Open ports and add certificate to the VM

For the Verint Recorder to connect securely to the Azure Microsoft Teams Bot Service, open the required inbound ports on the VM's firewall and import the cryptographic service provider (CSP) SSL certificate.

Before you begin

• Configure the VM network interface

• Get the sign-in credentials for the Administrator user that was created when the VM was deployed.

• Install Microsoft Teams Module

• Review the required Security certificate

• Get the list of Firewall ports

Procedure 

1. Using Remote Desktop, sign in to the VM.

2. Add the firewall rules:

   1. Open PowerShell as an Administrator.

   2. Using the New-NetFirewallRule cmdlet, add the required inbound and outbound ports.

      Example:  

      New-NetFirewallRule -displayname 'Verint Web HTTPS' -direction inbound -action allow -protocol tcp -LocalPort 443

      New-NetFirewallRule -displayname 'Verint Teams Bot Media' -direction inbound -action allow -protocol tcp -LocalPort 8445

      New-NetFirewallRule -displayname 'Verint Teams Bot Signaling 1' -direction inbound -action allow -protocol tcp -LocalPort 9440

      New-NetFirewallRule -displayname 'Verint Teams Bot Signaling 2' -direction inbound -action allow -protocol tcp -LocalPort 10100

3. To verify the firewall rules were added, run the command Get-NetFirewallRule.

4. Add the SSL certificate:

   1. Open mmc.exe.

   2. Select File > Add or remove Snap-ins (Ctrl+M).

   3. From the list on the left, select Certificates, then select Add.

      

   4. Select Computer account and Local Computer, then select OK.

   5. Right-click on Personal, then go to All Tasks > Import…

      

   6. Select Next and browse for the .pfx file.

   7. Type the password for the private key and select Mark this key as exportable.

      

   8. Select Next.

   9. Select Certificate store and leave the default value.

   10. Select Next and Finish.

5. Verify provider of installed SSL certificate

6. Bind the SSL certificate to the ports:

   1. As an Administrator, open a Command Prompt.

   2. Use the netsh http add sslcert command. This command requires the correct local IP and Certificate Thumbprint.

      Parameters:

      • ipport: LocalIP:SignalingPort

      • certhash: Certificate thumbprint

      • appid: Random GUID

      The following commands are required with the correct IP and Thumbprint:

      netsh http add sslcert ipport=10.0.2.4:9440 certhash=1a2eef07216c06c55998ac4d30ecc2bbee44b9c9 appid={00000000-0000-0000-0000-000000000001}

      netsh http add sslcert ipport=10.0.2.4:10100 certhash=1a2eef07216c06c55998ac4d30ecc2bbee44b9c9 appid={00000000-0000-0000-0000-000000000001}

What to do next 

Create a DNS entry

Related information 

New-NetFirewallRule (Microsoft technical docs)