WebSphere brand IBM WebSphere IP Multimedia Subsystem Connector, Version 6.2

Configuring channel security

You can enable transport layer security by modifying the properties file for Rf accounting Web service, Ro online charging Web service, or Sh subscriber profile Web service.

About this task
The inbandSecurityPolicy property is in the Diameter_Rf.properties, Diameter_Ro.properties, and Diameter_Sh.properties files. Prior to establishing a connection to a remote Diameter peer using TLS, the WebSphere® Application Server and the remote Diameter peer must perform a certificate exchange. The Diameter protocol requires mutual authentication between the Diameter peers, which is a two-step process: the WebSphere Application Server Exports a signer certificate and the Diameter peer imports it into the keystore; the Diameter peer exports the signer certificate and the WebSphere Application Server imports it into the keystore. The installation process creates a new SSL configuration object called Diameter that is associated with the TLS channel that is part of the SecureDiameterChain channel chain. As a default, the SSL configuration called Diameter is set up to use the NodeDefaultKeyStore and NodeDefaultTrustStore.
Note: In case of a clustered installation, repeat these steps for each node in the cluster.
  1. Open Diameter_Rf.properties, Diameter_Ro.properties, or Diameter_Sh.properties. The files are in the following location:
    • AIXLinuxSolaris was_profile_root/properties
    Note: was_profile_root is the directory for a WebSphere Application Server Network Deployment profile called profile_name. By default, this directory is:
    • AIX /usr/IBM/WebSphere/AppServer/profiles/profile_name
    • Linux /opt/IBM/WebSphere/AppServer/profiles/profile_name
    • Solaris /opt/IBM/WebSphere/AppServer/profiles/profile_name

    For example, AppSrv01 in a standalone environment, or Custom01 as the name of a federated node profile, in a clustered environment.

  2. Set the value for inbandSecurityPolicy.
    • To enable TLS on a specific connection, set the value for the property to 1.
    • To disable TLS on a specific connection, set the value for the property to 0.
  3. Save and close Diameter_Rf.properties, Diameter_Ro.properties, or Diameter_Sh.properties.
  4. Restart Rf accounting Web service, Ro online charging Web service, or Sh subscriber profile Web service.
What to do next
Note: If you enable TLS, the WebSphere Application Server must support the inbound signer key certificate.



Terms of use
(C) Copyright IBM Corporation 2009. All Rights Reserved.