In this section:
Signed TLS certificates are not available from Ribbon. If the service provider does not perform this function, a third-party certificate authority can be used at your expense.
However, Ribbon can provide debugging tools on request (refer to Sales).
Ribbon also provides the following files:
The third-party certificate authority is supposed to provide the following files:
There are a number of variations for certificate-based authentication. The DSC Platform supports X.509 certificate exchange. This protocol is used with Web certificates.
The authentication exchange in the handshake includes a node’s certificate. This certificate is validated against the local copy of the Certificate Authority (CA) certificate. If this certificate decodes validly, its content includes (among other things) validity dates, signing information, and the Distinguished Name (DN). This DN is going to be the Diameter ID of the ADN (or our local node when sent to the peer).
Certificates are generally better for large installations because each node only needs to connect to a CA to construct its own authentication certificate and to get the CA certificate.
The DSC Platform supports two-way authentication where the server sends its certificate and requests a certificate from the client.
The incoming connection is considered to be the client side for the purposes of the TLS handshake. Similarly, the outgoing connection from the DSC Platform is expected to be treated as a client connection for TLS.