TLS Configuration
TLS Configuration Properties describes the Transport Layer Security (TLS) configuration properties for External Diameter Gateway.
| Property | Type | Default | Description |
|---|---|---|---|
| gateway.configuration.diameter.tls.enable | Boolean | False | If true, the Diameter connection is established with TLS. |
| gateway.configuration.diameter.tls.selfSignedCert | Boolean | False | If false, the TLS connection is established with the key and certificate files from the gateway.configuration.diameter.tls.certFile and
gateway.configuration.diameter.tls.keyFile parameters. |
| gateway.configuration.diameter.tls.certFile | String | /opt/mtx/conf/keystore/diameter/tls.crt | If the following property is false, this is the path to the certificate file: gateway.configuration.diameter.tls.selfSignedCert. |
| gateway.configuration.diameter.tls.keyFile | String | /opt/mtx/conf/keystore/diameter/tls.key | If the following property is false, this is the path to the key file: gateway.configuration.diameter.tls.selfSignedCert. |
| gateway.configuration.engine.tls.enable | Boolean | False | If true, then the engine connection is established with TLS. |
| gateway.configuration.engine.tls.insecureSkipVerify | Boolean | False | If false, the TLS connection is validated with the certificate file from the gateway.configuration.engine.tls.caFile parameter. |
| gateway.configuration.engine.tls.caFile | String | /opt/mtx/conf/keystore/engine/ca.crt | If the following property is false, this is the path to the certificate file: gateway.configuration.engine.tls.insecureSkipVerify. |
| gateway.configuration.engine.callback.tls.enable | Boolean | False | If true, the engine callback connection is established with TLS. |
| gateway.configuration.engine.callback.tls.selfSignedCert | Boolean | False | If false, the TLS connection is established with the key and certificate files from the gateway.configuration.engine.callback.tls.certFile and
gateway.configuration.engine.callback.tls.keyFile parameters. |
| gateway.configuration.engine.callback.tls.certFile | String | /opt/mtx/conf/keystore/engine/tls.crt | If the following property is false, this is the path to the certificate file: gateway.configuration.engine.callback.tls.selfSignedCert. |
| gateway.configuration.engine.callback.tls.keyFile | String | /opt/mtx/conf/keystore/engine/tls.key | If the following property is false, this is the path to the key file: gateway.configuration.engine.callback.tls.selfSignedCert. |
| global.tls.secretName.engine | String | diameter-gateway-engine-tls | The Kubernetes Secret name for the engine connection. |
| global.tls.secretName.diameter | String | diameter-gateway-tls | The Kubernetes Secret name for the Diameter connection. |
For External Diameter Gateway connections with TLS, you must create a Kubernetes Secret to load certificate and key
files into the pod. External Diameter Gateway looks up the secret name and, by default, mounts on
/opt/mtx/conf/keystore For example:
apiVersion: v1
kind: Secret
metadata:
name: diameter-gateway-tls
type: kubernetes.io/tls
data:
tls.crt: {{ .Files.Get "certs/diameter/tls.crt" | b64enc }}
tls.key: {{ .Files.Get "certs/diameter/tls.key" | b64enc }}For MATRIXX Engine connections with TLS, you must create a Kubernetes Secret to load certificate and key files
into the pod. External Diameter Gateway looks up the secret name and, by default, mounts on
/opt/mtx/conf/keystore/engine. For example:
apiVersion: v1
kind: Secret
metadata:
name: diameter-gateway-engine-tls
type: kubernetes.io/tls
data:
ca.crt: {{ .Files.Get "certs/engine/ca.crt" | b64enc }}
tls.crt: {{ .Files.Get "certs/engine/tls.crt" | b64enc }}
tls.key: {{ .Files.Get "certs/engine/tls.key" | b64enc }}