1. Administration Guide
  2. Manage Transport Layer Security Certificates

6 Manage Transport Layer Security Certificates

You can upload entity or trusted certificates to Oracle Communications Session Delivery Manager for east-west peer OCSDM server communication, and for southbound communication with network function (NF) devices.

Note:

This chapter does not discuss the importation or deletion of HTTPS Certificates for the web service. These actions are handled through the OCSDM setup installation program. Refer the Configure Web Server Security section in the Oracle Communications Session Delivery Manager Installation Guide for more information.

Trusted certificates use the X.509 cryptographic standard for security validation in a public key infrastructure (PKI) that binds public keys with respective identities signed by a certificate authority (CA) or self-signed certificate. The X.509 standard specifies standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation algorithm.

Note:

See the Configure Transport Layer Security Certificates section in the Custom Installation chapter of the Oracle Communications Session Delivery Manager Installation Guide for more information about generating and uploading an entity certificate for mutual authentication between a peer OCSDM server and southbound devices.

The transport layer security (TLS) feature provides a single secure sockets layer (SSL) keystore for entity or trusted certificates that are used to authenticate outbound SSL and southbound interface (SBI) transport layer security (TLS) communication to applications, product plugins, and their respective NF devices that run on Oracle Communications Session Delivery Manager.

OCSDM communicates with devices indirectly through the installed Oracle Communications Session Element Manager product plug-in. For example, this plug-in may use ACP (plaintext or with TLS), SNMP, SSH, and SFTP to communicate with devices. TLS can be enabled for ACP to add security, but ACP itself provides no 'added security'. Refer to the specifications of your NF devices (client) to determine if an NF device supports the SBI TLS feature.