SSL/TLS Connection Security
Introduction
Server library can serve connections secured with Secure Sockets Layer (SSL) and it's successor Transport Layer Security (TLS) protocols. Currently supported server side authentication and encryption. That is where server library can be authorized to the clinent using X.509 public key certificate which is also used to produce symmetric key for session encryption. If certificate provided for the library mets certain standards it can guarantee the same level of security as web servers serving content using HTTPS protocol.
Usage
Creating server which is capable of SSL/TLS secured connections requires providing a certificate with assorted CA certificates
and private key in a PKCS#12 archive file with
.pfx or .p12 extenstion. Certificate file may be password protected. Certificate should be
passed to the server library via tls.certificate-file command set among
ExtendedParameters parameter of appropriate protocol's InitializeServer method.
string ep = "tls.certificate-file=smscs.pfx";
// [...]
int result = serverSMPP.smppInitializeServer("", 2048, ep);
if(result == 0) {
// Server initialized correctly, awaiting client connections
} else {
// Error initializing server
}If the certificate is password protected then it may be necessary to provide the password using
tls.certificate-password parameter.
Creating Test Certificate
Self-signed certificate can be used for testing of SSL/TLS secured connectivity. Test certificate can be done using makecert.exe and pvk2pfx.exe command utilities as shown below:
makecert.exe -r -pe -n "CN=localhost" -sv smscs.pvk smscs.cer
pvk2pfx.exe -pi "" -pvk smscs.pvk -spc smscs.cer -pfx smscs.pfx
Such a certificate is not signed with trusted Certificate Authority (CA) signature chain and can not be validated as correct
so it requires setting tls.checks=0 to be accepted by client library.