Under the FAQ, a question is posted as to whether Plum supports HTTPS/SSL. In the response, it says:
"Yes. Please note that the platform will even retrieve pages from HTTPS sites without certificates issued from a certificate authority. If you are having problems retrieving content from an HTTPS site, you can test the page retrieval by using the Netscape (http://www.netscape.com/) or Mozilla (http://www.mozilla.org/) browsers to retrieve the encrypted content."
Does this mean that anyone who knows the URL can retrieve the VoiceXML - with no authentication needed?
We've Moved! Please visit our new and improved forum over at our new portal: https://portal.plumvoice.com/hc/en-us/community/topics
questions regarding HTTPS/SSL usage...
https/ssl using the IVR platform
HTTPS/SSL is an encryption protocol -- it does not interactively authenticate the user. Thus, anyone who knows the URL for the site will be able to retrieve it. HTTPS/SSL only guarantees that the data passed between a browser and an HTTPS web site will be safe from interception due to encryption. If authentication is required, a second mechanism needs to be put into place like HTTP-Basic authentication which embeds username/password information in the HTTP request header.
For example, anyone can type in https://www.networksolutions.com/. The "lock" icon in your browser should appear indicating that the contents of the web session are now encrypted. However, please notice that you are not prompted for a username and password in order to view the site.
In the same way, the Plum Voice Platform can request VoiceXML content from a web server using HTTPS. This allows for sensitive information to be passed between the IVR Platform and the web server. The web server must provide its own mechanism for authentication if access to the sensitive information needs to be limited to only permitted users.
For example, anyone can type in https://www.networksolutions.com/. The "lock" icon in your browser should appear indicating that the contents of the web session are now encrypted. However, please notice that you are not prompted for a username and password in order to view the site.
In the same way, the Plum Voice Platform can request VoiceXML content from a web server using HTTPS. This allows for sensitive information to be passed between the IVR Platform and the web server. The web server must provide its own mechanism for authentication if access to the sensitive information needs to be limited to only permitted users.
Last edited by support on Wed Jan 06, 2010 10:54 am, edited 1 time in total.
error with verifying certificate
When Plum tries to access an https site with a self-signed certificate, the following error appears:
Thu 03 Jun 2004 01:00:32 PM EDT (000000;000;1086281939) [inet] ERROR: Error fetching document due to SSL certificate problem, verify that the CA cert is OK
I'm assuming Plum does not recognize self-signed certificates? or is there potentially some other problem?
Thu 03 Jun 2004 01:00:32 PM EDT (000000;000;1086281939) [inet] ERROR: Error fetching document due to SSL certificate problem, verify that the CA cert is OK
I'm assuming Plum does not recognize self-signed certificates? or is there potentially some other problem?
please post a URL on the IVR forum
Can you provide us with a URL to this SSL server with some test vxml? You can email it to support@plumvoice.com or simply post it here on the IVR forum.
Thanks!
Thanks!
Last edited by support on Fri Jan 15, 2010 12:36 pm, edited 2 times in total.
Do you maintain a list of supported certificate authorities that Plum accepts. I find I am encountering the following error when attempting to use https in outbound calling:
Attempting to fetch https://x/eva/OMQ/VXMLStartMessageRequest.aspx
Error fetching document due to SSL certificate problem, verify that the CA cert is OK
DocumentParser::FetchBuffer - could not open URL: https://x/eva/OMQ/VXMLStartMessageRequest.aspx
DocumentParser::FetchDocument - exiting with error result 2
errno: 203 uri https://x/eva/OMQ/VXMLStartMessageRequest.aspx
NOTE: I've replaced our domain name with X in the above example.
The certificate we're currently using is issued by: Equifax Secure Inc.
We ran a test on the page with the following sites. Those with a **** had a problem. Our observation was that our certificate seemed reasonable on all of the latest versions of browsers.
Macintosh OSX 10.3
Explorer 5.2
Firefox 1.0.5
Mozilla 1.6
Mozilla 1.7.8
Netscape 6.2.3
Netscape 7.2
Opera 7.5.4u1
Opera 8.0.1
Safari 1.2
Safari 1.3
Red Hat Linux 8.0
Firefox 1.0.5
Firefox 1.0.5 (No Flash)
Konqueror 3.0.5
Konqueror 3.0.5 (no Flash)
Mozilla 1.6
Mozilla 1.6 (No Flash)
Mozilla 1.7.8
Mozilla 1.7.8 (No Flash)
Netscape 4.8 **************************************
Netscape 4.8 (no Flash) *************************** Netscape 7.2 Netscape 7.2 (no Flash)
Opera 7.5.4 u2 ************************************
Opera 7.5.4 u2 (No Flash) *************************
Opera 8.0.1 Opera 8.0.1(No Flash)
Windows 2000 Professional
AOL 9.0
Explorer 5.0
Explorer 5.0 (no Flash)
Explorer 5.5
Explorer 5.5 (no Flash)
Explorer 6.0
Explorer 6.0 (no Flash)
Firefox 1.0.5
Firefox 1.0.5 (No Flash)
Mozilla 1.6
Mozilla 1.6 (No Flash)
Mozilla 1.7.8
Mozilla 1.7.8 (No Flash)
Netscape 4.78 *************************
Netscape 4.78 (no Flash) **************
Netscape 6.2 Netscape 6.2 (no Flash)
Netscape 7.2 Netscape 7.2 (no Flash)
Opera 7.23 ****************************
Opera 7.23 (no Flash) *****************
Opera 8.0.1 Opera 8.0.1 (No Flash)
Windows 98
Explorer 4.0
Explorer 4.0 (no Flash)
Windows XP
Explorer 6.0
Explorer 6.0 (no Flash)
Firefox 1.0.5
Firefox 1.0.5 (No Flash)
Mozilla 1.6
Mozilla 1.6 (No Flash)
Mozilla 1.7.8
Mozilla 1.7.8 (No Flash)
Netscape 7.2
Netscape 7.2 (no Flash)
Opera 7.54u2 ***********************
Opera 7.54u2 (no Flash) ************
Opera 8.0.1
Opera 8.0.1 (No Flash)
Thanks in advance for any insight.
Best Regards,
Scott Studer
Attempting to fetch https://x/eva/OMQ/VXMLStartMessageRequest.aspx
Error fetching document due to SSL certificate problem, verify that the CA cert is OK
DocumentParser::FetchBuffer - could not open URL: https://x/eva/OMQ/VXMLStartMessageRequest.aspx
DocumentParser::FetchDocument - exiting with error result 2
errno: 203 uri https://x/eva/OMQ/VXMLStartMessageRequest.aspx
NOTE: I've replaced our domain name with X in the above example.
The certificate we're currently using is issued by: Equifax Secure Inc.
We ran a test on the page with the following sites. Those with a **** had a problem. Our observation was that our certificate seemed reasonable on all of the latest versions of browsers.
Macintosh OSX 10.3
Explorer 5.2
Firefox 1.0.5
Mozilla 1.6
Mozilla 1.7.8
Netscape 6.2.3
Netscape 7.2
Opera 7.5.4u1
Opera 8.0.1
Safari 1.2
Safari 1.3
Red Hat Linux 8.0
Firefox 1.0.5
Firefox 1.0.5 (No Flash)
Konqueror 3.0.5
Konqueror 3.0.5 (no Flash)
Mozilla 1.6
Mozilla 1.6 (No Flash)
Mozilla 1.7.8
Mozilla 1.7.8 (No Flash)
Netscape 4.8 **************************************
Netscape 4.8 (no Flash) *************************** Netscape 7.2 Netscape 7.2 (no Flash)
Opera 7.5.4 u2 ************************************
Opera 7.5.4 u2 (No Flash) *************************
Opera 8.0.1 Opera 8.0.1(No Flash)
Windows 2000 Professional
AOL 9.0
Explorer 5.0
Explorer 5.0 (no Flash)
Explorer 5.5
Explorer 5.5 (no Flash)
Explorer 6.0
Explorer 6.0 (no Flash)
Firefox 1.0.5
Firefox 1.0.5 (No Flash)
Mozilla 1.6
Mozilla 1.6 (No Flash)
Mozilla 1.7.8
Mozilla 1.7.8 (No Flash)
Netscape 4.78 *************************
Netscape 4.78 (no Flash) **************
Netscape 6.2 Netscape 6.2 (no Flash)
Netscape 7.2 Netscape 7.2 (no Flash)
Opera 7.23 ****************************
Opera 7.23 (no Flash) *****************
Opera 8.0.1 Opera 8.0.1 (No Flash)
Windows 98
Explorer 4.0
Explorer 4.0 (no Flash)
Windows XP
Explorer 6.0
Explorer 6.0 (no Flash)
Firefox 1.0.5
Firefox 1.0.5 (No Flash)
Mozilla 1.6
Mozilla 1.6 (No Flash)
Mozilla 1.7.8
Mozilla 1.7.8 (No Flash)
Netscape 7.2
Netscape 7.2 (no Flash)
Opera 7.54u2 ***********************
Opera 7.54u2 (no Flash) ************
Opera 8.0.1
Opera 8.0.1 (No Flash)
Thanks in advance for any insight.
Best Regards,
Scott Studer
Plum Supported CA for IVR system
Plum Supported CA for IVR system
ABAecom (sub., Am. Bankers Assn.) Root CA
ANX Network CA by DST
American Express CA
American Express Global CA
BelSign Object Publishing CA
BelSign Secure Server CA
Deutsche Telekom AG Root CA
Digital Signature Trust Co. Global CA 1
Digital Signature Trust Co. Global CA 2
Digital Signature Trust Co. Global CA 3
Digital Signature Trust Co. Global CA 4
Entrust Worldwide by DST
Entrust.net Premium 2048 Secure Server CA
Entrust.net Secure Personal CA
Entrust.net Secure Server CA
Equifax Premium CA
Equifax Secure CA
GTE CyberTrust Global Root
GTE CyberTrust Japan Root CA
GTE CyberTrust Japan Secure Server CA
GTE CyberTrust Root 2
GTE CyberTrust Root 3
GTE CyberTrust Root 4
GTE CyberTrust Root 5
GTE CyberTrust Root CA
GlobalSign Partners CA
GlobalSign Primary Class 1 CA
GlobalSign Primary Class 2 CA
GlobalSign Primary Class 3 CA
GlobalSign Root CA
National Retail Federation by DST
TC TrustCenter, Germany, Class 1 CA
TC TrustCenter, Germany, Class 2 CA
TC TrustCenter, Germany, Class 3 CA
TC TrustCenter, Germany, Class 4 CA
Thawte Personal Basic CA
Thawte Personal Freemail CA
Thawte Personal Premium CA
Thawte Premium Server CA
Thawte Server CA
Thawte Universal CA Root
UPS Document Exchange by DST
ValiCert Class 1 VA
ValiCert Class 2 VA
ValiCert Class 3 VA
VeriSign Class 4 Primary CA
Verisign Class 1 Public Primary Certification Authority
Verisign Class 1 Public Primary Certification Authority - G2
Verisign Class 1 Public Primary Certification Authority - G3
Verisign Class 2 Public Primary Certification Authority
Verisign Class 2 Public Primary Certification Authority - G2
Verisign Class 2 Public Primary Certification Authority - G3
Verisign Class 3 Public Primary Certification Authority
Verisign Class 3 Public Primary Certification Authority - G2
Verisign Class 3 Public Primary Certification Authority - G3
Verisign Class 4 Public Primary Certification Authority - G2
Verisign Class 4 Public Primary Certification Authority - G3
Verisign/RSA Commercial CA
Verisign/RSA Secure Server CA
ABAecom (sub., Am. Bankers Assn.) Root CA
ANX Network CA by DST
American Express CA
American Express Global CA
BelSign Object Publishing CA
BelSign Secure Server CA
Deutsche Telekom AG Root CA
Digital Signature Trust Co. Global CA 1
Digital Signature Trust Co. Global CA 2
Digital Signature Trust Co. Global CA 3
Digital Signature Trust Co. Global CA 4
Entrust Worldwide by DST
Entrust.net Premium 2048 Secure Server CA
Entrust.net Secure Personal CA
Entrust.net Secure Server CA
Equifax Premium CA
Equifax Secure CA
GTE CyberTrust Global Root
GTE CyberTrust Japan Root CA
GTE CyberTrust Japan Secure Server CA
GTE CyberTrust Root 2
GTE CyberTrust Root 3
GTE CyberTrust Root 4
GTE CyberTrust Root 5
GTE CyberTrust Root CA
GlobalSign Partners CA
GlobalSign Primary Class 1 CA
GlobalSign Primary Class 2 CA
GlobalSign Primary Class 3 CA
GlobalSign Root CA
National Retail Federation by DST
TC TrustCenter, Germany, Class 1 CA
TC TrustCenter, Germany, Class 2 CA
TC TrustCenter, Germany, Class 3 CA
TC TrustCenter, Germany, Class 4 CA
Thawte Personal Basic CA
Thawte Personal Freemail CA
Thawte Personal Premium CA
Thawte Premium Server CA
Thawte Server CA
Thawte Universal CA Root
UPS Document Exchange by DST
ValiCert Class 1 VA
ValiCert Class 2 VA
ValiCert Class 3 VA
VeriSign Class 4 Primary CA
Verisign Class 1 Public Primary Certification Authority
Verisign Class 1 Public Primary Certification Authority - G2
Verisign Class 1 Public Primary Certification Authority - G3
Verisign Class 2 Public Primary Certification Authority
Verisign Class 2 Public Primary Certification Authority - G2
Verisign Class 2 Public Primary Certification Authority - G3
Verisign Class 3 Public Primary Certification Authority
Verisign Class 3 Public Primary Certification Authority - G2
Verisign Class 3 Public Primary Certification Authority - G3
Verisign Class 4 Public Primary Certification Authority - G2
Verisign Class 4 Public Primary Certification Authority - G3
Verisign/RSA Commercial CA
Verisign/RSA Secure Server CA