You can enable transport layer security by modifying the properties
file for Rf accounting Web service, Ro online charging Web service,
or Sh subscriber profile Web service.
About this task
The
inbandSecurityPolicy property is in the
Diameter_Rf.properties,
Diameter_Ro.properties, and
Diameter_Sh.properties files. Prior to establishing
a connection to a remote Diameter peer using TLS, the
WebSphere® Application Server and
the remote Diameter peer must perform a certificate exchange. The Diameter
protocol requires mutual authentication between the Diameter peers, which
is a two-step process: the WebSphere Application Server Exports a signer certificate
and the Diameter peer imports it into the keystore; the Diameter peer exports
the signer certificate and the WebSphere Application Server imports it into
the keystore. The installation process creates a new SSL configuration object
called Diameter that is associated with the TLS channel that is part of the
SecureDiameterChain channel chain. As a default, the SSL configuration called
Diameter is set up to use the
NodeDefaultKeyStore and
NodeDefaultTrustStore.
Note: In
case of a clustered installation, repeat these steps for each node in the
cluster.
- Open Diameter_Rf.properties, Diameter_Ro.properties,
or Diameter_Sh.properties. The files are in
the following location:


was_profile_root/properties
Note: was_profile_root is
the directory for a
WebSphere Application Server
Network Deployment profile
called
profile_name. By default, this directory
is:
/usr/IBM/WebSphere/AppServer/profiles/profile_name
/opt/IBM/WebSphere/AppServer/profiles/profile_name
/opt/IBM/WebSphere/AppServer/profiles/profile_name
For example, AppSrv01 in a standalone environment, or Custom01
as the name of a federated node profile, in a clustered environment.
- Set the value for inbandSecurityPolicy.
- To enable TLS on a specific connection, set the value for the property
to 1.
- To disable TLS on a specific connection, set the value for the property
to 0.
- Save and close Diameter_Rf.properties, Diameter_Ro.properties,
or Diameter_Sh.properties.
- Restart Rf accounting Web service, Ro online charging Web service,
or Sh subscriber profile Web service.
What to do next
Note: If you enable TLS, the WebSphere Application Server must
support the inbound signer key certificate.