Re: AXL security

aleja · ‎11-15-2005

Hi all,

Is it possible to use HTTPS for performing AXL queries to the CallManager?

cheers,

alej

stephan.steiner · ‎11-16-2005

Yes, at least according to the API documentation. I presume the procedure is the same as accessing the devicelist report, that is you need to install the CCM SSL certificate on your machine before you can make any requests, but then it should only be a matter of accessing AXL using https in the url.

aleja · ‎11-16-2005

I found it in the docu for 4.1.x, thanxs! but this would mean we need to enable SSL on the virtual directory CCMAPI, right?

Sascha Monteiro · ‎11-16-2005

Hi,

You don't have to enable it, but you can force it only to use SSL...for security!

aleja · ‎11-16-2005

Ok! Did anybody implement it? Is it realy working? I guess more than one had the concern about Admin password travelling around clear text!

holbech · ‎11-17-2005

Yes it is working... We have an application running using https to 4.1(3) without any probs. We did no changes to ccm. Put certificate on client and https in url.

/C

Sascha Monteiro · ‎11-17-2005

Hi,

We have implemented this ourselves, works fine.

It's just a bit slower due to SSL overhead,

it looks like you cannot keep the socket open

for multiple requests...as if the SOAP server disconnects.. :-(

Oh, the admin password will not travel in clear text if you use normal HTTP, it is base64 encoded..

(although that can be decoded easy..)

aleja · ‎11-21-2005

Great! thanks.