...
TLS requires a keystore file that is generated by using the Java standard command keytool. For further information about the keytool command, see the JDK product documentation.
Info | |||||
---|---|---|---|---|---|
title | Example - TLS Configuration
| ||||
theme | Eclipse |
$ keytool -genkey -keyalg RSA -keystore MZstack.jks |
Keytool prompts for required information such as identity details and password. Note that the keystore password must be the same as the key password.
Generate the certificate:
Code Block | ||
---|---|---|
|
$ keytool -export -keystore MZstack.jks -file ./MZstack.cer
The certificate file can now be distributed to the other peers.
Install a diameter node certificate in the MZstack keystore:
Code Block language text
$ keytool -import -alias "peerTLS" -file peerTLS.cer -keystore MZstack.jks
Enter the keystore path and the keystore password in the Diameter Stack configuration.
From the Peer Table, in the Diameter Routing profile configuration select the TCP/TLS protocol for the peer with which you want to establish a secure connection.
TLS Configuration Properties
You can control the handling of unrecognized certificates by setting the Execution Context property mz.diameter.tls.accept_all.
Info | ||||
---|---|---|---|---|
Example - Handling of unrecognized certificatesOn a specific EC:
On cell level:
|
If the property is set to false
(default), the Diameter Stack agent does not accept any non-trusted certificates. If it is set to true
, the Diameter Stack agent accepts any certificate.
...
Check the certificate. If you trust it, import it into the keystore by using the Java standard keytool command. For further information, see the standard Java documentation.