The Probe for Huawei U2000 3GPP (CORBA) supports Secure Sockets Layer (SSL) connections between the probe and the EMS server. SSL connections provide additional security when the probe retrieves alarms from the EMS.
To enable SSL connections, obtain the required SSL certificates and the Trusted Authority certificate from the EMS vendor, Huawei Technologies. Add the certificates to a local Java™ keystore so that they can be referenced by the KeyStore property.
- The OpenSSL toolkit.
This is available from http://www.openssl.org/.
- The IBM® KeyMan utility.
This is available from http://www.alphaworks.ibm.com/tech/keyman/download.
Creating the SSL keystore and truststore
- Convert the server certificate to
PKCS12format using the following OpenSSL toolkit command:
openssl pkcs12 -export -inkey server_key.pem -in server_ca.cer -out server_ca.pkcs12
- Create the keystore using the KeyMan utility:
- Start the KeyMan utility.
- Click Create New and select the Keystore token option.
- Click server_ca.pkcs12 file
that you created in step 1.
This imports the
keyEntryinto the keystore.
and choose the
- Click server_ca.cer certificate.
This imports the server certificate into the keystore.
and choose the
- Click client_ca.cer certificate.
This imports the client certificate into the keystore.
- Click trusted_keystore.jks. and enter a password and name for the keystore, for example
Enabling SSL connections
- Configure the probe connection methods to use the Naming service by configuring the Naming service host and port or Naming service IOR file.
- Set the EnableSSL property
to true.When the EnableSSL property is set to true, the following properties are enabled:
- Use the KeyStore property to specify the location of the keystore file trusted_keystore.jks.
- Use the KeyStorePassword property to specify a password for the keystore.
- Encrypt the keystore file password (if required) using the encryption utility supplied with Netcool/OMNIbus. See Encrypting passwords.