Add encryption option to connectors

<< Click to Display Table of Contents >>

Navigation:  How to... >

Add encryption option to connectors

Some of the IP servers in Diafaan SMS Server, like the HTTP server in the Web Connector and the SMPP server in the SMPP Connector, offer support for encrypted SSL connections. The IP servers in Diafaan SMS Server can use an X509 (OpenSSL) certificate that is stored in a password protected .pfx file. For optimal security and compatibility the certificate must be signed by a trusted root certificate authority and be set to the name of the host name or IP address of the server where Diafaan SMS Server is installed. But it is also possible to use a self-signed certificate if the SSL clients will accept them, however some SSL clients only accept connections to properly signed certificates with a perfect host name match.

 

Diafaan SMS Server can be used to generate a self-signed certificate for test purposes or when encryption without secure server identification is sufficient. To create the certificate file select menu options Help-Create SSL certificate, fill in the Host name or IP address and the password of the certificate file and select Save to create the certificate file.

 

create-ssl-certificate1

 

To enable encryption, the certificate file has to be added to the connector. In the example below there are three properties that must be set in the advanced settings of the SMPP Connector: SSLCertificate, SSLCertificatePassword and SSLProtocols:

create-ssl-certificate2

The SSLCertificate property is set to full path and file name of the certificate file. Since this file is password protected, the SSLCertificatePassword must also be set.

 

The SSLProtocols setting is set to the list of SSL protocols that can be used for the connections from the clients, using only TLS 1.2 is the most secure option but some clients might only work with older SSL protocols. Not versions of Windows and .NET support the all the protocols, you can test with different settings to find out which protocols work in a specific installation.

 

When the certificate is installed correctly the connector now accepts only secure connections from clients.