Configuring X-Header Encryption
Step 1 |
Configure the X-header insertion as described in Configuring X-Header Insertion. |
Step 2 |
Create or configure a rulebase, and the encryption certificate to use and the re-encryption parameter as described in Configuring X-Header Encryption. |
Step 3 |
Configure the encryption certificate to use as described in Configuring Encryption Certificate. |
Configuring X-Header Encryption
To configure X-header encryption, use the following configuration:
configure
active-charging service ecs_service_name
rulebase rulebase_name
xheader-encryption certificate-name certificate_name
xheader-encryption re-encryption period re-encryption_period
end
[/reference/refbody/section/p
{"p"}) NOTES: (p]-
This configuration enables X-header encryption for all subscribers using the specified rulebase.
-
If the certificate is removed, ECS continues using the copy that it has. The copy is set free once the certificate name is removed from the rulebase.
-
Changes to x-header format configuration won't trigger re-encryption for existing calls. The changed configuration will however, be applicable for new calls. The changed configuration will also apply at the next reencryption time to those existing calls for which reencryption timeout is specified. If encryption is enabled for a parameter while data is flowing, since its encrypted value won't be available, insertion of that parameter stops.
Configuring Encryption Certificate
To configure the encryption certificate, use the following configuration:
configure
certificate name certificate_name pem { { data pem_certificate_data private-key pem [ encrypted ] data pem_pvt_key } | { url url private-key pem { [ encrypted ] data pem_pvt_key | url url } }
end