The purpose of this document is to provide a summary of how to configuration SSL for ch-smpp servers and clients. The internal implementation uses Java Secure Sockets Extension (JSSE).
// Configure the server as you normally would:
SmppServerConfiguration configuration = new SmppServerConfiguration();
configuration.setPort(2776);
...
// Then create a SSL configuration:
SslConfiguration sslConfig = new SslConfiguration();
sslConfig.setKeyStorePath("path/to/keystore");
sslConfig.setKeyStorePassword("changeit");
sslConfig.setKeyManagerPassword("changeit");
sslConfig.setTrustStorePath("path/to/keystore");
sslConfig.setTrustStorePassword("changeit");
...
// And add it to the server configuration:
configuration.setUseSsl(true);
configuration.setSslConfiguration(sslConfig);
sslConfig.setNeedClientAuth(true);
// Configure the server as you normally would:
SmppSessionConfiguration configuration = new SmppSessionConfiguration();
configuration.setType(SmppBindType.TRANSCEIVER);
configuration.setHost("127.0.0.1");
configuration.setPort(2776);
...
// Then create a SSL configuration:
SslConfiguration sslConfig = new SslConfiguration();
// Which trusts all certs by default. You can turn this off with
// sslConfig.setTrustAll(false);
...
// And add it to the server configuration:
configuration.setSslConfiguration(sslConfig);
configuration.setUseSsl(true);
sslConfig.setValidateCerts(true);
sslConfig.setValidatePeerCerts(true);
Generating Keys and Certificates with the JDK's keytool
keytool -keystore keystore -alias smpp -genkey -keyalg RSA
Generating Keys and Certificates with OpenSSL
openssl genrsa -des3 -out smpp.key
openssl req -new -x509 -key smpp.key -out smpp.crt
Generating a CSR from keytool
keytool -certreq -alias smpp -keystore keystore -file smpp.csr
Generating a CSR from OpenSSL
openssl req -new -key smpp.key -out smpp.csr
Loading Certificates with keytool
The following command loads a PEM encoded certificate in the smpp.crt file into a JSSE keystore:
keytool -keystore keystore -import -alias smpp -file smpp.crt -trustcacerts
Loading Keys and Certificates via PKCS12
If you have a key and certificate in separate files, you need to combine them into a PKCS12 format file to load into a new keystore. The certificate can be one you generated yourself or one returned from a CA in response to your CSR.
The following OpenSSL command combines the keys in smpp.key and the certificate in the smpp.crt file into the smpp.pkcs12 file.
openssl pkcs12 -inkey smpp.key -in smpp.crt -export -out smpp.pkcs12
keytool -importkeystore -srckeystore smpp.pkcs12 -srcstoretype PKCS12 -destkeystore keystore
This library has been tested with stunnel4 wrapping both client and servers. There is a sample stunnel.conf in src/test/resources that works with make server and make ssl-client. The SSL implementation should be compatible with other TLS/SSL encryption wrappers, assuming the JDK you are using supports the same cryptographic algorithms as the encryption wrapper.