SSL-based connectivity
The Generic Probe for the 3GPP Interface (CORBA) supports Secure Sockets Layer (SSL) connections between the probe and the EMS server. SSL connections provide additional security when the probe retrieves alarms from the EMS.
To enable SSL connections, obtain the required SSL certificates and the Trusted Authority certificate from the EMS vendor. Add the certificates to a local Java™ keystore so that they can be referenced by the KeyStore property.
Prerequisites
- The OpenSSL toolkit.
This is available from http://www.openssl.org/.
- The IBM® KeyMan utility.
This is available from http://www.alphaworks.ibm.com/tech/keyman/download.
You must also obtain the client and server certificates, client_ca.cer and server_ca.cer, and the server key pair, server_key.pem, from vendor.
Creating the SSL keystore
- Convert the server certificate to
PKCS12
format using the following OpenSSL toolkit command:openssl pkcs12 -export -inkey server_key.pem -in server_ca.cer -out server_ca.pkcs12
- Create the keystore using the KeyMan utility:
- Start the KeyMan utility.
- Click Create New and select the Keystore token option.
- Click server_ca.pkcs12 file
that you created in step 1.
This imports the
keyEntry
into the keystore.
and choose the - Click server_ca.cer certificate.
This imports the server certificate into the keystore.
and choose the - Click client_ca.cer certificate.
This imports the client certificate into the keystore.
and choose the - Click trusted_keystore.jks. and enter a password and name for the keystore, for example
Enabling SSL connections
- Set the EnableSSL property to true.When the EnableSSL property is set to true, the following properties are enabled:
- KeyStore
- KeyStorePassword
- SecurityProtocol
- Use the KeyStore property to specify the location of the keystore file trusted_keystore.jks.
- Use the KeyStorePassword property to specify a password for the keystore.
- Encrypt the keystore file password using the nco_g_crypt utility.