Configuring X-Header Encryption

Step 1

Configure the X-header insertion as described in Configuring X-Header Insertion.

Step 2

Create or configure a rulebase, and the encryption certificate to use and the re-encryption parameter as described in Configuring X-Header Encryption.

Step 3

Configure the encryption certificate to use as described in Configuring Encryption Certificate.

Configuring X-Header Encryption

To configure X-header encryption, use the following configuration:

configure  
   active-charging service ecs_service_name 
      rulebase rulebase_name 
         xheader-encryption certificate-name certificate_name 
         xheader-encryption re-encryption period re-encryption_period 
         end 
[/reference/refbody/section/p {"p"}) NOTES: (p]
  • This configuration enables X-header encryption for all subscribers using the specified rulebase.

  • If the certificate is removed, ECS continues using the copy that it has. The copy is set free once the certificate name is removed from the rulebase.

  • Changes to x-header format configuration won't trigger re-encryption for existing calls. The changed configuration will however, be applicable for new calls. The changed configuration will also apply at the next reencryption time to those existing calls for which reencryption timeout is specified. If encryption is enabled for a parameter while data is flowing, since its encrypted value won't be available, insertion of that parameter stops.

Configuring Encryption Certificate

To configure the encryption certificate, use the following configuration:

configure  
   certificate name certificate_name pem { { data pem_certificate_data private-key pem [ encrypted ] data pem_pvt_key } | { url url private-key pem { [ encrypted ] data pem_pvt_key | url url } } 
   end