Home
MATRIXX Security
Enabling Transport Layer Security
Transport Layer Security (TLS) provides secure internet connections by encrypting data sent between a browser, a website, and the website server to ensure that data is transmitted privately.
Enable TLS for MATRIXX Backoffice Customer Tool
Enable Transport Layer Security (TLS) connections for MATRIXX Backoffice Customer Tool with configuration changes and an alias for localhost.

Welcome
MATRIXX Release Notes
MATRIXX Architecture
MATRIXX Installation and Upgrade
MATRIXX Configuration
MATRIXX Security
- About MATRIXX Security
- Introduction to MATRIXX Cloud Native Security
  The information in MATRIXX Security is best-practice information and identifies MATRIXX-specific security considerations and implementations. For container-specific and Kubernetes security information, see the third-party documentation.
- Cloud Native Security
  The information here addresses cloud native security and includes recommendations for securing your cloud native implementation.
- Managing Certificates
  MATRIXX uses certificates signed by a trusted certificate authority, or validated by other means, to establish secure communications with another party with the corresponding private key.
- Enabling Transport Layer Security
  Transport Layer Security (TLS) provides secure internet connections by encrypting data sent between a browser, a website, and the website server to ensure that data is transmitted privately.
  - Enable TLS for MATRIXX Backoffice Customer Tool
    Enable Transport Layer Security (TLS) connections for MATRIXX Backoffice Customer Tool with configuration changes and an alias for localhost.
  - Enable TLS for Event Streaming Framework
    Enable Transport Layer Security (TLS) connections for Event Streaming Framework so that it can communicate with a TLS-enabled Kafka cluster.
  - Enable TLS for My MATRIXX
    Enable Transport Layer Security (TLS) connections for My MATRIXX with configuration changes and an alias for localhost.
  - Enable TLS for Notification Server
    Enable secure socket layer (TLS) connections for Notification Server so that it can communicate with an TLS-enabled RS Gateway.
  - Enable TLS for RS Gateway
    Enable Transport Layer Security (TLS) connections for RS Gateway with configuration changes and an alias for localhost.
  - Enable TLS for SBA Gateway
    Enable Transport Layer Security (TLS) connections for SBA Gateway with MATRIXX and Kubernetes cluster changes.
- Network Security
  Network zones are stacked with increasing proximity to the open internet or DMZ. Each zone is traversed by ingress and egress points through an application or server, with appropriate authentication and authorization for connecting system traffic.
- Application Security
  Application security includes configuring web applications and gateways.
- Database Security
  Depending on your MATRIXX environment, you can use multiple external databases.
- OAuth 2.0 Identity and Access Management
  MATRIXX supports third-party identity and access management application integration.
MATRIXX Integration
MATRIXX Diameter Integration
MATRIXX Call Control Framework Integration
MATRIXX TM Forum Integration
MATRIXX 5G Integration
MATRIXX 5G Event Streaming
MATRIXX Event Streaming
MATRIXX Administration
MATRIXX Web App Administration
MATRIXX Monitoring and Logging
MATRIXX Policy
MATRIXX Kafka CDR Consumer
MATRIXX Pricing and Rating
MATRIXX Pay Now
MATRIXX Subscriber Management
MATRIXX Subscriber Management API
MATRIXX Business API SDK
My MATRIXX Help
MATRIXX Backoffice Customer Tool Help
MATRIXX Third-Party Licenses
Glossary

Enable TLS for MATRIXX Backoffice Customer Tool

Enable Transport Layer Security (TLS) connections for MATRIXX Backoffice Customer Tool with configuration changes and an alias for localhost.

About this task

These steps assume a non self-signed certificate that accepts a host name alias with a host name that resolves to the IP address of the server running MATRIXX Backoffice Customer Tool. For more information about MATRIXX Backoffice Customer Tool security, see the discussion about application security.

Important: Only use certificates obtained from a reputable and trusted certificate authority.

Procedure

Configure the /opt/mtx/conf/webapps/matrixxbct/classes/config/application-default.yaml file.
For example (customize for your implementation):
```
server: 
    port: 6061 
    ssl: 
        enabled: true 
        key-store-type: PKCS12
        key-store: file:///keystore/keystore.p12 
        key-store-password: keystore-password
        key-alias: '*alias.com'
```
Where:
- port — The port number to access MATRIXX Backoffice Customer Tool. The default port for RS Gateway is 8080. Setting the port value is optional.
- enabled — Set to true to enable TLS.
- key-store-type — The format used for the keystore. Set to JKS for a JKS file.
- key-store — The path to the keystore containing the certificate.
- key-store-password — The password used to generate the certificate.
- key-alias — The key alias.
Note: If applications.yaml does not exist, create it with the following commands:
```
sudo mkdir -p /opt/mtx/conf/webapps/matrixxbct/classes/config 
sudo chown -R mtx:mtx /opt/mtx/conf/webapps/matrixxbct/classes/config 
vi application-default.yaml 
```
If TLS is also enabled for RS Gateway, then the other web apps that communicate with RS Gateway must set the correct URL. For MATRIXX Backoffice Customer Tool, add the following in /opt/mtx/conf/matrixxbct.yaml:
```
rsgateway: 
        url: url_for_rs_gateway
```
For example:
```
rsgateway: 
        url: https://rsgateway.alias.com:6060/rsgateway/data
```

Results

Verify if TLS has been successfully enabled. For example:

wget -d https://admin:[email protected]:6061/matrixxbct/home