Article Original Creation Date: 2010-11-08
Overview
The article lists the FAQs (Frequently Asked Questions) about using HTTPS instead of HTTP for TR-069 communication between the ACS(Auto-Configuration Server) and device.
Environment
Information
Question 1:
Does ServiceGateway 4x currently support HTTPS?
HTTP over SSL/TLS (Secure Socket Layer / Transport Layer Security) communication between the ACS (Tomcat) and devices is currently supported and is transparent to the ACS itself.
It is worth noting that implementing SSL/TLS on the Tomcat server will place significantly higher CPU demands on the server. An alternative option is to have the encrypted sessions terminate at either a router or load balancer closer to the edge of the network.
Question 2:
Is it possible to have Philips modems communicating over HTTP, and Sagem modems over HTTPS?
Both HTTP and HTTPS can be supported simultaneously on the ACS (Tomcat) but will require configuration on different ports (connectors), and this will result in two distinct ACS URLs. The Phillips and Sagem devices would, therefore, need to have a difference ACS URLs per the example given.
Question 3:
What kind of debugging tools are available to decrypt the communication between ACS and device if there is a requirement to perform low-level troubleshooting?
About low-level troubleshooting, the ACS logs contain unencrypted session information, so that remains a viable option. Configured with the private key, it is also possible to decrypt SSL traffic using a network protocol analyzer, such as Wireshark, from the Tomcat server.
Question 4:
Does ServiceGateway support encrypting password fields in the communication?
Encrypting of password fields in communication would seem unnecessary if the session is already encrypted. In an unencrypted session, there is currently not a known means to do this, and there is no native support in the ServiceGateway.