "" |
| secretsTls.postgresprovisioning.passwords.gws-app-provisioning-postgres-truststore-password | The PostgreSQL client truststore password for Agent Setup. | A valid password | "" |
Elasticsearch
| Parameter | Description | Valid values | Default |
|---|---|---|---|
| secretsTls.elasticsearch.enabled | Specifies whether a Kubernetes secret is created for the TLS connection to the Elasticsearch cluster. | true or false | false |
| secretsTls.elasticsearch.truststores.gws-platform-datacollector-elasticsearch-truststore | The Elasticsearch client truststore path for the GWS Data Collector Service. | A valid path to the truststore file, relative to the gws-services directory. | "" |
| secretsTls.elasticsearch.passwords.gws-platform-datacollector-elasticsearch-truststore-password | The Elasticsearch client truststore password for the GWS Data Collector Service. | A valid password | "" |
TLS for legacy Genesys servers
GWS supports TLS connections to legacy Genesys servers in a mixed mode environment. GWS uses the Platform SDK to connect to legacy Genesys servers, such as Configuration Server, Interaction Server, T-Server, Universal Contact Server, Stat Server, Chat Server, and Outbound Contact Server.
GWS services use upgrade mode ports for TLS connections between Platform SDK and legacy Genesys services, which means you cannot enable TLS in the GWS values.yaml file. Instead, configure the TLS parameters in Configuration Server.
You must also define the following truststore paths and passwords in the GWS values.yaml file:
Truststore paths
| Parameter | Description | Valid values | Default |
|---|---|---|---|
| psdk.enabled | Specifies whether a Kubernetes secret is created for TLS connections to legacy Genesys servers. | true or false | false |
| psdk.truststores.gws-platform-configuration-psdk-truststore | The PSDK client truststore path for the GWS Configuration Service. | A valid path to the truststore file, relative to the gws-services directory. | "" |
| psdk.truststores.gws-platform-ixn-psdk-truststore | The PSDK client truststore path for the GWS Interaction Service. | A valid path to the truststore file, relative to the gws-services directory. | "" |
| psdk.truststores.gws-platform-chat-psdk-truststore | The PSDK client truststore path for the GWS Chat Service. | A valid path to the truststore file, relative to the gws-services directory. | "" |
| psdk.truststores.gws-platform-ucs-psdk-truststore | The PSDK client truststore path for the GWS UCS Service. | A valid path to the truststore file, relative to the gws-services directory. | "" |
| psdk.truststores.gws-platform-voice-psdk-truststore | The PSDK client truststore path for the GWS Voice Service. | A valid path to the truststore file, relative to the gws-services directory. | "" |
| psdk.truststores.gws-platform-statistics-psdk-truststore | The PSDK client truststore path for the GWS Statistics Service. | A valid path to the truststore file, relative to the gws-services directory. | "" |
| psdk.truststores.truststores.gws-platform-datacollector-psdk-truststore | The PSDK client truststore path for the GWS Data Collector Service. | A valid path to the truststore file, relative to the gws-services directory. | "" |
| psdk.gws-platform-ocs-psdk-truststore | The PSDK client truststore path for the GWS OCS Service. | A valid path to the truststore file, relative to the gws-services directory. | "" |
Truststore passwords
| Parameter | Description | Valid values | Default |
|---|---|---|---|
| psdk.passwords.gws-platform-configuration-psdk-truststore-password | The PSDK client truststore password for the GWS Configuration Service. | A valid password | "" |
| psdk.passwords.gws-platform-ixn-psdk-truststore-password | The PSDK client truststore password for the GWS Interaction Service. | A valid password | "" |
| psdk.passwords.gws-platform-chat-psdk-truststore-password | The PSDK client truststore password for the Chat Service. | A valid password | "" |
| psdk.passwords.gws-platform-ucs-psdk-truststore-password | The PSDK client truststore password for the UCS Service. | A valid password | "" |
| psdk.passwords.gws-platform-voice-psdk-truststore-password | The PSDK client truststore password for the GWS Voice Service. | A valid password | "" |
| psdk.passwords.gws-platform-statistics-psdk-truststore-password | The PSDK client truststore password for the GWS Statistics Service. | A valid password | "" |
| psdk.passwords.gws-platform-datacollector-psdk-truststore-password | The PSDK client truststore password for the GWS Data Collector Service. | A valid password | "" |
| psdk.passwords.gws-platform-ocs-psdk-truststore-password | The PSDK client truststore password for the GWS OCS Service. | A valid password | "" |
Comments or questions about this documentation? Contact us for support!