Introduction
On the Alaris platform, the steps to configure the SMPP over TLS connection configuration with the vendor side are different from the client side.
In this article, we will explain what is required for the client to establish an SMPP or HTTPS session with the System Owner.
SMPP over TLS and HTTPS / HTTPS-callback default ports
By default, client can estaliblish SMPP over TLS or HTTPS session using your secure port.
The default set of ports you can find below:
2876 - SMPP over TLS
8002 - HTTPS
8004 - HTTPS-callback
But this set of ports may differ. To find out the exact set, contact Alaris support.
Do we need a valid certificate installed on the switch to install a secure session?
Yes, you need a valid certificate + private key, which must be installed on the System Owner’s switch. There are 2 ways to generate and install it:
We can install and set for an auto-update our free certificate by Let's Encrypt for set of domains that point to System Owner's VIP (Virtual IP). In case of several sites (for example FRA and DE), we can install this certificate on both. To do this, contact Alaris support and provide a list of domains for which you need to generate a certificate.
Important: domains must be resolved to a VIP address of System owner.The system owner can provide own certificate and private key to Alaris support. The domain name must be resolved to the VIP address of the desired system (if there are various sites, for example FRA and DE).
After this, the client will be able to establish a secure session with the System owner, using the secure port.
SMPP over SSL troubleshooting
If all the necessary certificates are installed on the System owner’s switch, but a secure session is not established, then it is necessary to capture .pcap traces in Start/Administration/Trace analyzer.
Most often, you will see the following situations:
If insecure traffic is sent to the host which expects a secure connection, RST packets will be received (as shown in the figure below).
RST packets during SMPP installation over TLS:
In case secure traffic is sent to the host that does not expect secure connection, RST packets will be received as well. Secure traffic can be detected by TLS Protocol packets (see figure below).
RST packets sent during TLS setup:
How to resolve the issue.
For the client connection:
If secure connection is not required, contact your client and request them to send unsecure traffic to Alaris non-TLS/SSL port (2875 by default)
If secure connection is required, contact your client and request them to send secure traffic to Alaris TLS/SSL port (2876 by default). A valid SSL certificate should be installed.
AKBSMS - Alaris Knowledge Base
Related Questions:
How to establish an SSL/TLS session with client side?
What are the default Alaris secure ports?
How to solve the problem with a TLS session with a client?
Link to this article: https://helpdesk.alarislabs.com/en/knowledge_base/article/236/category/131/