A9.1 Files relating to GAN certificate for testing
3GPP51.010-1Mobile Station (MS) conformance specificationPart 1: Conformance specificationTS
All files associated with the certificates to be used for authentication in IPSec are contained in archive GAN_certificate_V1.zip.
Files to be used both by MS and SS are contained in this archive.
The archive file set consists of the following:
– |
Ca.key |
|
– |
Ca.crt |
|
– |
Segw.key |
|
– |
Segw.csr |
|
– |
Segw.crt |
|
– |
_Command.txt |
The commands performed to generate the above files |
– |
_Openssl.txt |
Input file containing information required to generate above certificates (renamed from openssl.cnf) |
– |
_Exectution.txt |
Activity log generated whilst above files are generated (also contains details of information prompted for during command execution) |
A9.1.1 Overview and usage of certificate files
In a regular network (non-test) environment, a public certification authority (CA) would be used to generate a SEGW certificate (ca.crt) using the CA’s private key and the network operator’s information. For testing we are using our own test CA and have made available the test CA self-signed root certificate (self signing ca.crt).
Of the above files, the MS will need to store the test CA root certificate (ca.crt).
The SS will use the private key (segw.key) and certificate (segw.crt) for mutual authentication relating to the provisioning SEGW.
The SS vendor will use the test CA private key (ca.key) and test CA root certificate (ca.crt) to generate further certificates relating to the default and serving SEGWs.
A9.1.2 Privacy of private keys and usage of certificate
Since the private key relating to the root certificate is published here, there is no privacy, and thus no relationship of trust associated with this root certificate (ca.crt). It is of the utmost importance that the MS will only utilise this certificate for test purposes. For further details refer to TS 44.014.
Annex 10 (informative):
Repeated SACCH Layer 1 Test Method: