Securing connections with SSL/TLS
Note: This procedure is for Dragon Voice users. Ignore it if not using Dragon Voice.
By default, Dragon Voice components communicate via secure connections using Transport Layer Security (TLS, also referred to as its predecessor, Secure Sockets Layer or SSL). The components use a mixture of HTTP, HTTPS, and WebSocket.
For highest security, you can configure the system for HTTPS and WebSocket Secure (WSS), use certificates and RSA private keys signed by a recognized Certificate Authority (CA), and protect the RSA keys with an encrypted passwords.
About certificates
Nuance provides self-signed certificates during installation and uses them by default. You can replace the self-signed certificates at any time by acquiring signed certificates and keys from a Certificate Authority (CA) vendor or from an internal Certificate Authority (PKI services in-house). For example, use the default certificates for development and testing, but replace them for production environments.
- Each Dragon Voice service requires a certificate and key. The services are Krypton, NLE, NLP service, NTpE, and Resource Manager.
- For all-in-one deployments, all services run on a single host and you can use the same certificate and key for all services. (Acquire one certificate and make copies for each service.)
- For distributed deployments, services run on different hosts and you need a different certificate for each. (Acquire one certificate for each host, and make copies for each service running on that host.)
The keys and certificates require different encodings depending on the service:
Encodings |
Required for... |
---|---|
binary-X.509 |
Krypton recognition engine, Nuance Text Processing Engine, Resource Manager |
PFX/PKCS#12 |
Natural Language Engine, NLP service |
Procedure for setting up secure connections
Note: This procedure requires a methodical effort to configure the services. It is better to be accurate and complete during configuration than to troubleshoot errors later.
Step | Instructions |
---|---|
1 |
Store the certificates and keys in the recommended locations. See Copying certificates and keys. |
2 | Prepare keystores for the Java-based services. See Creating PKCS12 keystores. |
3 |
Prepare the NLE keystore. See Converting NLE keystores to JKS. |
4 | Set up certificates for application servers. See Securing application servers. |
5 | Configure the certificates, keys, and security behaviors of each service. See Configuring authentication on services. |
6 | If using Management Station, see Configuring HTTPS for Management Station. |
7 |
Restart every host where Dragon Voice is installed.. |