SSL-based connectivity

The Generic Probe for the 3GPP Interface (CORBA) supports Secure Sockets Layer (SSL) connections between the probe and the EMS server. SSL connections provide additional security when the probe retrieves alarms from the EMS.

To enable SSL connections, obtain the required SSL certificates and the Trusted Authority certificate from the EMS vendor. Add the certificates to a local Java™ keystore so that they can be referenced by the KeyStore property.

Prerequisites

To create the keystore, ensure you have the following software installed:

You must also obtain the client and server certificates, client_ca.cer and server_ca.cer, and the server key pair, server_key.pem, from vendor.

Creating the SSL keystore

To create a Java keystore, follow these steps:
  1. Convert the server certificate to PKCS12 format using the following OpenSSL toolkit command:

    openssl pkcs12 -export -inkey server_key.pem -in server_ca.cer -out server_ca.pkcs12

  2. Create the keystore using the KeyMan utility:
    1. Start the KeyMan utility.
    2. Click Create New and select the Keystore token option.
    3. Click File > Import and choose the server_ca.pkcs12 file that you created in step 1.

      This imports the keyEntry into the keystore.

    4. Click File > Import and choose the server_ca.cer certificate.

      This imports the server certificate into the keystore.

    5. Click File > Import and choose the client_ca.cer certificate.

      This imports the client certificate into the keystore.

    6. Click File > Save and enter a password and name for the keystore, for example trusted_keystore.jks.

Enabling SSL connections

To enable SSL-based connections between the probe and the 3GPP interface, follow these steps:
  1. Set the EnableSSL property to true.
    When the EnableSSL property is set to true, the following properties are enabled:
    • KeyStore
    • KeyStorePassword
    • SecurityProtocol
  2. Use the KeyStore property to specify the location of the keystore file trusted_keystore.jks.
  3. Use the KeyStorePassword property to specify a password for the keystore.
  4. Encrypt the keystore file password using the nco_g_crypt utility.