Skip to main content
  • Products
    • Overview
    • Features
    • Screen Capture
    • Agent evaluation / score cards
    • Speech Analytics
    • Recording Announcement
    • Videos
    • Online demo
    • Quote
    • Download
  • Solutions
    • Businesses
    • Contact centers
    • Financial institutions
    • Healthcare
    • MiFID II compliance
    • Telecom service providers
    • Traders
  • Compatibility
    • AudioCodes
    • Avaya
    • BroadSoft
    • Cisco
    • Genband
    • IPC
    • Metaswitch
    • Oracle AcmePacket
    • SIPREC recording
    • Sonus
  • Documentation
    • User Guide
    • Administration Guide
    • Developer Guide
    • MiaRec v.3 (old) documentation
    • Resource library
    • Videos
  • Support
    • Submit a request
    • Check your existing requests
    • TeamViewer QuickSupport
  • Blog
  • Company
    • About MiaRec
    • Contact us
    • Our clients
    • Become a partner
    • News
    • Careers
    • Events

Table of Content

  • Administration Guide
    • Hardware requirements
      • Overview
      • All-in-one server
      • Decoupled architecture
      • Decoupled with GEO-redundancy
      • Disk space requirements
    • Installation
      • Ansible-based installation on Linux
        • Overview
        • 1. Prepare controller host
        • 2. Prepare target hosts
        • 3. Configure deployment
        • 4. Run playbooks
        • 5. Verify MiaRec operation
      • VMWare OVA template-based installation
      • Deploying MiaRec on Amazon AWS (up to 2,000 users)
        • 1. Network architecture
        • 2. Create VPC
        • 3. Create EC2 instances
        • 4. Configure Elastic IP address
        • 5. Install MiaRec software on EC2 instance
        • 6. Configure Route 53 DNS Failover for web traffic
        • 7. Configure DNS SRV for SIPREC traffic
        • 8. Configure SIPREC recording
        • 9. Configure automatic file relocation to Amazon S3
        • 10. Configure MiaRec replication
        • 11. Configure HTTPS for web server
        • 12. Configure CloudWatch monitoring
        • 13. Disaster recovery plan
      • Installation on Windows
        • Install MiaRec software
    • Update
      • Ansible-based update on Linux
      • Migrate from manual to Ansible-based setup
    • Post-installation tasks
      • Firewall configuration
      • Enable HTTPS for MiaRec Web portal
        • Setup free SSL certificate for MiaRec using Let's Encrypt (Ubuntu 14.04)
        • Setup free SSL certificate for MiaRec using Let's Encrypt (Centos 6/7)
        • Setup SSL certificate for MiaRec Web portal on Centos
    • Phone system integration
      • Avaya Aura call recording
        • Avaya TSAPI DMCC recording
          • 1. Introduction
          • 2. Configure Avaya Communication Manager
          • 3. Configure Avaya Application Enablement Services
          • 4. Configure MiaRec Call Recording System
          • 5. Verification and Troubleshooting
          • 6. Additional references
        • Avaya TSAPI passive recording
          • 1. Introduction
          • 2. Network Configuration
          • 3. Configure Avaya Communication Manager
          • 4. Configure Avaya Application Enablement Services
          • 5. Configure MiaRec Call Recording System
          • 6. Verification
          • 7. Additional references
      • Avaya SBCE SIPREC call recording
        • 01. How it works
        • 02. Access Avaya SBCE web interface
        • 03. Add Server Configuration Profile
        • 04. Add Routing Profile for Recording Server
        • 05. Define Application Rules
        • 06. Define Media Rules
        • 07. Configure UCID
        • 08. Define End Point Policy Group
        • 09. Define Session Policies
        • 10. Define Session Flows
        • 11. Define Server Flows
        • 12. Configure MiaRec SIPREC recordging interface
      • Broadsoft call recording
        • Broadsoft SIPREC recording
      • Cisco CUBE SIPREC call recording
        • Cisco CUBE SIPREC configuration
        • MiaRec SIPREC configuration
      • Cisco UCM call recording
        • Cisco active recording (Built-in-Bridge)
          • Overview
          • Cisco phones supporting Built-in-Bridge feature
          • Configure CUCM
            • Create SIP profile for recorder
            • Create SIP Trunk Security Profile
            • Create a SIP Trunk that points to the recorder
            • Create a recording profile
            • Create a route pattern/group for the recorder
              • Single server configuration
              • Multiple servers configuration
            • Enable Built-in-Bridge for all phones (optional)
            • Codecs configuration
          • Configure phones
            • Enable Built-in-Bridge on per-phone basis
            • Enable recording for a line appearance
          • Configure MiaRec
          • Configure firewall
          • Optional configuration
            • Configure tones for recording (optional)
            • [Howto] Configure SIP/TLS for SIP Trunk (optional)
        • Cisco phone services
      • Cisco UCM recording announcement
        • Overview
        • Installation guide
          • Player - Configuration
          • CUCM - SIP profile
          • CUCM - SIP Trunk Security Profile
          • CUCM - SIP Trunk
          • CUCM - Route pattern
          • CUCM - Built-in-Bridge (system level)
          • CUCM - TAPI user
          • Controller - Cisco TAPI TSP driver
          • Controller - Verify TAPI configuration
          • Controller - Configuration
      • Metaswitch call recording
        • Metaswitch SIPREC configuration
        • MiaRec configuration for Metaswitch call recording
        • Ignore Metaswitch internal redirect numbers
        • Automatic user provisioning
        • High availability configuration
          • SIPREC auto-failover configuration
            • Configure SIPREC auto-failover for a CFS-Perimeta-MiaRec connection
            • Configure SIPREC auto-failover for a direct CFS-MiaRec connection
        • Softkey integration with Polycom VVX (Metaswitch platform)
        • User authentication using Metaswitch CommPortal
      • Soft key integration with phones
        • Overview - Soft keys on IP phones
        • Configure MiaRec phone services
        • Integration with Cisco SPA and 3PCC series phones
        • Integration with Mitel/Aastra phones
        • Integration with Polycom VVX series phones
        • Integration with Yealink phones
        • Softkey integration with Cisco 7900, 7800 and 8800 series phones
          • Overview
          • Create MiaRec IP Phone Service
          • Subscribe each phone to MiaRec phone service
    • User management
      • Understanding user roles and permissions
      • Roles
      • Groups
      • Users
      • Associating calls with users
      • Configuring LDAP integration
      • Multi-tenancy
        • Enable multi-tenancy in MiaRec
        • Understanding multi-tenancy
        • Add tenant
    • Storage management
      • Audio file encryption
        • File encryption overview
        • Configuration check-list
        • Create new encryption key
        • Import encryption key
        • Export encryption key
        • Grant access to encryption key
        • Enable file encryption
        • Export of the encrypted files
      • Audio settings
      • Backup and restore
        • Backup call recordings
        • Restore call recordings
      • Location for audio files
        • File name format
        • Time formatting inside file name
      • Replication
        • MiaRec multi-master asynchronous replication
        • Use cases for replication
        • Configuring target server (recipient)
        • Configuring replication server (sender)
      • Retention policy
    • Customization
      • Calls list layout
      • Timezone settings
      • Translate MiaRec to other language
    • Maintenance
      • Troubleshooting
        • Log files
        • MiaRec recorder trace
      • Increase/expand an EXT4 filesystem in RHEL 6 / CentOS 6
      • Increase/expand an XFS filesystem in RHEL 7 / CentOS 7
      • License
      • Performance Monitoring
    • Speech Analytics
      • How it works - Speech Analytics
      • Set up Google Cloud Speech API
      • Create Google Cloud Storage bucket
      • MiaRec configuration
    • MiaRec Architecture
    • Screen Recording
      • How it works
      • Configure licensing
      • Configure storage
      • Configure screen recording settings
      • Generate secure token
        • A single-tenant configuration - generate token
        • A multi-tenant configuration - generate token
      • Install client application
      • Authorize new workstations
      • Configure users for screen recording
      • Verify screen recording
      • Troubleshooting
        • Troubleshooting on client side
        • Troubleshooting on server side
      • Deploy Screen Capture Client with Windows Group Policy
        • Create a Transform (MST) file
        • Put the MSI and MST files in a file share
        • Create a new GPO
    • Security
      • PCI scanners and false positives
      • Security hardening for Apache web server
    • High availability
      • Overview
      • High availability for BroadWorks SIPREC recording
      • High availability for Cisco Built-in-bridge recording
Home › Administration Guide › Post-installation tasks › Enable HTTPS for MiaRec Web portal ›
 

Setup SSL certificate for MiaRec Web portal on Centos

In order to enable HTTPS (SSL) in MiaRec Web server, it is necessary to install SSL certificate. The certificate should be issued from a trusted Certificate Authority (like Verisign/Symantec, Comodo, GlobalSign, Digicert, GoDaddy etc).

The certificate is issued per domain name and can be used only with particular name. For example, if you install MiaRec on server and access it with address https://rec.my-company.com, then the SSL certificate should be issued to “rec.my-company.com” domain name.

Alternatively, the certificate can be self-signed. This means that instead of signing the certificate by Trusted Authority, you will sign it by your own certificate. In this case you will see in browser warning message that certificate is not trusted (means that it is not signed by trusted Certificate Authority), although the connection between client’s web-browser and MiaRec server will be secure and encrypted:

You can generate the self-signed certificate using the following command line:

openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -keyout server.key -out server.crt

This command will generate key/certificate pair and then sign it.

1. Install mod_ssl module for Apache

yum install mod_ssl

The module will automatically be enabled during installation, and Apache will be able to start using an SSL certificate after it is restarted. You don't need to take any additional steps for mod_ssl to be ready for use.

2. Install SSL private key and certificate

Copy your SSL private key to directory:

/etc/pki/tls/private/

Copy your SSL certificate to directory:

/etc/pki/tls/certs/

In some case you may need to copy also intermediary certificate of the company, which signed your certificate. Check their official instructions for Apache server.

3. Edit Apache configuration file (ssl.conf)

Edit file /etc/httpd/conf.d/ssl.conf and make sure that:

  • SSLCertificateFile points to your certificate
  • SSLCertificateKeyFile points to your private certificate
  • SSLCertificateChainFile points to your certificate authority intermediary certificate (check your authority instructions)
#   Server Certificate:
SSLCertificateFile /etc/pki/tls/certs/miarec.example.com.crt

#   Server Private Key:
SSLCertificateKeyFile /etc/pki/tls/private/miarec.example.com.key

#   Server Certificate Chain:
SSLCertificateChainFile /etc/pki/tls/certs/CA.crt

4. Disable SSL protocol, allow TLS v1.2 only

It is recommended to disable SSL version 3.0 protocol, and force clients to use more secure TLS v1.2

Edit file /etc/httpd/conf.d/ssl.conf, locate the SSLProtocol line, if its commented out with a #, remove the hash (#) symbol and change it to the following:

SSLProtocol TLSv1.2

Now to increase the security strength we can also disable the weaker ciphers, located the SSLCipherSuite line, uncomment it and make it:

SSLCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA:!RC4:!3DES

5 Disable TRACE method

Add the following line to the end of file /etc/httpd/conf/httpd.conf:

TraceEnable off

6. Open port 443 on firewall

Add exclusion rule to firewall:

iptables -I INPUT 5 -i eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT

Save all rules into iptables configuration file:

service iptables save

Restart iptables service:

service iptables restart

7. [Optional] Force HTTPS for all traffic except internal call events

Create file /etc/httpd/conf.d/miarec-ssl.conf:

vi /etc/httpd/conf.d/miarec-ssl.conf

Copy/paste the following content into this file:

NameVirtualHost *:80
<VirtualHost *:80>
    RewriteEngine on
    RewriteCond %{HTTP_HOST}%{REQUEST_URI} !^127.0.0.1/notify
    RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R=301,L]
</VirtualHost>

Reload Apache:

service httpd reload

What is "127.0.0.1/notify" in the rewrite rule? MiaRec uses internally the HTTP protocol for sending call event notifications from recorder engine to a web portal. The above rewrite rule will force HTTPS for all web traffic except internal communication between recorder and web portal.

8. Restart Apache

service httpd restart
‹ Setup free SSL certificate for MiaRec using Let's Encrypt (Centos 6/7) up Phone system integration ›
  • Printer-friendly version
MiaRec, Inc. © 2020. All Rights Reserved. | Terms of Use | Privacy Statement | Cancellation Policy