...

TLS requires a keystore file that is generated by using the Java standard command keytool. For further information about the keytool command, see the JDK product documentation.

$ keytool -genkey -keyalg RSA -keystore MZstack.jks

Keytool prompts for required information such as identity details and password. Note that the keystore password  must  be the same as the key password.

1. $ keytool -export -keystore MZstack.jks -file ./MZstack.cer

   The certificate file can now be distributed to the other peers.

2. Install a diameter node certificate in the MZstack keystore:

   Code Block
   language text

1. $ keytool -import -alias "peerTLS" -file peerTLS.cer -keystore MZstack.jks

2. Enter the keystore path and the keystore password in the Diameter Stack configuration.
   

1.  

2. From the Peer Table, in the Diameter Routing profile configuration select the TCP/TLS protocol for the peer with which you want to establish a secure connection. 

TLS Configuration Properties

You can control the handling of unrecognized certificates by setting the Execution Context property mz.diameter.tls.accept_all.

$ mzsh topo set topo://container:<container>/pico:<pico>/val:config.properties.mz.diameter.tls.accept_all true

mzsh topo set topo://cell:default/val:common.config.properties.mz.diameter.tls.accept_all true

If the property is set to false (default), the Diameter Stack agent does not accept any non-trusted certificates. If it is set to true, the Diameter Stack agent accepts any certificate.

...

Check the certificate. If you trust it, import it into the keystore by using the Java standard  keytool command. For further information, see the standard Java documentation.