/server

SSL/TLS Connection Security

Introduction

Server library can serve connections secured with Secure Sockets Layer (SSL) and it's successor Transport Layer Security (TLS) protocols. Currently supported server side authentication and encryption. That is where server library can be authorized to the clinent using X.509 public key certificate which is also used to produce symmetric key for session encryption. If certificate provided for the library mets certain standards it can guarantee the same level of security as web servers serving content using HTTPS protocol.

Usage

Creating server which is capable of SSL/TLS secured connections requires providing a certificate with assorted CA certificates and private key in a PKCS#12 archive file with .pfx or .p12 extenstion. Certificate file may be password protected. Certificate should be passed to the server library via tls.certificate-file command set among ExtendedParameters parameter of appropriate protocol's InitializeServer method.


string ep = "tls.certificate-file=smscs.pfx";

// [...]

int result = serverSMPP.smppInitializeServer("", 2048, ep);

if(result == 0) {
  // Server initialized correctly, awaiting client connections
} else {
  // Error initializing server
}

If the certificate is password protected then it may be necessary to provide the password using tls.certificate-password parameter.

Creating Test Certificate

Self-signed certificate can be used for testing of SSL/TLS secured connectivity. Test certificate can be done using makecert.exe and pvk2pfx.exe command utilities as shown below:

makecert.exe -r -pe -n "CN=localhost" -sv smscs.pvk smscs.cer


pvk2pfx.exe -pi "" -pvk smscs.pvk -spc smscs.cer -pfx smscs.pfx

Such a certificate is not signed with trusted Certificate Authority (CA) signature chain and can not be validated as correct so it requires setting tls.checks=0 to be accepted by client library.

See Also

smppInitializeServer

document.".$focusitem.".focus();"; } if($script != "") { echo $script; } ?>