11.3.2 Peer Node Configuration

Perform the following procedure to enable DESS (Diameter End-to-End Security) in the peer node:

Note:

By default DESS feature will be disabled.

1. Log in to the active SOAM (Service Operations, Administration, and Maintenance) GUI.
2. From the Main Menu, navigate to Diameter, Configuration, Peer Nodes, and then click Insert.
3. Enable DESS Feature check box.
4. Upload CA CERT.
5. Upload Public Certificate.

   Note:

   Certificates must be in .pem format.
6. Select the required DESS algorithm from the dropdown menu:
   1. RSA_SHA_256
   2. EC_DSA_SHA_256
   3. DSA_SHA_256
7. If the signature verification fails for the peer node, select any of the following options from the dropdown menu of Action on Verification Failure:
   1. "Send Error": DSR will return Diameter answer message with result code 5012: UNABLE_TO_COMPLY.
   2. "Silently Discard Error": The system will silently drop the received message without taking any further action.
8. Click Apply.

   Note:

   When applying, GUI will verify the certificates and throws error if public certificate is not issued by CA certificate or public and private certificate are not in pair.
   .

   Figure 11-5 Peer Node Configuration