A9.1 Files relating to GAN certificate for testing

3GPP51.010-1Mobile Station (MS) conformance specificationPart 1: Conformance specificationTS

All files associated with the certificates to be used for authentication in IPSec are contained in archive GAN_certificate_V1.zip.

Files to be used both by MS and SS are contained in this archive.

The archive file set consists of the following:

Ca.key

Ca.crt

Segw.key

Segw.csr

Segw.crt

_Command.txt

The commands performed to generate the above files

_Openssl.txt

Input file containing information required to generate above certificates (renamed from openssl.cnf)

_Exectution.txt

Activity log generated whilst above files are generated (also contains details of information prompted for during command execution)

A9.1.1 Overview and usage of certificate files

In a regular network (non-test) environment, a public certification authority (CA) would be used to generate a SEGW certificate (ca.crt) using the CA’s private key and the network operator’s information. For testing we are using our own test CA and have made available the test CA self-signed root certificate (self signing ca.crt).

Of the above files, the MS will need to store the test CA root certificate (ca.crt).

The SS will use the private key (segw.key) and certificate (segw.crt) for mutual authentication relating to the provisioning SEGW.

The SS vendor will use the test CA private key (ca.key) and test CA root certificate (ca.crt) to generate further certificates relating to the default and serving SEGWs.

A9.1.2 Privacy of private keys and usage of certificate

Since the private key relating to the root certificate is published here, there is no privacy, and thus no relationship of trust associated with this root certificate (ca.crt). It is of the utmost importance that the MS will only utilise this certificate for test purposes. For further details refer to TS 44.014.

Annex 10 (informative):
Repeated SACCH Layer 1 Test Method: