11.3.2 Peer Node Configuration

Perform the following procedure to enable DESS (Diameter End-to-End Security) in the peer node:

Note:

The DESS feature is disabled by default.

1. Log in to the active SOAM (Service Operations, Administration, and Maintenance) GUI.
2. From the Main Menu, navigate to Diameter, Configuration, Peer Nodes, and then click Insert.
3. Select the Enable DESS Feature check box.
4. Upload the CA CERT.
5. Upload the Public Certificate.

   Note:

   Certificates must be in .pem format.
6. Select a DESS algorithm from the dropdown menu:
   1. RSA_SHA_256
   2. EC_DSA_SHA_256
   3. DSA_SHA_256
7. If signature verification fails for the peer node, select one of the following options from the Action on Verification Failure dropdown menu:
   1. "Send Error": The DSR returns a Diameter answer message with result code 5012: UNABLE_TO_COMPLY.
   2. "Silently Discard Error": The system discards the received message without any further action.
8. Click Apply.

   Note:

   Upon applying, the GUI verifies the certificates and displays an error if the public certificate is not issued by the CA certificate or if the public and private certificate do not match.
   .

   Figure 11-5 Peer Node Configuration