Versions Compared

Version Old Version 2 New Version Current
Changes made by

Former user

Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The Diameter protocol communication can be protected by using Transport Layer Security, TLS.

TLS Configuration

TLS requires a keystore file that is generated by using the Java standard command keytool. For further information about the keytool command, see the JDK product documentation.

Info
titleExample - TLS Configuration

  1. To Create a keystore:

    Code Block
    languagetext
    themeEclipse
    $ keytool -genkey -keyalg RSA -keystore MZstack.jks

    Keytool prompts for required information such as identity details and password. Note that the keystore password  must  be the same as the key password.


  2. Generate the certificate:

    Code Block
    languagetext
    themeEclipse
    $ keytool -export -keystore MZstack.jks -file ./MZstack.cer

    The certificate file can now be distributed to the other peers.


  3. Install a diameter node certificate in the MZstack keystore:

    Code Block
    languagetext
    themeEclipse
    $ keytool -import -alias "peerTLS" -file peerTLS.cer -keystore MZstack.jks


  4. Enter the keystore path and the keystore password in the Diameter Stack configuration.
      

  5. From the Peer Table, in the Diameter Routing profile configuration select the TCP/TLS protocol for the peer with which you want to establish a secure connection. 

TLS Configuration Properties

You can control the handling of unrecognized certificates by setting the Execution Context property mz.diameter.tls.accept_all.

...

If the property is set to false (default), the Diameter Stack agent does not accept any non-trusted certificates. If it is set to true, the Diameter Stack agent accepts any certificate.

In either case, any unrecognized certificate will be logged in an entry in the System Log (in PEM format).

Check the certificate. If you trust it, import it into the keystore by using the Java standard  keytool command. For further information, see the standard Java documentation.


Scroll ignore
scroll-viewportfalse
scroll-pdftrue
scroll-officefalse
scroll-chmtrue
scroll-docbooktrue
scroll-eclipsehelptrue
scroll-epubtrue
scroll-htmlfalse


Next:


Scroll pagebreak