The Diameter protocol communication can be protected by using Transport Layer Security, TLS.

TLS Configuration

TLS requires a keystore file that is generated by using the Java standard command keytool. For further information about the keytool command, see the JDK product documentation.

Info

title	Example - TLS Configuration

To Create a keystore:
Code Block
language text
theme Eclipse
$ keytool -genkey -keyalg RSA -keystore MZstack.jks
Keytool prompts for required information such as identity details and password. Note that the keystore password must be the same as the key password.
Generate the certificate:
Code Block
language text
theme Eclipse
$ keytool -export -keystore MZstack.jks -file ./MZstack.cer
The certificate file can now be distributed to the other peers.
Install a diameter node certificate in the MZstack keystore:
Code Block
language text
theme Eclipse
$ keytool -import -alias "peerTLS" -file peerTLS.cer -keystore MZstack.jks
Enter the keystore path and the keystore password in the Diameter Stack configuration.
From the Peer Table, in the Diameter Routing profile configuration select the TCP/TLS protocol for the peer with which you want to establish a secure connection.

TLS Configuration Properties

You can control the handling of unrecognized certificates by setting the Execution Context property mz.diameter.tls.accept_all.

...

Check the certificate. If you trust it, import it into the keystore by using the Java standard keytool command. For further information, see the standard Java documentation.

Scroll ignore

scroll-viewport	false
scroll-pdf	true
scroll-office	false
scroll-chm	true
scroll-docbook	true
scroll-eclipsehelp	true
scroll-epub	true
scroll-html	false

Versions Compared

Old Version 1

New Version Current

Key

TLS Configuration

TLS Configuration Properties

Page Comparison

Versions Compared

Old Version 1

New Version Current

Key

TLS Configuration

TLS Configuration Properties