d/changelog: add 2.6.6~sysmocom2

[SMF] Fix fixed-0 IPCP identifier in PCO ack
Related: SYS#6582 Related: https://github.com/open5gs/open5gs/pull/2920
2024-01-26 16:54:16 +01:00 · 2024-01-26 16:51:58 +01:00 · 2023-10-31 14:32:14 +01:00 · 2023-10-31 14:32:14 +01:00 · 2023-10-31 13:26:34 +01:00 · 2023-10-31 13:26:34 +01:00
7177 changed files with 762343 additions and 137652 deletions
--- a/.github/ISSUE_TEMPLATE/bugreport.yaml
+++ b/.github/ISSUE_TEMPLATE/bugreport.yaml
@ -0,0 +1,58 @@
+name: Bug Report
+description: File a bug report or issue
+title: "[Bug]: "
+labels: ['triage']
+assignees: []
+body:
+  - type: markdown
+    attributes:
+      value: > 
+        **Please note**
+        
+        This form should only be used if _you can reporoduce_ the bug the in the *current* release of
+        Open5GS Stack. For installation, configuration or other help with Open5GS please
+        use our [discussion forum](https://github.com/open5gs/open5gs/discussions).
+        
+        **This form is not for support requests.**
+  - type: input
+    attributes:
+      label: Open5GS Release, Revision, or Tag
+      description: Please check if your issue has been resolved in the latest release.
+      placeholder: v2.6.0
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Steps to reproduce
+      description: >
+        Please describe in detail the steps needed to reproduce this bug. These steps
+        should reproduce the issue on the most current release of Open5GS. Be sure to
+        include configuration and platform details.
+        Please include logs from the relevant daemons as well as any relevant packet captures.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Logs
+      description: Provide any relevant captured logs for the issue
+      render: shell
+  - type: textarea
+    attributes:
+      label: Expected behaviour
+      description: What did you expect to happen?
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Observed Behaviour
+      description: What's the observed behaviour?
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: eNodeB/gNodeB
+      description: If using an eNB or gNB, please identify which vendor/version
+  - type: input
+    attributes:
+      label: UE Models and versions
+      description: Which UE hardware model and version or simulator version are you using?
--- a/.github/ISSUE_TEMPLATE/config.yaml
+++ b/.github/ISSUE_TEMPLATE/config.yaml
@ -0,0 +1,9 @@
+blank_issues_enabled: false
+contact_links:
+        - name: Open5GS Contribution Guide
+          url: https://github.com/open5gs/open5gs/wiki/Contribution-guide
+          about: Contribution guide detailing how you can help the project
+        - name: Project Sponsorship
+          url: https://github.com/sponsors/acetcom
+          name: Support the Open5GS developer using GitHub sponsorship
+
--- a/.github/ISSUE_TEMPLATE/feature_request.yaml
+++ b/.github/ISSUE_TEMPLATE/feature_request.yaml
@ -0,0 +1,48 @@
+name: Feature request
+description: Propose an enhancement to Open5GS
+labels: ['Enhancement', 'triage']
+body:
+  - type: markdown
+    attributes:
+      value: >
+        ## Feature request
+        Please submit your feature request using the form. If your proposal is not sufficiently
+        well formed, we may request further clarification and expansion. If you're unsure about
+        how to formulate your request, please start a [discussion instead](https://github.com/open5gs/open5gs/dicsussions/).
+
+  - type: input
+    attributes:
+      label: Open5GS Release, Revision, or Tag
+      placeholder: v2.6.0
+    validations:
+      required: true
+
+  - type: input
+    attributes:
+      label: Components and subsystems
+      description: Which subsystems and components would this feature be relevant to?
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: Proposed functionality
+      description: >
+        Provide a detailed description of the feature or behaviour you are proposing. Please include any
+        Please include any relevant 3GPP standards and references and include any specific changes to
+        current protocols, processing pipelines, DIAMETER requests/responses, and interfaces. The more detail
+        you provide, the greater the chance your proposal has of being discussed.
+
+        If your feature request does not include anything actionable or sufficient details, you may be asked
+        to provide further clarification or your request may be rejected.
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: External dependencies
+      description: >
+        Please detail any new dependencies or implementations that this feature might introduce. e.g. Does the 
+        proposal require the installation of additional packages? Are there further external nodes which may be
+        required for integration testing? (Not all feature requests will introduce new dependencies)
+
--- a/.github/workflows/cifuzz.yml
+++ b/.github/workflows/cifuzz.yml
@ -0,0 +1,34 @@
+name: CIFuzz
+on: [pull_request]
+permissions: {}
+jobs:
+ Fuzzing:
+   runs-on: ubuntu-latest
+   permissions:
+     security-events: write
+   steps:
+   - name: Build Fuzzers
+     id: build
+     uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
+     with:
+       oss-fuzz-project-name: 'open5gs'
+   - name: Run Fuzzers
+     uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
+     with:
+       oss-fuzz-project-name: 'open5gs'
+       fuzz-seconds: 300
+       output-sarif: true
+   - name: Upload Crash
+     uses: actions/upload-artifact@v3
+     if: failure() && steps.build.outcome == 'success'
+     with:
+       name: artifacts
+       path: ./out/artifacts
+   - name: Upload Sarif
+     if: always() && steps.build.outcome == 'success'
+     uses: github/codeql-action/upload-sarif@v2
+     with:
+      # Path to SARIF file relative to the root of the repository
+      sarif_file: cifuzz-sarif/results.sarif
+      checkout_path: cifuzz-sarif
+      category: CIFuzz
--- a/.github/workflows/meson-ci.yml
+++ b/.github/workflows/meson-ci.yml
@ -39,7 +39,7 @@ jobs:
    - name: Check out repository code
      uses: actions/checkout@main
    - name: Setup Meson Build
-      run: PATH="/usr/local/opt/bison/bin:$PATH" meson setup build
+      run: PATH="/usr/local/opt/bison/bin:$PATH" PKG_CONFIG_PATH="/usr/local/opt/openssl/lib/pkgconfig:$PKG_CONFIG_PATH" meson setup build
      env:
        CC: gcc
    - name : Build Open5GS
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@ -0,0 +1,45 @@
+name: Mark stale issues and pull requests
+
+on:
+  schedule:
+  - cron: '30 22 * * *'
+
+jobs:
+  stale:
+
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+
+    steps:
+    - uses: actions/stale@v5
+      with:
+        debug-only: false
+        operations-per-run: 500
+        enable-statistics: true
+        remove-stale-when-updated: true
+        exempt-issue-labels: 'status:accepted,status:blocked,status:more-info-needed,status:milestone-required,Help Wanted'
+        exempt-all-milestones: true
+        stale-issue-label: 'Housekeeping:ToClose'
+        
+        days-before-stale: 60
+        stale-issue-message: >
+          This issue has been marked as stale because there has been no recent activity on it. If there is
+          no further activity, it will be closed. The Open5GS team is a small but dedicated team with limited 
+          resources and may not be able to address every issue directly. **Do not** attempt to circumvent this 
+          by 'bumping' the issue; doing so will result in it's immediate closure and possibly your exclusion 
+          from participating in any future discussions.      
+        stale-pr-message: >
+          As there has been no recent activity on this PR, it has been marked as stale. It will be automatically
+          closed if no further action is taken.
+        
+        
+        days-before-close: 30
+        days-before-pr-close: -1
+        close-issue-message: >
+          This issue has been closed automatically due to lack of activity. This has been done to try
+          and reduce the amount of noise. Please do not comment any further. The Open5GS Team may choose to
+          re-open this issue if necessary.
+        close-pr-message: >
+          This PR has been closed due to an absence of activity.
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,5 @@
+install/
+
 # This directory is fetched during first build and is present in this directory
 subprojects/freeDiameter
 subprojects/libtins
--- a/README.md
+++ b/README.md
@ -1,88 +1,18 @@
-<h1 align="center">Open5GS</h1>
+<p align="center"><a href="https://open5gs.org" target="_blank" rel="noopener noreferrer"><img width="100" src="https://open5gs.org/assets/img/open5gs-logo-only.png" alt="Open5GS logo"></a></p>
+
+## Getting Started
+
+Please follow the [documentation](https://open5gs.org/open5gs/docs/) at [open5gs.org](https://open5gs.org/)!
+
+## Sponsors

 If you find Open5GS useful for work, please consider supporting this Open Source project by [Becoming a sponsor](https://github.com/sponsors/acetcom). To manage the funding transactions transparently, you can donate through [OpenCollective](https://opencollective.com/open5gs).

-<h3 align="center">Platinum Sponsors</h3>
-<table align="center">
-  <tbody>
-    <tr>
-      <td align="center" valign="middle">
-  <a href="https://teletresearch.com/" target="_blank">
-    <img width="400px" src="https://open5gs.org/assets/img/Telet-logo-v2.png">
+<p align="center">
+  <a target="_blank" href="https://open5gs.org/#sponsors">
+      <img alt="sponsors" src="https://open5gs.org/assets/img/sponsors.svg">
  </a>
-      </td>
-    </tr>
-  </tbody>
-</table>
-
-<h3 align="center">Gold Sponsors</h3>
-<table align="center">
-  <tbody>
-    <tr>
-      <td align="center" valign="middle">
-  <a href="http://wavemobile.com/" target="_blank">
-    <img width="222px" src="https://open5gs.org/assets/img/Wavemobile-Logo-Mark-RGB.png">
-  </a>
-      </td>
-    </tr>
-  </tbody>
-</table>
-
-<h3 align="center">Silver Sponsors</h3>
-<table align="center">
-  <tbody>
-    <tr>
-      <td align="center" valign="middle" width="222px">
-        <a href="https://nextepc.com/" target="_blank">
-          <img src="https://open5gs.org/assets/img/nextepc_logo.jpg">
-        </a>
-      </td>
-      <td align="center" valign="middle" width="222px">
-        <a href="https://www.wearetriple.com/" target="_blank">
-          <img src="https://open5gs.org/assets/img/triple_logo.png">
-        </a>
-      </td>
-      <td align="center" valign="middle" width="222px">
-        <a href="https://sdr.eee.strath.ac.uk/" target="_blank">
-          <img src="https://open5gs.org/assets/img/strath.png">
-        </a>
-      </td>
-    </tr>
-    <tr>
-      <td align="center" valign="middle" width="222px">
-        <a href="https://skylarkwireless.com/" target="_blank">
-          <img src="https://open5gs.org/assets/img/SkylarkWireless-420x78-Web2-R.png">
-        </a>
-      </td>
-      <td align="center" valign="middle" width="222px">
-        <a href="https://sysmocom.de/" target="_blank">
-          <img src="https://open5gs.org/assets/img/sysmocom-logo-only.png">
-        </a>
-      </td>
-      <td align="center" valign="middle" width="222px">
-        <a href="https://www.p1sec.com/" target="_blank">
-          <img src="https://open5gs.org/assets/img/2021-logo-P1.svg">
-        </a>
-      </td>
-    </tr>
-    <tr>
-      <td align="center" valign="middle" width="222px">
-        <a href="https://www.ng-voice.com/" target="_blank">
-          <img src="https://open5gs.org/assets/img/ng-voice-logo_color.png">
-        </a>
-      </td>
-      <td align="center" valign="middle" width="222px">
-        <a href="http://www.bristol.ac.uk/engineering/research/smart/" target="_blank">
-          <img src="https://open5gs.org/assets/img/smart-internet-lab.png">
-        </a>
-      </td>
-    </tr>
-  </tbody>
-</table>
-
-## Documentation
-
-If you don't understand something about Open5GS, the [https://open5gs.org/open5gs/docs/](https://open5gs.org/open5gs/docs/) is a great place to look for answers.
+</p>

 ## Community

@ -97,4 +27,4 @@ If you're contributing through a pull request to Open5GS project on GitHub, plea
 ## License

 - Open5GS Open Source files are made available under the terms of the GNU Affero General Public License ([GNU AGPL v3.0](https://www.gnu.org/licenses/agpl-3.0.html)).
- [Commercial licenses](https://open5gs.org/open5gs/support/) are also available from [NextEPC, Inc.](https://nextepc.com)
+- [Commercial licenses](https://open5gs.org/open5gs/support/) are also available from [NeoPlane](https://neoplane.io/)
--- a/configs/310014.yaml.in
+++ b/configs/310014.yaml.in
@ -2,6 +2,18 @@ db_uri: mongodb://localhost/open5gs

 logger:

+sbi:
+    server:
+      no_tls: true
+      cacert: @build_configs_dir@/open5gs/tls/ca.crt
+      key: @build_configs_dir@/open5gs/tls/testserver.key
+      cert: @build_configs_dir@/open5gs/tls/testserver.crt
+    client:
+      no_tls: true
+      cacert: @build_configs_dir@/open5gs/tls/ca.crt
+      key: @build_configs_dir@/open5gs/tls/testclient.key
+      cert: @build_configs_dir@/open5gs/tls/testclient.crt
+
 parameter:
 #    no_nrf: true
 #    no_scp: true
@ -19,6 +31,7 @@ parameter:
 #    no_sgwu: true
 #    no_pcrf: true
 #    no_hss: true
+#    use_mongodb_change_stream: true

 mme:
    freeDiameter:
@ -27,14 +40,14 @@ mme:
      listen_on: 127.0.0.2
      no_fwd: true
      load_extension:
-        - module: @freediameter_extensions_builddir@/dbg_msg_dumps.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
          conf: 0x8888
-        - module: @freediameter_extensions_builddir@/dict_rfc5777.fdx
-        - module: @freediameter_extensions_builddir@/dict_mip6i.fdx
-        - module: @freediameter_extensions_builddir@/dict_nasreq.fdx
-        - module: @freediameter_extensions_builddir@/dict_nas_mipv6.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
      connect:
        - identity: hss.localdomain
          addr: 127.0.0.8
@ -94,14 +107,14 @@ smf:
      listen_on: 127.0.0.4
      no_fwd: true
      load_extension:
-        - module: @freediameter_extensions_builddir@/dbg_msg_dumps.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
          conf: 0x8888
-        - module: @freediameter_extensions_builddir@/dict_rfc5777.fdx
-        - module: @freediameter_extensions_builddir@/dict_mip6i.fdx
-        - module: @freediameter_extensions_builddir@/dict_nasreq.fdx
-        - module: @freediameter_extensions_builddir@/dict_nas_mipv6.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
      connect:
        - identity: pcrf.localdomain
          addr: 127.0.0.9
@ -150,6 +163,9 @@ upf:
    subnet:
      - addr: 10.45.0.1/16
      - addr: 2001:db8:cafe::1/48
+    metrics:
+      - addr: 127.0.0.7
+        port: 9090

 hss:
    freeDiameter:
@ -158,14 +174,14 @@ hss:
      listen_on: 127.0.0.8
      no_fwd: true
      load_extension:
-        - module: @freediameter_extensions_builddir@/dbg_msg_dumps.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
          conf: 0x8888
-        - module: @freediameter_extensions_builddir@/dict_rfc5777.fdx
-        - module: @freediameter_extensions_builddir@/dict_mip6i.fdx
-        - module: @freediameter_extensions_builddir@/dict_nasreq.fdx
-        - module: @freediameter_extensions_builddir@/dict_nas_mipv6.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
      connect:
        - identity: mme.localdomain
          addr: 127.0.0.2
@ -176,14 +192,14 @@ pcrf:
      listen_on: 127.0.0.9
      no_fwd: true
      load_extension:
-        - module: @freediameter_extensions_builddir@/dbg_msg_dumps.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
          conf: 0x8888
-        - module: @freediameter_extensions_builddir@/dict_rfc5777.fdx
-        - module: @freediameter_extensions_builddir@/dict_mip6i.fdx
-        - module: @freediameter_extensions_builddir@/dict_nasreq.fdx
-        - module: @freediameter_extensions_builddir@/dict_nas_mipv6.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
      connect:
        - identity: smf.localdomain
          addr: 127.0.0.4
@ -214,13 +230,16 @@ pcf:
    sbi:
      - addr: 127.0.0.13
        port: 7777
+    metrics:
+      - addr: 127.0.0.13
+        port: 9090

 nssf:
    sbi:
      - addr: 127.0.0.14
        port: 7777
    nsi:
-      - addr: ::1
+      - addr: 127.0.0.10
        port: 7777
        s_nssai:
          sst: 1
@ -234,3 +253,9 @@ udr:
    sbi:
      - addr: 127.0.0.20
        port: 7777
+
+time:
+  t3412:
+    value: 540     # 9 mintues * 60 = 540 seconds
+  t3512:
+    value: 540     # 9 mintues * 60 = 540 seconds
--- a/configs/csfb.yaml.in
+++ b/configs/csfb.yaml.in
@ -2,6 +2,18 @@ db_uri: mongodb://localhost/open5gs

 logger:

+sbi:
+    server:
+      no_tls: true
+      cacert: @build_configs_dir@/open5gs/tls/ca.crt
+      key: @build_configs_dir@/open5gs/tls/testserver.key
+      cert: @build_configs_dir@/open5gs/tls/testserver.crt
+    client:
+      no_tls: true
+      cacert: @build_configs_dir@/open5gs/tls/ca.crt
+      key: @build_configs_dir@/open5gs/tls/testclient.key
+      cert: @build_configs_dir@/open5gs/tls/testclient.crt
+
 parameter:
 #    no_nrf: true
 #    no_scp: true
@ -19,6 +31,7 @@ parameter:
 #    no_sgwu: true
 #    no_pcrf: true
 #    no_hss: true
+#    use_mongodb_change_stream: true

 mme:
    freeDiameter:
@ -27,14 +40,14 @@ mme:
      listen_on: 127.0.0.2
      no_fwd: true
      load_extension:
-        - module: @freediameter_extensions_builddir@/dbg_msg_dumps.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
          conf: 0x8888
-        - module: @freediameter_extensions_builddir@/dict_rfc5777.fdx
-        - module: @freediameter_extensions_builddir@/dict_mip6i.fdx
-        - module: @freediameter_extensions_builddir@/dict_nasreq.fdx
-        - module: @freediameter_extensions_builddir@/dict_nas_mipv6.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
      connect:
        - identity: hss.localdomain
          addr: 127.0.0.8
@ -128,14 +141,14 @@ smf:
      listen_on: 127.0.0.4
      no_fwd: true
      load_extension:
-        - module: @freediameter_extensions_builddir@/dbg_msg_dumps.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
          conf: 0x8888
-        - module: @freediameter_extensions_builddir@/dict_rfc5777.fdx
-        - module: @freediameter_extensions_builddir@/dict_mip6i.fdx
-        - module: @freediameter_extensions_builddir@/dict_nasreq.fdx
-        - module: @freediameter_extensions_builddir@/dict_nas_mipv6.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
      connect:
        - identity: pcrf.localdomain
          addr: 127.0.0.9
@ -184,6 +197,9 @@ upf:
    subnet:
      - addr: 10.45.0.1/16
      - addr: 2001:db8:cafe::1/48
+    metrics:
+      - addr: 127.0.0.7
+        port: 9090

 hss:
    freeDiameter:
@ -192,14 +208,14 @@ hss:
      listen_on: 127.0.0.8
      no_fwd: true
      load_extension:
-        - module: @freediameter_extensions_builddir@/dbg_msg_dumps.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
          conf: 0x8888
-        - module: @freediameter_extensions_builddir@/dict_rfc5777.fdx
-        - module: @freediameter_extensions_builddir@/dict_mip6i.fdx
-        - module: @freediameter_extensions_builddir@/dict_nasreq.fdx
-        - module: @freediameter_extensions_builddir@/dict_nas_mipv6.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
      connect:
        - identity: mme.localdomain
          addr: 127.0.0.2
@ -210,14 +226,14 @@ pcrf:
      listen_on: 127.0.0.9
      no_fwd: true
      load_extension:
-        - module: @freediameter_extensions_builddir@/dbg_msg_dumps.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
          conf: 0x8888
-        - module: @freediameter_extensions_builddir@/dict_rfc5777.fdx
-        - module: @freediameter_extensions_builddir@/dict_mip6i.fdx
-        - module: @freediameter_extensions_builddir@/dict_nasreq.fdx
-        - module: @freediameter_extensions_builddir@/dict_nas_mipv6.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
      connect:
        - identity: smf.localdomain
          addr: 127.0.0.4
@ -243,13 +259,16 @@ pcf:
    sbi:
      - addr: 127.0.0.13
        port: 7777
+    metrics:
+      - addr: 127.0.0.13
+        port: 9090

 nssf:
    sbi:
      - addr: 127.0.0.14
        port: 7777
    nsi:
-      - addr: ::1
+      - addr: 127.0.0.10
        port: 7777
        s_nssai:
          sst: 1
@ -263,3 +282,9 @@ udr:
    sbi:
      - addr: 127.0.0.20
        port: 7777
+
+time:
+  t3412:
+    value: 540     # 9 mintues * 60 = 540 seconds
+  t3512:
+    value: 540     # 9 mintues * 60 = 540 seconds
--- a/configs/freeDiameter/cacert.pem
+++ b/configs/freeDiameter/cacert.pem
@ -1,17 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIICrDCCAhWgAwIBAgIUX3u0zTLhQTa3lsR92/GelxTGQacwDQYJKoZIhvcNAQEL
-BQAwaDEXMBUGA1UEAwwOY2EubG9jYWxkb21haW4xCzAJBgNVBAYTAktPMQ4wDAYD
-VQQIDAVTZW91bDEOMAwGA1UEBwwFTm93b24xEDAOBgNVBAoMB09wZW41R1MxDjAM
-BgNVBAsMBVRlc3RzMB4XDTIwMDgyMjAwMzkxNloXDTMwMDgyMDAwMzkxNlowaDEX
-MBUGA1UEAwwOY2EubG9jYWxkb21haW4xCzAJBgNVBAYTAktPMQ4wDAYDVQQIDAVT
-ZW91bDEOMAwGA1UEBwwFTm93b24xEDAOBgNVBAoMB09wZW41R1MxDjAMBgNVBAsM
-BVRlc3RzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCuPWKllQ1+hM/wQE08
-xjDBiSx9GQOCEF5dkLK126u4joIhNFig6wfn/Ui0nq88ApUlEREUXB3D33ZEsAkt
-cbwz1UHX2THOeTYX8XdDbkwkbxNOOH902duiQ2UUbf8ve1hsV7+Dr7ue2Fmz4gsR
-lHBv1EsIyPZJQlb4qxET+2++2QIDAQABo1MwUTAdBgNVHQ4EFgQUZPvI16MgF9yo
-OqpLK4XNvT5TSwkwHwYDVR0jBBgwFoAUZPvI16MgF9yoOqpLK4XNvT5TSwkwDwYD
-VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQAwGvKdevLJNDuSXsFpIkTE
-ZRsNnKrprNgbZC4/HkrzpvR1aDQgcSqF12DzSUmoTqzESuMtKvkaLv2IqYko9g4p
-iKVu2jBDKrJq4q63Cy71fxwbtXLrqGaWgbXkepzqyJYjn4Nf/ya0shK7l2rIIDyL
-crvs5/rXN6enLFUQ3n955w==
-----END CERTIFICATE-----
--- a/configs/freeDiameter/hss.cert.pem
+++ b/configs/freeDiameter/hss.cert.pem
@ -1,60 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 2 (0x2)
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: CN=ca.localdomain, C=KO, ST=Seoul, L=Nowon, O=Open5GS, OU=Tests
-        Validity
-            Not Before: Aug 22 00:39:17 2020 GMT
-            Not After : Aug 20 00:39:17 2030 GMT
-        Subject: C=KO, ST=Seoul, O=Open5GS, OU=Tests, CN=hss.localdomain
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (1024 bit)
-                Modulus:
-                    00:e8:b3:82:96:bd:4a:f6:30:2c:03:60:aa:82:65:
-                    b0:15:32:5f:d3:90:0d:c0:1d:06:62:52:51:c7:12:
-                    36:d7:5c:34:21:ac:4a:44:4d:9b:a5:22:9c:3e:86:
-                    a8:ba:df:02:64:b6:74:f5:95:c4:71:e8:e0:28:1d:
-                    2b:ea:06:94:fa:3c:f1:07:d3:23:55:b6:84:d4:00:
-                    f4:28:08:18:be:c7:38:e1:b7:d9:b4:bf:d3:e1:d3:
-                    d8:13:60:72:e1:e4:d3:31:37:b1:cf:b9:e1:c9:8d:
-                    5e:e2:1c:54:a3:90:b1:69:6f:07:90:ff:68:86:69:
-                    7d:ef:50:69:0d:9d:47:18:39
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            Netscape Comment: 
-                OpenSSL Generated Certificate
-            X509v3 Subject Key Identifier: 
-                74:20:F9:E9:BD:E1:37:8A:9C:A9:AD:B4:B2:28:7D:44:22:0B:BD:0B
-            X509v3 Authority Key Identifier: 
-                keyid:64:FB:C8:D7:A3:20:17:DC:A8:3A:AA:4B:2B:85:CD:BD:3E:53:4B:09
-
-    Signature Algorithm: sha256WithRSAEncryption
-         ac:aa:85:5a:57:61:6d:7d:f3:c4:2a:b7:73:3f:e9:bc:b9:6d:
-         0a:8f:35:24:13:66:46:14:5e:60:90:3e:32:95:72:5a:21:55:
-         15:fe:ef:30:44:fb:fe:3e:cb:bf:f3:30:ce:3b:bb:4f:c1:64:
-         41:ea:db:99:f2:ca:db:78:03:95:81:91:3c:fa:1d:9c:8a:55:
-         eb:9d:6a:c1:b6:de:44:38:0f:99:b4:66:d5:4e:dd:e7:d5:ba:
-         ff:f2:4b:f6:9a:94:53:55:36:4e:73:2d:da:d1:bb:0f:8f:fb:
-         1a:22:43:28:6a:b4:5d:a3:40:2c:cf:7e:0d:3e:fb:60:ef:92:
-         f3:0e
-----BEGIN CERTIFICATE-----
-MIICsjCCAhugAwIBAgIBAjANBgkqhkiG9w0BAQsFADBoMRcwFQYDVQQDDA5jYS5s
-b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMQ4wDAYDVQQH
-DAVOb3dvbjEQMA4GA1UECgwHT3BlbjVHUzEOMAwGA1UECwwFVGVzdHMwHhcNMjAw
-ODIyMDAzOTE3WhcNMzAwODIwMDAzOTE3WjBZMQswCQYDVQQGEwJLTzEOMAwGA1UE
-CAwFU2VvdWwxEDAOBgNVBAoMB09wZW41R1MxDjAMBgNVBAsMBVRlc3RzMRgwFgYD
-VQQDDA9oc3MubG9jYWxkb21haW4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-AOizgpa9SvYwLANgqoJlsBUyX9OQDcAdBmJSUccSNtdcNCGsSkRNm6UinD6GqLrf
-AmS2dPWVxHHo4CgdK+oGlPo88QfTI1W2hNQA9CgIGL7HOOG32bS/0+HT2BNgcuHk
-0zE3sc+54cmNXuIcVKOQsWlvB5D/aIZpfe9QaQ2dRxg5AgMBAAGjezB5MAkGA1Ud
-EwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmlj
-YXRlMB0GA1UdDgQWBBR0IPnpveE3ipyprbSyKH1EIgu9CzAfBgNVHSMEGDAWgBRk
-+8jXoyAX3Kg6qksrhc29PlNLCTANBgkqhkiG9w0BAQsFAAOBgQCsqoVaV2FtffPE
-KrdzP+m8uW0KjzUkE2ZGFF5gkD4ylXJaIVUV/u8wRPv+Psu/8zDOO7tPwWRB6tuZ
-8srbeAOVgZE8+h2cilXrnWrBtt5EOA+ZtGbVTt3n1br/8kv2mpRTVTZOcy3a0bsP
-j/saIkMoarRdo0Asz34NPvtg75LzDg==
-----END CERTIFICATE-----
--- a/configs/freeDiameter/hss.conf.in
+++ b/configs/freeDiameter/hss.conf.in
@ -106,7 +106,7 @@ ListenOn = "127.0.0.8";
 # Default : NO DEFAULT
 #TLS_Cred = "<x509 certif file.PEM>" , "<x509 private key file.PEM>";
 #TLS_Cred = "/etc/ssl/certs/freeDiameter.pem", "/etc/ssl/private/freeDiameter.key";
-TLS_Cred = "@sysconfdir@/freeDiameter/hss.cert.pem", "@sysconfdir@/freeDiameter/hss.key.pem";
+TLS_Cred = "@sysconfdir@/open5gs/tls/hss.crt", "@sysconfdir@/open5gs/tls/hss.key";

 # Certificate authority / trust anchors
 # The file containing the list of trusted Certificate Authorities (PEM list)
@ -114,7 +114,7 @@ TLS_Cred = "@sysconfdir@/freeDiameter/hss.cert.pem", "@sysconfdir@/freeDiameter/
 # The directive can appear several times to specify several files.
 # Default : GNUTLS default behavior
 #TLS_CA = "<file.PEM>";
-TLS_CA = "@sysconfdir@/freeDiameter/cacert.pem";
+TLS_CA = "@sysconfdir@/open5gs/tls/ca.crt";

 # Certificate Revocation List file
 # The information about revoked certificates.
--- a/configs/freeDiameter/hss.key.pem
+++ b/configs/freeDiameter/hss.key.pem
@ -1,15 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDos4KWvUr2MCwDYKqCZbAVMl/TkA3AHQZiUlHHEjbXXDQhrEpE
-TZulIpw+hqi63wJktnT1lcRx6OAoHSvqBpT6PPEH0yNVtoTUAPQoCBi+xzjht9m0
-v9Ph09gTYHLh5NMxN7HPueHJjV7iHFSjkLFpbweQ/2iGaX3vUGkNnUcYOQIDAQAB
-AoGAdxNkv74dnd0IqLHOjut6L16XqqsMXkJ8AdQeBMBNT+bexlxjpJASFW6ghV5i
-+T0k/GRhdUouPBvumJhU4Gx9zpVYUMzAxZDgWQfoknQ11fs6bi1aH8Fn9NhC3UeB
-ZaSmkAyeTMpJMzVAiVLND3iN/83OcijqSq2MZ4kkdsQngAECQQD/AOBiwlh6AVtZ
-bJMbVSVPLdtQRtGuP29gaC64vROE60qfxUcW7H2rHdMq4AWrlaZ3hXxSLU+TuCDt
-Z7khtHexAkEA6ZxSJfw1SO0qqu/uHBcQTOzoTKPi28fRt2ilEIOhIzuHbJPpjFEp
-snhGfX+XgD4EtXH1ebdmh+rGZ8yRPcjTCQJBAJ170xfq4m1mzR2q+ibVLNd7gIhR
-VEmCj6xAaypYSue50DpfwYmcv/ef0bwW4imXoFkMLT0rEowuGNfFSQZRx+ECQETG
-TrD8JTvJBsy4QiNm7teWz3TwsrL9itIyLpZECkZzGhVvHky/AEWYfzgnPhT1LTG1
-0Qz6X2cYSTz5zrCf1PECQQCPZIkkOUsgq6kGDK5MTzAoTjPxzIDgLX/YdMelwHUA
-pK+nv/gxO9Pjd+wcU4GmaD0KXdLtu+dsKT3bx/7RzGjj
-----END RSA PRIVATE KEY-----
--- a/configs/freeDiameter/meson.build
+++ b/configs/freeDiameter/meson.build
@ -34,24 +34,3 @@ foreach file : freediameter_conf
    meson.add_install_script(python3_exe, '-c',
            install_conf.format(gen, freediameter_sysconfdir))
 endforeach
-
-freediameter_pem = '''
-    cacert.pem
-    mme.cert.pem
-    mme.key.pem
-    hss.cert.pem
-    hss.key.pem
-    smf.cert.pem
-    smf.key.pem
-    pcrf.cert.pem
-    pcrf.key.pem
-'''.split()
-
-foreach file : freediameter_pem
-    gen = configure_file(
-            input : file,
-            output : file,
-            configuration : conf_data)
-    meson.add_install_script(python3_exe, '-c',
-            install_conf.format(gen, freediameter_sysconfdir))
-endforeach
--- a/configs/freeDiameter/mme.cert.pem
+++ b/configs/freeDiameter/mme.cert.pem
@ -1,60 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 1 (0x1)
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: CN=ca.localdomain, C=KO, ST=Seoul, L=Nowon, O=Open5GS, OU=Tests
-        Validity
-            Not Before: Aug 22 00:39:17 2020 GMT
-            Not After : Aug 20 00:39:17 2030 GMT
-        Subject: C=KO, ST=Seoul, O=Open5GS, OU=Tests, CN=mme.localdomain
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (1024 bit)
-                Modulus:
-                    00:9c:69:25:fc:ee:7f:11:e0:81:f7:b5:51:8f:01:
-                    b8:9e:01:74:03:3e:a5:25:de:6f:28:66:05:6f:7b:
-                    ab:86:0f:09:fc:94:7b:e8:aa:9f:0b:5f:32:27:46:
-                    f0:ca:e2:12:f3:5d:03:80:e9:9a:1d:f0:20:d6:5c:
-                    1b:4b:65:d4:66:e3:b7:63:19:6e:b1:e8:db:6c:24:
-                    df:24:2c:50:f2:1c:8a:33:c1:f7:27:b8:3c:6e:c6:
-                    90:98:ac:43:67:00:6b:3d:ab:39:49:3d:d5:74:77:
-                    6a:0e:38:4e:41:cd:e4:15:63:27:76:b5:9c:75:f8:
-                    cb:6f:cc:5e:f3:a7:68:ef:a5
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            Netscape Comment: 
-                OpenSSL Generated Certificate
-            X509v3 Subject Key Identifier: 
-                92:69:1E:3F:9F:E2:40:2F:81:24:05:B4:13:AA:8A:65:5C:7C:71:1D
-            X509v3 Authority Key Identifier: 
-                keyid:64:FB:C8:D7:A3:20:17:DC:A8:3A:AA:4B:2B:85:CD:BD:3E:53:4B:09
-
-    Signature Algorithm: sha256WithRSAEncryption
-         74:fc:32:ee:e6:2b:a5:f5:a4:71:64:49:ff:eb:6f:01:30:32:
-         b7:61:62:97:e1:2c:0f:50:62:a8:71:9a:bd:8b:d8:0d:4b:28:
-         ea:b4:5f:1c:30:3e:4c:23:2f:c5:5b:77:ed:48:c2:bb:b7:0c:
-         d9:50:4d:7f:7f:a3:b9:1e:2c:19:33:1e:41:94:e1:14:1b:45:
-         e8:ae:27:aa:5e:78:8e:67:67:19:69:48:e3:e4:c0:c3:a7:85:
-         fd:fd:d6:62:6e:dd:1f:31:2f:bc:9a:d2:fa:82:eb:4b:3e:35:
-         e0:90:db:ed:de:1a:68:33:6f:e6:90:9f:08:64:60:46:91:09:
-         74:15
-----BEGIN CERTIFICATE-----
-MIICsjCCAhugAwIBAgIBATANBgkqhkiG9w0BAQsFADBoMRcwFQYDVQQDDA5jYS5s
-b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMQ4wDAYDVQQH
-DAVOb3dvbjEQMA4GA1UECgwHT3BlbjVHUzEOMAwGA1UECwwFVGVzdHMwHhcNMjAw
-ODIyMDAzOTE3WhcNMzAwODIwMDAzOTE3WjBZMQswCQYDVQQGEwJLTzEOMAwGA1UE
-CAwFU2VvdWwxEDAOBgNVBAoMB09wZW41R1MxDjAMBgNVBAsMBVRlc3RzMRgwFgYD
-VQQDDA9tbWUubG9jYWxkb21haW4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-AJxpJfzufxHggfe1UY8BuJ4BdAM+pSXebyhmBW97q4YPCfyUe+iqnwtfMidG8Mri
-EvNdA4Dpmh3wINZcG0tl1Gbjt2MZbrHo22wk3yQsUPIcijPB9ye4PG7GkJisQ2cA
-az2rOUk91XR3ag44TkHN5BVjJ3a1nHX4y2/MXvOnaO+lAgMBAAGjezB5MAkGA1Ud
-EwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmlj
-YXRlMB0GA1UdDgQWBBSSaR4/n+JAL4EkBbQTqoplXHxxHTAfBgNVHSMEGDAWgBRk
-+8jXoyAX3Kg6qksrhc29PlNLCTANBgkqhkiG9w0BAQsFAAOBgQB0/DLu5iul9aRx
-ZEn/628BMDK3YWKX4SwPUGKocZq9i9gNSyjqtF8cMD5MIy/FW3ftSMK7twzZUE1/
-f6O5HiwZMx5BlOEUG0XorieqXniOZ2cZaUjj5MDDp4X9/dZibt0fMS+8mtL6gutL
-PjXgkNvt3hpoM2/mkJ8IZGBGkQl0FQ==
-----END CERTIFICATE-----
--- a/configs/freeDiameter/mme.conf.in
+++ b/configs/freeDiameter/mme.conf.in
@ -106,7 +106,7 @@ ListenOn = "127.0.0.2";
 # Default : NO DEFAULT
 #TLS_Cred = "<x509 certif file.PEM>" , "<x509 private key file.PEM>";
 #TLS_Cred = "/etc/ssl/certs/freeDiameter.pem", "/etc/ssl/private/freeDiameter.key";
-TLS_Cred = "@sysconfdir@/freeDiameter/mme.cert.pem", "@sysconfdir@/freeDiameter/mme.key.pem";
+TLS_Cred = "@sysconfdir@/open5gs/tls/mme.crt", "@sysconfdir@/open5gs/tls/mme.key";

 # Certificate authority / trust anchors
 # The file containing the list of trusted Certificate Authorities (PEM list)
@ -114,7 +114,7 @@ TLS_Cred = "@sysconfdir@/freeDiameter/mme.cert.pem", "@sysconfdir@/freeDiameter/
 # The directive can appear several times to specify several files.
 # Default : GNUTLS default behavior
 #TLS_CA = "<file.PEM>";
-TLS_CA = "@sysconfdir@/freeDiameter/cacert.pem";
+TLS_CA = "@sysconfdir@/open5gs/tls/ca.crt";

 # Certificate Revocation List file
 # The information about revoked certificates.
--- a/configs/freeDiameter/mme.key.pem
+++ b/configs/freeDiameter/mme.key.pem
@ -1,15 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQCcaSX87n8R4IH3tVGPAbieAXQDPqUl3m8oZgVve6uGDwn8lHvo
-qp8LXzInRvDK4hLzXQOA6Zod8CDWXBtLZdRm47djGW6x6NtsJN8kLFDyHIozwfcn
-uDxuxpCYrENnAGs9qzlJPdV0d2oOOE5BzeQVYyd2tZx1+MtvzF7zp2jvpQIDAQAB
-AoGARr3D4a7Yp/Q7tBY86gokPsp3dxQ5S3RcIBBseuybOknJAYUCucuZnWIT4/HQ
-7GHtokY6VG7TNqEpqOoFqkdHFgDZQlJPG+N2B63JEGxAL0RedHsTbnYQ8MFqrixb
-U59yDfwudrlEYAQNML51pEp7D06Add+CPubcFLO8Tnh/z20CQQDQCWRPP0ZdfYk1
-NZFS82fWxWE0jhxEu8nFXCh4uawlSOyyl8RFKyvwFhs+u8DAS+ntSA5nBIkglLW5
-aM+WbJerAkEAwHi5BIojXNmqjrfDDDaD3jM5/Ug2SOuReVz/7JDoPC/w9rob37RM
-pz0bWrtOVCud+mD0WeOjsxfsb6ixpjMF7wJBAI9zmnbG0/eNo/pL6NzBOP4w9rlt
-sPJ4Z0avKL0ukxTWt1jjLBTiExcntzvH7b7r2e+ju0KwLvqHcNPcASDh2qcCQBQ4
-Wo+ch4yInX9y1L3iuEXOsefm/zT38oeCeqx6qLsx+imhca41vdvP8qC8jsUO9ADK
-0MDkxlzZRZCRc2BXeecCQQCl+Ac9n+gtpIUFNmwvgtOnnjDAEDhGgi4lR45frT75
-t57D+YTERbn2pygttzhZ6imWMEUnSQJQSGpDAUnVsIUg
-----END RSA PRIVATE KEY-----
--- a/configs/freeDiameter/pcrf.cert.pem
+++ b/configs/freeDiameter/pcrf.cert.pem
@ -1,60 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 4 (0x4)
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: CN=ca.localdomain, C=KO, ST=Seoul, L=Nowon, O=Open5GS, OU=Tests
-        Validity
-            Not Before: Aug 22 00:39:17 2020 GMT
-            Not After : Aug 20 00:39:17 2030 GMT
-        Subject: C=KO, ST=Seoul, O=Open5GS, OU=Tests, CN=pcrf.localdomain
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (1024 bit)
-                Modulus:
-                    00:b9:1f:b3:a5:74:de:31:97:ac:fa:86:1d:65:86:
-                    c7:be:b1:25:07:01:f3:69:21:7a:6d:ec:d7:c8:ec:
-                    e2:c9:e8:71:a1:07:ce:0e:68:e5:0f:a9:ec:f3:5e:
-                    5e:3e:a4:ea:27:f3:fa:65:36:2d:7c:ce:a8:70:cc:
-                    34:db:51:b2:28:7b:03:bf:78:06:61:7c:44:81:17:
-                    88:f9:c9:16:cb:2e:9f:21:4a:24:28:0a:0f:76:ef:
-                    63:0f:05:a4:ee:52:64:1f:4f:0b:ec:4e:6c:1b:12:
-                    40:43:75:ed:62:16:ec:6a:ba:15:dd:c4:b9:fa:a9:
-                    de:2c:80:f5:84:c5:97:ec:7b
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            Netscape Comment: 
-                OpenSSL Generated Certificate
-            X509v3 Subject Key Identifier: 
-                CD:C4:C9:C1:7F:D9:34:1F:DB:08:61:27:FC:59:A2:C2:CC:19:9A:7B
-            X509v3 Authority Key Identifier: 
-                keyid:64:FB:C8:D7:A3:20:17:DC:A8:3A:AA:4B:2B:85:CD:BD:3E:53:4B:09
-
-    Signature Algorithm: sha256WithRSAEncryption
-         24:3a:da:a7:50:b3:42:ab:e9:87:21:b2:d9:2b:a1:44:0b:5f:
-         bd:ad:c9:8b:b1:ca:d5:2e:65:46:55:80:11:00:33:03:f9:04:
-         b1:31:a2:c9:d2:41:e0:ec:73:bc:9a:3c:31:06:cc:d0:2d:73:
-         1f:b4:93:1c:b0:99:dd:14:27:64:39:7e:c5:ab:53:48:c5:25:
-         e8:88:fd:4e:b8:dd:64:88:b5:b4:89:8b:15:97:8b:e7:c9:fb:
-         23:6c:ed:60:9b:2f:f0:99:7a:75:6c:8e:ea:09:c6:ba:ff:e9:
-         81:3f:97:96:8b:00:58:5b:88:13:e8:8a:39:4c:f6:c9:06:d3:
-         24:66
-----BEGIN CERTIFICATE-----
-MIICszCCAhygAwIBAgIBBDANBgkqhkiG9w0BAQsFADBoMRcwFQYDVQQDDA5jYS5s
-b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMQ4wDAYDVQQH
-DAVOb3dvbjEQMA4GA1UECgwHT3BlbjVHUzEOMAwGA1UECwwFVGVzdHMwHhcNMjAw
-ODIyMDAzOTE3WhcNMzAwODIwMDAzOTE3WjBaMQswCQYDVQQGEwJLTzEOMAwGA1UE
-CAwFU2VvdWwxEDAOBgNVBAoMB09wZW41R1MxDjAMBgNVBAsMBVRlc3RzMRkwFwYD
-VQQDDBBwY3JmLmxvY2FsZG9tYWluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
-gQC5H7OldN4xl6z6hh1lhse+sSUHAfNpIXpt7NfI7OLJ6HGhB84OaOUPqezzXl4+
-pOon8/plNi18zqhwzDTbUbIoewO/eAZhfESBF4j5yRbLLp8hSiQoCg9272MPBaTu
-UmQfTwvsTmwbEkBDde1iFuxquhXdxLn6qd4sgPWExZfsewIDAQABo3sweTAJBgNV
-HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp
-Y2F0ZTAdBgNVHQ4EFgQUzcTJwX/ZNB/bCGEn/FmiwswZmnswHwYDVR0jBBgwFoAU
-ZPvI16MgF9yoOqpLK4XNvT5TSwkwDQYJKoZIhvcNAQELBQADgYEAJDrap1CzQqvp
-hyGy2SuhRAtfva3Ji7HK1S5lRlWAEQAzA/kEsTGiydJB4OxzvJo8MQbM0C1zH7ST
-HLCZ3RQnZDl+xatTSMUl6Ij9TrjdZIi1tImLFZeL58n7I2ztYJsv8Jl6dWyO6gnG
-uv/pgT+XlosAWFuIE+iKOUz2yQbTJGY=
-----END CERTIFICATE-----
--- a/configs/freeDiameter/pcrf.conf.in
+++ b/configs/freeDiameter/pcrf.conf.in
@ -106,7 +106,7 @@ ListenOn = "127.0.0.9";
 # Default : NO DEFAULT
 #TLS_Cred = "<x509 certif file.PEM>" , "<x509 private key file.PEM>";
 #TLS_Cred = "/etc/ssl/certs/freeDiameter.pem", "/etc/ssl/private/freeDiameter.key";
-TLS_Cred = "@sysconfdir@/freeDiameter/pcrf.cert.pem", "@sysconfdir@/freeDiameter/pcrf.key.pem";
+TLS_Cred = "@sysconfdir@/open5gs/tls/pcrf.crt", "@sysconfdir@/open5gs/tls/pcrf.key";

 # Certificate authority / trust anchors
 # The file containing the list of trusted Certificate Authorities (PEM list)
@ -114,7 +114,7 @@ TLS_Cred = "@sysconfdir@/freeDiameter/pcrf.cert.pem", "@sysconfdir@/freeDiameter
 # The directive can appear several times to specify several files.
 # Default : GNUTLS default behavior
 #TLS_CA = "<file.PEM>";
-TLS_CA = "@sysconfdir@/freeDiameter/cacert.pem";
+TLS_CA = "@sysconfdir@/open5gs/tls/ca.crt";

 # Certificate Revocation List file
 # The information about revoked certificates.
--- a/configs/freeDiameter/pcrf.key.pem
+++ b/configs/freeDiameter/pcrf.key.pem
@ -1,15 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICWgIBAAKBgQC5H7OldN4xl6z6hh1lhse+sSUHAfNpIXpt7NfI7OLJ6HGhB84O
-aOUPqezzXl4+pOon8/plNi18zqhwzDTbUbIoewO/eAZhfESBF4j5yRbLLp8hSiQo
-Cg9272MPBaTuUmQfTwvsTmwbEkBDde1iFuxquhXdxLn6qd4sgPWExZfsewIDAQAB
-An8UP2NmtWGYCv7gZ8rPT+6I7Ncf7RayaPb7DuyLDV3At6u18SSYbuCe1fcUpz2n
-nGH//K9mYoaXIANMUwl083qIwxT0VbarpTCgiHT8afdISe6Bm8B8Xs0ITEikRHiG
-vmI/oCbCA1DkXZlf4jpQbGdet2DyxnJTXv+W9vDkqHOhAkEA74Y+MQgf3eaz/on9
-2I5S0kvFJxBYjkAcbkzHmytA5cT45KoCIF+6oPAnBoDkLq3fUotOgWzX2pnWHzMu
-+VLtrwJBAMXbhpxQflZ/4eqDYbD49ggVO8VJzl3Ch1B7ZvKW/b+6plRwsdHx0RFk
-xbwz02GuJbwf6UjVW1VyaQF6fgkdzPUCQQCYhK+nQxgfkV69zxpvwbilJhBFHph1
-BAfWiFd1y+YIKROfb03pVWuePS1sa7hgrOCOTBxSN39/OAPrXAkmQ5MLAkBbNSZp
-eoWy1ELNe4EWNr4b3cXu3WYfPKRqCmjbnZUdxCoWtNiUAlgxH3YzmuRvm/rTLRa6
-N3hh/FrBjrj49N7dAkA5SaCw2WFulgLRPA6QwfObrQEYkHgtF2++r9jhane5nfq3
-/kcrlFnfDfT7ITc32Hmvgj7wJud7w8ANukPXG7DU
-----END RSA PRIVATE KEY-----
--- a/configs/freeDiameter/smf.cert.pem
+++ b/configs/freeDiameter/smf.cert.pem
@ -1,60 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 3 (0x3)
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: CN=ca.localdomain, C=KO, ST=Seoul, L=Nowon, O=Open5GS, OU=Tests
-        Validity
-            Not Before: Aug 22 00:39:17 2020 GMT
-            Not After : Aug 20 00:39:17 2030 GMT
-        Subject: C=KO, ST=Seoul, O=Open5GS, OU=Tests, CN=smf.localdomain
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (1024 bit)
-                Modulus:
-                    00:ad:d6:cb:88:33:51:23:72:f1:16:29:2a:df:b7:
-                    75:d7:38:9e:da:18:b6:27:73:a8:60:ec:04:8f:d0:
-                    cd:c6:2e:10:ff:bd:c3:c2:a3:d7:53:e7:9e:73:07:
-                    07:a9:59:16:b1:7f:92:79:4d:d8:ee:5a:c7:ed:ef:
-                    37:83:8a:7d:94:08:41:0b:34:68:27:a5:4b:7d:cb:
-                    29:fb:85:c0:21:6e:17:72:32:29:7a:28:be:94:31:
-                    56:d2:85:9f:4b:b1:33:6f:f9:eb:01:9c:e7:2f:68:
-                    94:6b:91:58:a7:80:04:94:3c:b3:19:96:91:31:f7:
-                    c4:81:98:2b:85:8f:5c:f0:fd
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            Netscape Comment: 
-                OpenSSL Generated Certificate
-            X509v3 Subject Key Identifier: 
-                91:4B:EF:65:02:0D:C8:85:FA:4A:3F:29:C0:10:3C:1B:AE:E4:AD:A4
-            X509v3 Authority Key Identifier: 
-                keyid:64:FB:C8:D7:A3:20:17:DC:A8:3A:AA:4B:2B:85:CD:BD:3E:53:4B:09
-
-    Signature Algorithm: sha256WithRSAEncryption
-         a3:6e:4f:00:bd:1a:62:b9:86:0f:35:f6:18:8d:15:61:a2:bc:
-         05:07:f1:73:8d:70:6f:e1:34:f1:ae:87:26:87:13:0b:c8:d8:
-         29:16:70:02:12:73:36:f9:de:43:26:12:7d:9f:d2:20:7c:e2:
-         76:47:0b:14:ba:67:e5:5a:0d:22:3b:00:c8:35:ab:dd:b1:9a:
-         e5:75:b0:86:89:02:15:32:b3:e9:48:c3:e0:38:e1:56:4c:fd:
-         aa:12:96:00:6d:a6:c3:ab:b0:8c:4b:ab:b2:4c:c2:08:26:ab:
-         d6:3f:26:95:4a:da:b8:dd:9a:f8:fe:b9:c2:e3:7a:a3:2f:2c:
-         7f:df
-----BEGIN CERTIFICATE-----
-MIICsjCCAhugAwIBAgIBAzANBgkqhkiG9w0BAQsFADBoMRcwFQYDVQQDDA5jYS5s
-b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMQ4wDAYDVQQH
-DAVOb3dvbjEQMA4GA1UECgwHT3BlbjVHUzEOMAwGA1UECwwFVGVzdHMwHhcNMjAw
-ODIyMDAzOTE3WhcNMzAwODIwMDAzOTE3WjBZMQswCQYDVQQGEwJLTzEOMAwGA1UE
-CAwFU2VvdWwxEDAOBgNVBAoMB09wZW41R1MxDjAMBgNVBAsMBVRlc3RzMRgwFgYD
-VQQDDA9zbWYubG9jYWxkb21haW4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-AK3Wy4gzUSNy8RYpKt+3ddc4ntoYtidzqGDsBI/QzcYuEP+9w8Kj11PnnnMHB6lZ
-FrF/knlN2O5ax+3vN4OKfZQIQQs0aCelS33LKfuFwCFuF3IyKXoovpQxVtKFn0ux
-M2/56wGc5y9olGuRWKeABJQ8sxmWkTH3xIGYK4WPXPD9AgMBAAGjezB5MAkGA1Ud
-EwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmlj
-YXRlMB0GA1UdDgQWBBSRS+9lAg3IhfpKPynAEDwbruStpDAfBgNVHSMEGDAWgBRk
-+8jXoyAX3Kg6qksrhc29PlNLCTANBgkqhkiG9w0BAQsFAAOBgQCjbk8AvRpiuYYP
-NfYYjRVhorwFB/FzjXBv4TTxrocmhxMLyNgpFnACEnM2+d5DJhJ9n9IgfOJ2RwsU
-umflWg0iOwDINavdsZrldbCGiQIVMrPpSMPgOOFWTP2qEpYAbabDq7CMS6uyTMII
-JqvWPyaVStq43Zr4/rnC43qjLyx/3w==
-----END CERTIFICATE-----
--- a/configs/freeDiameter/smf.conf.in
+++ b/configs/freeDiameter/smf.conf.in
@ -106,7 +106,7 @@ ListenOn = "127.0.0.4";
 # Default : NO DEFAULT
 #TLS_Cred = "<x509 certif file.PEM>" , "<x509 private key file.PEM>";
 #TLS_Cred = "/etc/ssl/certs/freeDiameter.pem", "/etc/ssl/private/freeDiameter.key";
-TLS_Cred = "@sysconfdir@/freeDiameter/smf.cert.pem", "@sysconfdir@/freeDiameter/smf.key.pem";
+TLS_Cred = "@sysconfdir@/open5gs/tls/smf.crt", "@sysconfdir@/open5gs/tls/smf.key";

 # Certificate authority / trust anchors
 # The file containing the list of trusted Certificate Authorities (PEM list)
@ -114,7 +114,7 @@ TLS_Cred = "@sysconfdir@/freeDiameter/smf.cert.pem", "@sysconfdir@/freeDiameter/
 # The directive can appear several times to specify several files.
 # Default : GNUTLS default behavior
 #TLS_CA = "<file.PEM>";
-TLS_CA = "@sysconfdir@/freeDiameter/cacert.pem";
+TLS_CA = "@sysconfdir@/open5gs/tls/ca.crt";

 # Certificate Revocation List file
 # The information about revoked certificates.
--- a/configs/freeDiameter/smf.key.pem
+++ b/configs/freeDiameter/smf.key.pem
@ -1,15 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCt1suIM1EjcvEWKSrft3XXOJ7aGLYnc6hg7ASP0M3GLhD/vcPC
-o9dT555zBwepWRaxf5J5TdjuWsft7zeDin2UCEELNGgnpUt9yyn7hcAhbhdyMil6
-KL6UMVbShZ9LsTNv+esBnOcvaJRrkVingASUPLMZlpEx98SBmCuFj1zw/QIDAQAB
-AoGAV1x1hmn7oav22mMv56PD9be/pOz8RZFLEgIqPLf7YVfvNQaBpYQ/ByyEJVxo
-DkP2Mpdg3dMwbIB0ru8j39guSO0evsCG95u5L3lUMLFh/+WTt4W0g4+9y0qD1dUy
-y7kk+gKLlbPvyRNr+CiEnpz/rxdWC3J+tVBsWJGNjBGtZWECQQDdn5q7FUrF6HHQ
-O5iJYCbeL+Xn4Ajwrr4M9OeGhMz4pTTtE45jjGi2ykFa9TJFMqjLuClBXw5FkIOe
-S4unTO7JAkEAyM268Z558xHHnRl6uEN1NrqqpdXtZYnK9lm4/kZRs2mKm/98fjf0
-GiHwiKqONP7si4ARE2Ws1wKmXmCe0nNGlQJBAMw8KFCd95FYe4IlWZXHySnaxCki
-WbrLnhK8opxhx66gOJz996sfmuRQkVfsPE5uuAU9Cq/WlIVg/xoijmk3yZkCQEFu
-YCsZM62TrpKvWcCvIoOZ4b817Sw38S3C4LfiW/71NhhM8NkEDINzabhusvXr11JB
-gc7rQ52wHFwGadoze90CQF9qOBatpIFlEDkhzKofRILCWIzSrfhFdcCZqe6K8G10
-ngbk3Xg3I0I+qWViDivOm689SC9xniF7wJ1XH0BRBKE=
-----END RSA PRIVATE KEY-----
--- a/configs/logrotate/open5gs.in
+++ b/configs/logrotate/open5gs.in
@ -7,7 +7,7 @@
    create 640 open5gs open5gs

    postrotate
-        for i in nrfd pcrfd hssd ausfd udmd udrd upfd sgwcd sgwud smfd mmed amfd; do
+        for i in nrfd scpd pcrfd hssd ausfd udmd udrd upfd sgwcd sgwud smfd mmed amfd; do
            systemctl reload open5gs-$i
        done
    endscript
--- a/configs/meson.build
+++ b/configs/meson.build
@ -22,10 +22,13 @@ conf_data.set('sysconfdir', sysconfdir)
 conf_data.set('libdir', libdir)
 conf_data.set('localstatedir', localstatedir)

-freediameter_extensions_builddir = join_paths(
-        meson.build_root(), 'subprojects', 'freeDiameter', 'extensions')
-conf_data.set('freediameter_extensions_builddir',
-        freediameter_extensions_builddir)
+build_configs_dir = join_paths(open5gs_build_dir, 'configs')
+conf_data.set('build_configs_dir', build_configs_dir)
+
+build_subprojects_freeDiameter_extensions_dir = join_paths(
+        open5gs_build_dir, 'subprojects', 'freeDiameter', 'extensions')
+conf_data.set('build_subprojects_freeDiameter_extensions_dir',
+        build_subprojects_freeDiameter_extensions_dir)

 example_conf = '''
    sample.yaml
@ -34,7 +37,7 @@ example_conf = '''
    volte.yaml
    vonr.yaml
    slice.yaml
-    srslte.yaml
+    srsenb.yaml
    non3gpp.yaml
 '''.split()

--- a/configs/newsyslog/open5gs.conf.in
+++ b/configs/newsyslog/open5gs.conf.in
@ -2,6 +2,7 @@
 #
 # logfilename                         [owner:group] mode count size  when  flags [/pid_file]        [sig_num]
@localstatedir@/log/open5gs/nrf.log               644  14    *     $D0   GZ    @localstatedir@/run/open5gs-nrfd/pid`
+@localstatedir@/log/open5gs/scp.log               644  14    *     $D0   GZ    @localstatedir@/run/open5gs-scpd/pid`
@localstatedir@/log/open5gs/pcrf.log               644  14    *     $D0   GZ    @localstatedir@/run/open5gs-pcrfd/pid`
@localstatedir@/log/open5gs/hss.log               644  14    *     $D0   GZ    @localstatedir@/run/open5gs-hssd/pid`
@localstatedir@/log/open5gs/ausf.log               644  14    *     $D0   GZ    @localstatedir@/run/open5gs-ausfd/pid`
--- a/configs/non3gpp.yaml.in
+++ b/configs/non3gpp.yaml.in
@ -2,6 +2,18 @@ db_uri: mongodb://localhost/open5gs

 logger:

+sbi:
+    server:
+      no_tls: true
+      cacert: @build_configs_dir@/open5gs/tls/ca.crt
+      key: @build_configs_dir@/open5gs/tls/testserver.key
+      cert: @build_configs_dir@/open5gs/tls/testserver.crt
+    client:
+      no_tls: true
+      cacert: @build_configs_dir@/open5gs/tls/ca.crt
+      key: @build_configs_dir@/open5gs/tls/testclient.key
+      cert: @build_configs_dir@/open5gs/tls/testclient.crt
+
 parameter:
 #    no_nrf: true
 #    no_scp: true
@ -19,6 +31,7 @@ parameter:
 #    no_sgwu: true
 #    no_pcrf: true
 #    no_hss: true
+#    use_mongodb_change_stream: true

 mme:
    freeDiameter:
@ -27,14 +40,14 @@ mme:
      listen_on: 127.0.0.2
      no_fwd: true
      load_extension:
-        - module: @freediameter_extensions_builddir@/dbg_msg_dumps.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
          conf: 0x8888
-        - module: @freediameter_extensions_builddir@/dict_rfc5777.fdx
-        - module: @freediameter_extensions_builddir@/dict_mip6i.fdx
-        - module: @freediameter_extensions_builddir@/dict_nasreq.fdx
-        - module: @freediameter_extensions_builddir@/dict_nas_mipv6.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
      connect:
        - identity: hss.localdomain
          addr: 127.0.0.8
@ -94,14 +107,14 @@ smf:
      listen_on: 127.0.0.4
      no_fwd: true
      load_extension:
-        - module: @freediameter_extensions_builddir@/dbg_msg_dumps.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
          conf: 0x8888
-        - module: @freediameter_extensions_builddir@/dict_rfc5777.fdx
-        - module: @freediameter_extensions_builddir@/dict_mip6i.fdx
-        - module: @freediameter_extensions_builddir@/dict_nasreq.fdx
-        - module: @freediameter_extensions_builddir@/dict_nas_mipv6.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
      connect:
        - identity: pcrf.localdomain
          addr: 127.0.0.9
@ -152,6 +165,9 @@ upf:
    subnet:
      - addr: 10.45.0.1/16
      - addr: 2001:db8:cafe::1/48
+    metrics:
+      - addr: 127.0.0.7
+        port: 9090

 hss:
    freeDiameter:
@ -160,14 +176,14 @@ hss:
      listen_on: 127.0.0.8
      no_fwd: true
      load_extension:
-        - module: @freediameter_extensions_builddir@/dbg_msg_dumps.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
          conf: 0x8888
-        - module: @freediameter_extensions_builddir@/dict_rfc5777.fdx
-        - module: @freediameter_extensions_builddir@/dict_mip6i.fdx
-        - module: @freediameter_extensions_builddir@/dict_nasreq.fdx
-        - module: @freediameter_extensions_builddir@/dict_nas_mipv6.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
      connect:
        - identity: mme.localdomain
          addr: 127.0.0.2
@ -180,14 +196,14 @@ pcrf:
      listen_on: 127.0.0.9
      no_fwd: true
      load_extension:
-        - module: @freediameter_extensions_builddir@/dbg_msg_dumps.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
          conf: 0x8888
-        - module: @freediameter_extensions_builddir@/dict_rfc5777.fdx
-        - module: @freediameter_extensions_builddir@/dict_mip6i.fdx
-        - module: @freediameter_extensions_builddir@/dict_nasreq.fdx
-        - module: @freediameter_extensions_builddir@/dict_nas_mipv6.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca.fdx
-        - module: @freediameter_extensions_builddir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
+        - module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
      connect:
        - identity: smf.localdomain
          addr: 127.0.0.4
@ -213,13 +229,16 @@ pcf:
    sbi:
      - addr: 127.0.0.13
        port: 7777
+    metrics:
+      - addr: 127.0.0.13
+        port: 9090

 nssf:
    sbi:
      - addr: 127.0.0.14
        port: 7777
    nsi:
-      - addr: ::1
+      - addr: 127.0.0.10
        port: 7777
        s_nssai:
          sst: 1
@ -232,3 +251,9 @@ udr:
    sbi:
      - addr: 127.0.0.20
        port: 7777
+
+time:
+  t3412:
+    value: 540     # 9 mintues * 60 = 540 seconds
+  t3512:
+    value: 540     # 9 mintues * 60 = 540 seconds
--- a/configs/open5gs/amf.yaml.in
+++ b/configs/open5gs/amf.yaml.in
@ -1,34 +1,91 @@
 #
-# logger:
-#
 #  o Set OGS_LOG_INFO to all domain level
 #   - If `level` is omitted, the default level is OGS_LOG_INFO)
 #   - If `domain` is omitted, the all domain level is set from 'level'
-#    (Nothing is needed)
+#    (Default values are used, so no configuration is required)
 #
 #  o Set OGS_LOG_ERROR to all domain level
 #   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
 #    level: error
 #
 #  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
 #    level: debug
 #    domain: mme,emm
 #
 #  o Set OGS_LOG_TRACE to all domain level
+#  logger:
 #    level: trace
-#    domain: core,ngap,nas,gmm,sbi,amf,event,tlv,mem,sock
+#    domain: core,sbi,ausf,event,tlv,mem,sock
 #
 logger:
    file: @localstatedir@/log/open5gs/amf.log
+
 #
-# amf:
+#  o TLS enable/disable
+#  sbi:
+#    server|client:
+#      no_tls: false|true
+#    - false: (Default) Use TLS
+#    - true:  TLS disabled
+#
+#  o Verification enable/disable
+#  sbi:
+#    server|client:
+#      no_verify: false|true
+#    - false: (Default) Verify the PEER
+#    - true:  Skip the verification step
+#
+#  o Server-side does not use TLS
+#  sbi:
+#    server:
+#      no_tls: true
+#
+#  o Client-side skips the verification step
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#
+#  o Use the specified certificate while verifying the client
+#  sbi:
+#    server
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+#  o Use the specified certificate while verifying the server
+#  sbi:
+#    client
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+sbi:
+    server:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/amf.key
+      cert: @sysconfdir@/open5gs/tls/amf.crt
+    client:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/amf.key
+      cert: @sysconfdir@/open5gs/tls/amf.crt
+
 #
 #  <SBI Server>
 #
 #  o SBI Server(http://<all address available>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  amf:
 #    sbi:
 #
-#  o SBI Server(http://<any address>:80)
+#  o SBI Server(http://<any address>:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  amf:
 #    sbi:
 #      - addr:
 #          - 0.0.0.0
@ -36,37 +93,67 @@ logger:
 #        port: 7777
 #
 #  o SBI Server(https://<all address available>:443)
+#  sbi:
+#    server:
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  amf:
 #    sbi:
-#      - tls:
-#          key: amf.key
-#          pem: amf.pem
 #
-#  o SBI Server(https://127.0.0.5:443, http://[::1]:80)
+#  o SBI Server(https://127.0.0.5:443, https://[::1]:443) without verification
+#  sbi:
+#    server:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  amf:
 #    sbi:
 #      - addr: 127.0.0.5
-#        tls:
-#          key: amf.key
-#          pem: amf.pem
 #      - addr: ::1
 #
-#  o SBI Server(http://amf.open5gs.org:80)
+#  o SBI Server(https://amf.open5gs.org:443)
+#    Use the specified certificate while verifying the client
+#
+#  sbi:
+#    server:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  amf:
 #    sbi:
 #      - name: amf.open5gs.org
 #
 #  o SBI Server(http://127.0.0.5:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  amf:
 #    sbi:
 #      - addr: 127.0.0.5
 #        port: 7777
 #
 #  o SBI Server(http://<eth0 IP address>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  amf:
 #    sbi:
 #      - dev: eth0
 #
 #  o Provide custom SBI address to be advertised to NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  amf:
 #    sbi:
 #      - dev: eth0
 #        advertise: open5gs-amf.svc.local
 #
+#  o Another example of advertising on NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  amf:
 #    sbi:
 #      - addr: localhost
 #        advertise:
@ -77,6 +164,10 @@ logger:
 #    - tcp_nodelay : true
 #    - so_linger.l_onoff : false
 #
+#  sbi:
+#    server:
+#      no_tls: true
+#  amf:
 #    sbi:
 #      addr: 127.0.0.5
 #      option:
@ -88,9 +179,11 @@ logger:
 #  <NF Service>
 #
 #  o NF Service Name(Default : all NF services available)
+#  amf:
 #    service_name:
 #
 #  o NF Service Name(Only some NF services are available)
+#  amf:
 #    service_name:
 #      - namf-comm
 #
@ -98,12 +191,21 @@ logger:
 #
 #  o (Default) If you do not set Query Parameter as shown below,
 #
+#  sbi:
+#    server:
+#      no_tls: true
+#  amf:
 #    sbi:
 #      - addr: 127.0.0.5
 #        port: 7777
 #
 #    - 'service-names' is included.
 #
+#  o Service-Names are not included
+#  sbi:
+#    server:
+#      no_tls: true
+#  amf:
 #    sbi:
 #      - addr: 127.0.0.5
 #        port: 7777
@ -118,26 +220,62 @@ logger:
 #      'service-names' is always included in the URI query parameter.
 #    * That is, 'no_service_names' has no effect.
 #
+#  <For Indirect Communication with Delegated Discovery>
+#
+#  o (Default) If you do not set Delegated Discovery as shown below,
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  amf:
+#    sbi:
+#      - addr: 127.0.0.5
+#        port: 7777
+#
+#    - Use SCP if SCP avaiable. Otherwise NRF is used.
+#      => App fails if both NRF and SCP are unavailable.
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  amf:
+#    sbi:
+#      - addr: 127.0.0.5
+#        port: 7777
+#    discovery:
+#      delegated: auto
+#
+#  o To use SCP always => App fails if no SCP available.
+#      delegated: yes
+#
+#  o Don't use SCP server => App fails if no NRF available.
+#      delegated: no
+#
 #  <NGAP Server>>
 #
 #  o NGAP Server(all address available)
+#  amf:
 #    ngap:
 #
 #  o NGAP Server(0.0.0.0:38412)
+#  amf:
 #    ngap:
 #      addr: 0.0.0.0
 #
 #  o NGAP Server(127.0.0.5:38412, [::1]:38412)
+#  amf:
 #    ngap:
 #      - addr: 127.0.0.5
 #      - addr: ::1
 #
 #  o NGAP Server(different port)
+#  amf:
 #    ngap:
 #      - addr: 127.0.0.5
 #        port: 38413
 #
 #  o NGAP Server(address available in `eth0` interface)
+#  amf:
 #    ngap:
 #      dev: eth0
 #
@ -145,6 +283,7 @@ logger:
 #    - sctp_nodelay : true
 #    - so_linger.l_onoff : false
 #
+#  amf:
 #    ngap:
 #      addr: 127.0.0.5
 #      option:
@ -164,6 +303,7 @@ logger:
 #    - sinit_max_attempts : 4
 #    - sinit_max_init_timeo : 8000(8secs)
 #
+#  amf:
 #    ngap:
 #      addr: 127.0.0.5
 #      option:
@ -178,9 +318,18 @@ logger:
 #          sinit_max_attempts : 4
 #          sinit_max_init_timeo : 8000
 #
+#  <Metrics Server>
+#
+#  o Metrics Server(http://<any address>:9090)
+#  amf:
+#    metrics:
+#      - addr: 0.0.0.0
+#        port: 9090
+#
 #  <GUAMI>
 #
 #  o Multiple GUAMI
+#  amf:
 #    guami:
 #      - plmn_id:
 #          mcc: 999
@ -199,37 +348,62 @@ logger:
 #  <TAI>
 #
 #  o Multiple TAI
+#
+#  When multiple TAIs are configured as shown below,
+#  the Served TAI is determined by comparing UserLocationInformation
+#  of UplinkNASTransport sent from gNB.
+#
+#  For example, if the gNB sends TAC with 30 to the AMF,
+#  the fourth TAI (TAC: 20, 28, 29-32, 36-38, 40-42, 50, 60, 70, 70)
+#  is determined as the Served TAI. The result is transmitted to the gNB
+#  as a Tracking Area identity List in Registration Accept.
+#
+#  amf:
 #    tai:
 #      - plmn_id:
 #          mcc: 001
 #          mnc: 01
-#        tac: [1, 2, 3]
+#        tac: [1, 3, 5]
 #    tai:
 #      - plmn_id:
 #          mcc: 002
 #          mnc: 02
-#        tac: 4
+#        tac: [6-10, 15-18]
+#    tai:
 #      - plmn_id:
 #          mcc: 003
 #          mnc: 03
-#        tac: 5
-#    tai:
+#        tac: 20
 #      - plmn_id:
 #          mcc: 004
 #          mnc: 04
-#        tac: [6, 7]
+#        tac: 21
+#    tai:
 #      - plmn_id:
 #          mcc: 005
 #          mnc: 05
-#        tac: 8
+#        tac: [22, 28]
 #      - plmn_id:
 #          mcc: 006
 #          mnc: 06
-#        tac: [9, 10]
+#        tac: [30-32, 34, 36-38, 40-42, 44, 46, 48]
+#      - plmn_id:
+#          mcc: 007
+#          mnc: 07
+#        tac: 50
+#      - plmn_id:
+#          mcc: 008
+#          mnc: 08
+#        tac: 60
+#      - plmn_id:
+#          mcc: 009
+#          mnc: 09
+#        tac: [70, 80]
 #
 #  <PLMN Support>
 #
 #  o Multiple PLMN Support
+#  amf:
 #    plmn_support:
 #      - plmn_id:
 #          mcc: 999
@ -243,18 +417,56 @@ logger:
 #        s_nssai:
 #          - sst: 1
 #
+#
+#  <Access Control>
+#
+#  If access_control is not specified, then all networks are allowed
+#  If access_control is defined,
+#  no other networks are allowed  other than matching plmn_id.
+#
+#  default_reject_cause may be used to overwrite the default error cause #11
+#  for non matching plmn_id
+#
+#  for matching plmn_id with reject_cause defined,
+#  the AMF rejects access with the reject_cause error cause
+#
+#  for matching plmn_id without reject_cause defined,
+#  the AMF accepts the PLMN traffic
+#
+#  o The example below only accepts 002/02 and 999/70 PLMNs.
+#    001/01 is rejected with cause 15,
+#    and the rest of the PLMNs are rejected with default cause 13.
+#
+#  amf:
+#    access_control:
+#      - default_reject_cause: 13
+#      - plmn_id:
+#          reject_cause: 15
+#          mcc: 001
+#          mnc: 01
+#      - plmn_id:
+#          mcc: 002
+#          mnc: 02
+#      - plmn_id:
+#          mcc: 999
+#          mnc: 70
+#
+#
 #  <Network Name>
 #
+#  amf:
 #    network_name:
 #        full: Open5GS
 #        short: Next
 #
 #  <AMF Name>
 #
+#  amf:
 #    amf_name: amf1.open5gs.amf.5gc.mnc70.mcc999.3gppnetwork.org
 #
 #  <Relative Capacity> - Default(255)
 #
+#  amf:
 #    relative_capacity: 100
 #
 amf:
@ -263,6 +475,9 @@ amf:
        port: 7777
    ngap:
      - addr: 127.0.0.5
+    metrics:
+      - addr: 127.0.0.5
+        port: 9090
    guami:
      - plmn_id:
          mcc: 999
@ -289,21 +504,107 @@ amf:
    amf_name: open5gs-amf0

 #
-# nrf:
+#  <SBI Client>>
+#
+#  o SBI Client(http://127.0.1.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      port: 7777
+#
+#  o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - addr: 127.0.1.10
+#      - addr: ::1
+#
+#  o SBI Client(https://scp.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - name: scp.open5gs.org
+#
+#  o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
+#    If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr:
+#        - 127.0.1.10
+#        - fd69:f21d:873c:fb::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#
+scp:
+    sbi:
+      - addr: 127.0.1.10
+        port: 7777
+
 #
 #  <SBI Client>>
 #
 #  o SBI Client(http://127.0.0.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
 #    sbi:
 #      addr: 127.0.0.10
 #      port: 7777
 #
-#  o SBI Client(https://127.0.0.10:443, http://nrf.open5gs.org:80)
+#  o SBI Client(https://127.0.0.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
 #    sbi:
 #      - addr: 127.0.0.10
-#        tls:
-#          key: nrf.key
-#          pem: nrf.pem
+#      - addr: ::1
+#
+#  o SBI Client(https://nrf.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
+#    sbi:
 #      - name: nrf.open5gs.org
 #
 #  o SBI Client(http://[fd69:f21d:873c:fa::1]:80)
@ -318,6 +619,10 @@ amf:
 #    - tcp_nodelay : true
 #    - so_linger.l_onoff : false
 #
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
 #    sbi:
 #      addr: 127.0.0.10
 #      option:
@ -326,33 +631,35 @@ amf:
 #          l_onoff: true
 #          l_linger: 10
 #
-nrf:
-    sbi:
-      - addr:
-          - 127.0.0.10
-          - ::1
-        port: 7777
+#nrf:
+#    sbi:
+#      - addr:
+#          - 127.0.0.10
+#          - ::1
+#        port: 7777

-#
-# parameter:
 #
 #  o Disable use of IPv4 addresses (only IPv6)
-#      no_ipv4: true
+#  parameter:
+#    no_ipv4: true
 #
 #  o Disable use of IPv6 addresses (only IPv4)
-#      no_ipv6: true
+#  parameter:
+#    no_ipv6: true
 #
 #  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
-#      prefer_ipv4: true
+#  parameter:
+#    prefer_ipv4: true
 #
 parameter:

 #
-# max:
-#
-# o Maximum Number of UE
+#  o Maximum Number of UE
+#  max:
 #    ue: 1024
-# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#
+#  o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#  max:
 #    peer: 64
 #
 max:
@ -363,45 +670,45 @@ max:
 #
 usrsctp:

-#
-# time:
 #
 #  o NF Instance Heartbeat (Default : 0)
 #    NFs will not send heart-beat timer in NFProfile
 #    NRF will send heart-beat timer in NFProfile
+#    (Default values are used, so no configuration is required)
 #
 #  o NF Instance Heartbeat (20 seconds)
 #    NFs will send heart-beat timer (20 seconds) in NFProfile
 #    NRF can change heart-beat timer in NFProfile
 #
+#  time:
 #    nf_instance:
 #      heartbeat: 20
 #
 #  o Message Wait Duration (Default : 10,000 ms = 10 seconds)
+#    (Default values are used, so no configuration is required)
 #
 #  o Message Wait Duration (3000 ms)
+#  time:
 #    message:
 #        duration: 3000
 #
 #  o Handover Wait Duration (Default : 300 ms)
 #    Time to wait for AMF to send UEContextReleaseCommand
 #    to the source gNB after receiving HandoverNotify
+#    (Default values are used, so no configuration is required)
 #
 #  o Handover Wait Duration (500ms)
+#  time:
 #    handover:
 #        duration: 500
+#
+#  o Timers of 5GS mobility/session management
+#  time:
+#    t3502:
+#      value: 720  # 12 minutes * 60 = 720 seconds
+#    t3512:
+#      value: 3240 # 54 minutes * 60 = 3240 seconds
+#
 time:
-
-#
-# metrics:
-#
-#  <Metrics Server>
-#
-#  o Metrics Server(http://<any address>:9090)
-#    metrics:
-#      addr: 0.0.0.0
-#      port: 9090
-#
-metrics:
-    addr: 127.0.0.5
-    port: 9090
+  t3512:
+    value: 540     # 9 mintues * 60 = 540 seconds
--- a/configs/open5gs/ausf.yaml.in
+++ b/configs/open5gs/ausf.yaml.in
@ -1,34 +1,91 @@
 #
-# logger:
-#
 #  o Set OGS_LOG_INFO to all domain level
 #   - If `level` is omitted, the default level is OGS_LOG_INFO)
 #   - If `domain` is omitted, the all domain level is set from 'level'
-#    (Nothing is needed)
+#    (Default values are used, so no configuration is required)
 #
 #  o Set OGS_LOG_ERROR to all domain level
 #   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
 #    level: error
 #
 #  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
 #    level: debug
 #    domain: mme,emm
 #
 #  o Set OGS_LOG_TRACE to all domain level
+#  logger:
 #    level: trace
 #    domain: core,sbi,ausf,event,tlv,mem,sock
 #
 logger:
    file: @localstatedir@/log/open5gs/ausf.log
+
 #
-# ausf:
+#  o TLS enable/disable
+#  sbi:
+#    server|client:
+#      no_tls: false|true
+#    - false: (Default) Use TLS
+#    - true:  TLS disabled
+#
+#  o Verification enable/disable
+#  sbi:
+#    server|client:
+#      no_verify: false|true
+#    - false: (Default) Verify the PEER
+#    - true:  Skip the verification step
+#
+#  o Server-side does not use TLS
+#  sbi:
+#    server:
+#      no_tls: true
+#
+#  o Client-side skips the verification step
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#
+#  o Use the specified certificate while verifying the client
+#  sbi:
+#    server
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+#  o Use the specified certificate while verifying the server
+#  sbi:
+#    client
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+sbi:
+    server:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/ausf.key
+      cert: @sysconfdir@/open5gs/tls/ausf.crt
+    client:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/ausf.key
+      cert: @sysconfdir@/open5gs/tls/ausf.crt
+
 #
 #  <SBI Server>
 #
 #  o SBI Server(http://<all address available>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  ausf:
 #    sbi:
 #
-#  o SBI Server(http://<any address>:80)
+#  o SBI Server(http://<any address>:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  ausf:
 #    sbi:
 #      - addr:
 #          - 0.0.0.0
@ -36,37 +93,67 @@ logger:
 #        port: 7777
 #
 #  o SBI Server(https://<all address available>:443)
+#  sbi:
+#    server:
+#      key: /etc/open5gs/tls/ausf.key
+#      cert: /etc/open5gs/tls/ausf.crt
+#  ausf:
 #    sbi:
-#      - tls:
-#          key: ausf.key
-#          pem: ausf.pem
 #
-#  o SBI Server(https://127.0.0.11:443, http://[::1]:80)
+#  o SBI Server(https://127.0.0.11:443, https://[::1]:443) without verification
+#  sbi:
+#    server:
+#      no_verify: true
+#      key: /etc/open5gs/tls/ausf.key
+#      cert: /etc/open5gs/tls/ausf.crt
+#  ausf:
 #    sbi:
 #      - addr: 127.0.0.11
-#        tls:
-#          key: ausf.key
-#          pem: ausf.pem
 #      - addr: ::1
 #
-#  o SBI Server(http://ausf.open5gs.org:80)
+#  o SBI Server(https://ausf.open5gs.org:443)
+#    Use the specified certificate while verifying the client
+#
+#  sbi:
+#    server:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/ausf.key
+#      cert: /etc/open5gs/tls/ausf.crt
+#  ausf:
 #    sbi:
 #      - name: ausf.open5gs.org
 #
 #  o SBI Server(http://127.0.0.11:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  ausf:
 #    sbi:
 #      - addr: 127.0.0.11
 #        port: 7777
 #
 #  o SBI Server(http://<eth0 IP address>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  ausf:
 #    sbi:
 #      - dev: eth0
 #
 #  o Provide custom SBI address to be advertised to NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  ausf:
 #    sbi:
 #      - dev: eth0
 #        advertise: open5gs-ausf.svc.local
 #
+#  o Another example of advertising on NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  ausf:
 #    sbi:
 #      - addr: localhost
 #        advertise:
@ -77,6 +164,10 @@ logger:
 #    - tcp_nodelay : true
 #    - so_linger.l_onoff : false
 #
+#  sbi:
+#    server:
+#      no_tls: true
+#  ausf:
 #    sbi:
 #      addr: 127.0.0.11
 #      option:
@ -88,9 +179,11 @@ logger:
 #  <NF Service>
 #
 #  o NF Service Name(Default : all NF services available)
+#  ausf:
 #    service_name:
 #
 #  o NF Service Name(Only some NF services are available)
+#  ausf:
 #    service_name:
 #      - nausf-auth
 #
@ -98,12 +191,21 @@ logger:
 #
 #  o (Default) If you do not set Query Parameter as shown below,
 #
+#  sbi:
+#    server:
+#      no_tls: true
+#  ausf:
 #    sbi:
 #      - addr: 127.0.0.11
 #        port: 7777
 #
 #    - 'service-names' is included.
 #
+#  o Service-Names are not included
+#  sbi:
+#    server:
+#      no_tls: true
+#  ausf:
 #    sbi:
 #      - addr: 127.0.0.11
 #        port: 7777
@ -118,27 +220,144 @@ logger:
 #      'service-names' is always included in the URI query parameter.
 #    * That is, 'no_service_names' has no effect.
 #
+#  <For Indirect Communication with Delegated Discovery>
+#
+#  o (Default) If you do not set Delegated Discovery as shown below,
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  ausf:
+#    sbi:
+#      - addr: 127.0.0.11
+#        port: 7777
+#
+#    - Use SCP if SCP avaiable. Otherwise NRF is used.
+#      => App fails if both NRF and SCP are unavailable.
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  ausf:
+#    sbi:
+#      - addr: 127.0.0.11
+#        port: 7777
+#    discovery:
+#      delegated: auto
+#
+#  o To use SCP always => App fails if no SCP available.
+#      delegated: yes
+#
+#  o Don't use SCP server => App fails if no NRF available.
+#      delegated: no
+#
 ausf:
    sbi:
      - addr: 127.0.0.11
        port: 7777

 #
-# nrf:
+#  <SBI Client>>
+#
+#  o SBI Client(http://127.0.1.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      port: 7777
+#
+#  o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - addr: 127.0.1.10
+#      - addr: ::1
+#
+#  o SBI Client(https://scp.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - name: scp.open5gs.org
+#
+#  o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
+#    If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr:
+#        - 127.0.1.10
+#        - fd69:f21d:873c:fb::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#
+scp:
+    sbi:
+      - addr: 127.0.1.10
+        port: 7777
+
 #
 #  <SBI Client>>
 #
 #  o SBI Client(http://127.0.0.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
 #    sbi:
 #      addr: 127.0.0.10
 #      port: 7777
 #
-#  o SBI Client(https://127.0.0.10:443, http://nrf.open5gs.org:80)
+#  o SBI Client(https://127.0.0.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
 #    sbi:
 #      - addr: 127.0.0.10
-#        tls:
-#          key: nrf.key
-#          pem: nrf.pem
+#      - addr: ::1
+#
+#  o SBI Client(https://nrf.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
+#    sbi:
 #      - name: nrf.open5gs.org
 #
 #  o SBI Client(http://[fd69:f21d:873c:fa::1]:80)
@ -153,6 +372,10 @@ ausf:
 #    - tcp_nodelay : true
 #    - so_linger.l_onoff : false
 #
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
 #    sbi:
 #      addr: 127.0.0.10
 #      option:
@ -161,54 +384,58 @@ ausf:
 #          l_onoff: true
 #          l_linger: 10
 #
-nrf:
-    sbi:
-      - addr:
-          - 127.0.0.10
-          - ::1
-        port: 7777
+#nrf:
+#    sbi:
+#      - addr:
+#          - 127.0.0.10
+#          - ::1
+#        port: 7777

-#
-# parameter:
 #
 #  o Disable use of IPv4 addresses (only IPv6)
-#      no_ipv4: true
+#  parameter:
+#    no_ipv4: true
 #
 #  o Disable use of IPv6 addresses (only IPv4)
-#      no_ipv6: true
+#  parameter:
+#    no_ipv6: true
 #
 #  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
-#      prefer_ipv4: true
+#  parameter:
+#    prefer_ipv4: true
 #
 parameter:

 #
-# max:
-#
-# o Maximum Number of UE
+#  o Maximum Number of UE
+#  max:
 #    ue: 1024
-# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#
+#  o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#  max:
 #    peer: 64
 #
 max:

-#
-# time:
 #
 #  o NF Instance Heartbeat (Default : 0)
 #    NFs will not send heart-beat timer in NFProfile
 #    NRF will send heart-beat timer in NFProfile
+#    (Default values are used, so no configuration is required)
 #
 #  o NF Instance Heartbeat (20 seconds)
 #    NFs will send heart-beat timer (20 seconds) in NFProfile
 #    NRF can change heart-beat timer in NFProfile
 #
+#  time:
 #    nf_instance:
 #      heartbeat: 20
 #
 #  o Message Wait Duration (Default : 10,000 ms = 10 seconds)
+#    (Default values are used, so no configuration is required)
 #
 #  o Message Wait Duration (3000 ms)
+#  time:
 #    message:
 #        duration: 3000
 time:
--- a/configs/open5gs/bsf.yaml.in
+++ b/configs/open5gs/bsf.yaml.in
@ -1,36 +1,91 @@
-db_uri: mongodb://localhost/open5gs
-
-#
-# logger:
 #
 #  o Set OGS_LOG_INFO to all domain level
 #   - If `level` is omitted, the default level is OGS_LOG_INFO)
 #   - If `domain` is omitted, the all domain level is set from 'level'
-#    (Nothing is needed)
+#    (Default values are used, so no configuration is required)
 #
 #  o Set OGS_LOG_ERROR to all domain level
 #   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
 #    level: error
 #
 #  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
 #    level: debug
 #    domain: mme,emm
 #
 #  o Set OGS_LOG_TRACE to all domain level
+#  logger:
 #    level: trace
-#    domain: core,sbi,bsf,event,tlv,mem,sock
+#    domain: core,sbi,ausf,event,tlv,mem,sock
 #
 logger:
    file: @localstatedir@/log/open5gs/bsf.log
+
 #
-# bsf:
+#  o TLS enable/disable
+#  sbi:
+#    server|client:
+#      no_tls: false|true
+#    - false: (Default) Use TLS
+#    - true:  TLS disabled
+#
+#  o Verification enable/disable
+#  sbi:
+#    server|client:
+#      no_verify: false|true
+#    - false: (Default) Verify the PEER
+#    - true:  Skip the verification step
+#
+#  o Server-side does not use TLS
+#  sbi:
+#    server:
+#      no_tls: true
+#
+#  o Client-side skips the verification step
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#
+#  o Use the specified certificate while verifying the client
+#  sbi:
+#    server
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+#  o Use the specified certificate while verifying the server
+#  sbi:
+#    client
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+sbi:
+    server:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/bsf.key
+      cert: @sysconfdir@/open5gs/tls/bsf.crt
+    client:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/bsf.key
+      cert: @sysconfdir@/open5gs/tls/bsf.crt
+
 #
 #  <SBI Server>
 #
 #  o SBI Server(http://<all address available>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
 #    sbi:
 #
-#  o SBI Server(http://<any address>:80)
+#  o SBI Server(http://<any address>:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
 #    sbi:
 #      - addr:
 #          - 0.0.0.0
@ -38,37 +93,67 @@ logger:
 #        port: 7777
 #
 #  o SBI Server(https://<all address available>:443)
+#  sbi:
+#    server:
+#      key: /etc/open5gs/tls/bsf.key
+#      cert: /etc/open5gs/tls/bsf.crt
+#  bsf:
 #    sbi:
-#      - tls:
-#          key: bsf.key
-#          pem: bsf.pem
 #
-#  o SBI Server(https://127.0.0.15:443, http://[::1]:80)
+#  o SBI Server(https://127.0.0.15:443, https://[::1]:443) without verification
+#  sbi:
+#    server:
+#      no_verify: true
+#      key: /etc/open5gs/tls/bsf.key
+#      cert: /etc/open5gs/tls/bsf.crt
+#  bsf:
 #    sbi:
 #      - addr: 127.0.0.15
-#        tls:
-#          key: bsf.key
-#          pem: bsf.pem
 #      - addr: ::1
 #
-#  o SBI Server(http://bsf.open5gs.org:80)
+#  o SBI Server(https://bsf.open5gs.org:443)
+#    Use the specified certificate while verifying the client
+#
+#  sbi:
+#    server:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/bsf.key
+#      cert: /etc/open5gs/tls/bsf.crt
+#  bsf:
 #    sbi:
 #      - name: bsf.open5gs.org
 #
 #  o SBI Server(http://127.0.0.15:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
 #    sbi:
 #      - addr: 127.0.0.15
 #        port: 7777
 #
 #  o SBI Server(http://<eth0 IP address>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
 #    sbi:
 #      - dev: eth0
 #
 #  o Provide custom SBI address to be advertised to NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
 #    sbi:
 #      - dev: eth0
 #        advertise: open5gs-bsf.svc.local
 #
+#  o Another example of advertising on NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
 #    sbi:
 #      - addr: localhost
 #        advertise:
@ -79,6 +164,10 @@ logger:
 #    - tcp_nodelay : true
 #    - so_linger.l_onoff : false
 #
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
 #    sbi:
 #      addr: 127.0.0.15
 #      option:
@ -90,9 +179,11 @@ logger:
 #  <NF Service>
 #
 #  o NF Service Name(Default : all NF services available)
+#  bsf:
 #    service_name:
 #
 #  o NF Service Name(Only some NF services are available)
+#  bsf:
 #    service_name:
 #      - nbsf-management
 #
@ -100,12 +191,21 @@ logger:
 #
 #  o (Default) If you do not set Query Parameter as shown below,
 #
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
 #    sbi:
 #      - addr: 127.0.0.15
 #        port: 7777
 #
 #    - 'service-names' is included.
 #
+#  o Service-Names are not included
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
 #    sbi:
 #      - addr: 127.0.0.15
 #        port: 7777
@ -120,27 +220,144 @@ logger:
 #      'service-names' is always included in the URI query parameter.
 #    * That is, 'no_service_names' has no effect.
 #
+#  <For Indirect Communication with Delegated Discovery>
+#
+#  o (Default) If you do not set Delegated Discovery as shown below,
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
+#    sbi:
+#      - addr: 127.0.0.15
+#        port: 7777
+#
+#    - Use SCP if SCP avaiable. Otherwise NRF is used.
+#      => App fails if both NRF and SCP are unavailable.
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
+#    sbi:
+#      - addr: 127.0.0.15
+#        port: 7777
+#    discovery:
+#      delegated: auto
+#
+#  o To use SCP always => App fails if no SCP available.
+#      delegated: yes
+#
+#  o Don't use SCP server => App fails if no NRF available.
+#      delegated: no
+#
 bsf:
    sbi:
      - addr: 127.0.0.15
        port: 7777

 #
-# nrf:
+#  <SBI Client>>
+#
+#  o SBI Client(http://127.0.1.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      port: 7777
+#
+#  o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - addr: 127.0.1.10
+#      - addr: ::1
+#
+#  o SBI Client(https://scp.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - name: scp.open5gs.org
+#
+#  o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
+#    If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr:
+#        - 127.0.1.10
+#        - fd69:f21d:873c:fb::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#
+scp:
+    sbi:
+      - addr: 127.0.1.10
+        port: 7777
+
 #
 #  <SBI Client>>
 #
 #  o SBI Client(http://127.0.0.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
 #    sbi:
 #      addr: 127.0.0.10
 #      port: 7777
 #
-#  o SBI Client(https://127.0.0.10:443, http://nrf.open5gs.org:80)
+#  o SBI Client(https://127.0.0.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
 #    sbi:
 #      - addr: 127.0.0.10
-#        tls:
-#          key: nrf.key
-#          pem: nrf.pem
+#      - addr: ::1
+#
+#  o SBI Client(https://nrf.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
+#    sbi:
 #      - name: nrf.open5gs.org
 #
 #  o SBI Client(http://[fd69:f21d:873c:fa::1]:80)
@ -155,6 +372,10 @@ bsf:
 #    - tcp_nodelay : true
 #    - so_linger.l_onoff : false
 #
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
 #    sbi:
 #      addr: 127.0.0.10
 #      option:
@ -163,54 +384,58 @@ bsf:
 #          l_onoff: true
 #          l_linger: 10
 #
-nrf:
-    sbi:
-      - addr:
-          - 127.0.0.10
-          - ::1
-        port: 7777
+#nrf:
+#    sbi:
+#      - addr:
+#          - 127.0.0.10
+#          - ::1
+#        port: 7777

-#
-# parameter:
 #
 #  o Disable use of IPv4 addresses (only IPv6)
-#      no_ipv4: true
+#  parameter:
+#    no_ipv4: true
 #
 #  o Disable use of IPv6 addresses (only IPv4)
-#      no_ipv6: true
+#  parameter:
+#    no_ipv6: true
 #
 #  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
-#      prefer_ipv4: true
+#  parameter:
+#    prefer_ipv4: true
 #
 parameter:

 #
-# max:
-#
-# o Maximum Number of UE
+#  o Maximum Number of UE
+#  max:
 #    ue: 1024
-# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#
+#  o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#  max:
 #    peer: 64
 #
 max:

-#
-# time:
 #
 #  o NF Instance Heartbeat (Default : 0)
 #    NFs will not send heart-beat timer in NFProfile
 #    NRF will send heart-beat timer in NFProfile
+#    (Default values are used, so no configuration is required)
 #
 #  o NF Instance Heartbeat (20 seconds)
 #    NFs will send heart-beat timer (20 seconds) in NFProfile
 #    NRF can change heart-beat timer in NFProfile
 #
+#  time:
 #    nf_instance:
 #      heartbeat: 20
 #
 #  o Message Wait Duration (Default : 10,000 ms = 10 seconds)
+#    (Default values are used, so no configuration is required)
 #
 #  o Message Wait Duration (3000 ms)
+#  time:
 #    message:
 #        duration: 3000
 time:
--- a/configs/open5gs/hnet/curve25519-1.key
+++ b/configs/open5gs/hnet/curve25519-1.key
@ -0,0 +1,3 @@
+-----BEGIN PRIVATE KEY-----
+MC4CAQAwBQYDK2VuBCIEIBDJxn6GGlYloduPaEEjiW2bNQYZnT3xlo4HtshEi7FH
+-----END PRIVATE KEY-----
--- a/configs/open5gs/hnet/curve25519-3.key
+++ b/configs/open5gs/hnet/curve25519-3.key
@ -0,0 +1,3 @@
+-----BEGIN PRIVATE KEY-----
+MC4CAQAwBQYDK2VuBCIEIFAK2WjCQjB8TU7COXwdIKVhKGjPa+SJuyOVObjfW9hM
+-----END PRIVATE KEY-----
--- a/configs/open5gs/hnet/curve25519-5.key
+++ b/configs/open5gs/hnet/curve25519-5.key
@ -0,0 +1,3 @@
+-----BEGIN PRIVATE KEY-----
+MC4CAQAwBQYDK2VuBCIEIHh8rsYF8otbnyb8bcrhD1AAV5C9iBtjTlYJY3k5k0dt
+-----END PRIVATE KEY-----
--- a/configs/open5gs/hnet/meson.build
+++ b/configs/open5gs/hnet/meson.build
@ -0,0 +1,38 @@
+# Copyright (C) 2022 by Sukchan Lee <acetcom@gmail.com>
+
+# This file is part of Open5GS.
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+hnet_sysconfdir = join_paths(open5gs_sysconfdir, 'hnet')
+meson.add_install_script(python3_exe, '-c',
+        mkdir_p.format(hnet_sysconfdir))
+
+hnet_security = '''
+  curve25519-1.key
+  secp256r1-2.key
+  curve25519-3.key
+  secp256r1-4.key
+  curve25519-5.key
+  secp256r1-6.key
+'''.split()
+
+foreach file : hnet_security
+    gen = configure_file(
+            input : file,
+            output : file,
+            configuration : conf_data)
+    meson.add_install_script(python3_exe, '-c',
+            install_conf.format(gen, hnet_sysconfdir))
+endforeach
--- a/configs/open5gs/hnet/secp256r1-2.key
+++ b/configs/open5gs/hnet/secp256r1-2.key
@ -0,0 +1,8 @@
+-----BEGIN EC PARAMETERS-----
+BggqhkjOPQMBBw==
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIHSp+RhHH1bzvv2lxR1zij+U9aUtS8nbl5n1Il+8zd5BoAoGCCqGSM49
+AwEHoUQDQgAEre/NExfRzoVi7CW5G0gAEg4SNtbiZh6kI1qE48hdokS8QqWUz1YS
+9J6PvihX2OSZ+RMixzf8zxu9tuTUJKgKlQ==
+-----END EC PRIVATE KEY-----
--- a/configs/open5gs/hnet/secp256r1-4.key
+++ b/configs/open5gs/hnet/secp256r1-4.key
@ -0,0 +1,8 @@
+-----BEGIN EC PARAMETERS-----
+BggqhkjOPQMBBw==
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIAGZvsOAU0YMHhBK33hRkGMPkA3Xefq5b5hPQD6qnf5goAoGCCqGSM49
+AwEHoUQDQgAEdXfTAGY+0ibQoO9bfmk7+M/l//BiMzO6lNIUEMSj1k3k9SQPygGY
+jAuUHpVM4Uo6cWxuyurEn8pWn1vF3tVhbg==
+-----END EC PRIVATE KEY-----
--- a/configs/open5gs/hnet/secp256r1-6.key
+++ b/configs/open5gs/hnet/secp256r1-6.key
@ -0,0 +1,8 @@
+-----BEGIN EC PARAMETERS-----
+BggqhkjOPQMBBw==
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIG3VKSXh/3WK0HzCkN1DgeUjF7TSLgAUyMn/WGHsxrZ3oAoGCCqGSM49
+AwEHoUQDQgAENU1ibHe7oWu4m6M8P0XoA78ZNKtdIsJgVU0nCk/c5sC3V+/4GuxU
+owtbASEXQZg4SGvts+1Yqz0p4WwCAAcwpQ==
+-----END EC PRIVATE KEY-----
--- a/configs/open5gs/hss.yaml.in
+++ b/configs/open5gs/hss.yaml.in
@ -1,24 +1,25 @@
 db_uri: mongodb://localhost/open5gs

-#
-# logger:
 #
 #  o Set OGS_LOG_INFO to all domain level
 #   - If `level` is omitted, the default level is OGS_LOG_INFO)
 #   - If `domain` is omitted, the all domain level is set from 'level'
-#    (Nothing is needed)
+#    (Default values are used, so no configuration is required)
 #
 #  o Set OGS_LOG_ERROR to all domain level
 #   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
 #    level: error
 #
 #  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
 #    level: debug
 #    domain: mme,emm
 #
 #  o Set OGS_LOG_TRACE to all domain level
+#  logger:
 #    level: trace
-#    domain: core,fd,hss,event,mem,sock
+#    domain: core,sbi,ausf,event,tlv,mem,sock
 #
 logger:
    file: @localstatedir@/log/open5gs/hss.log
@ -26,28 +27,37 @@ logger:
 hss:
    freeDiameter: @sysconfdir@/freeDiameter/hss.conf

+#
+#  hss:
 #    sms_over_ims: "sip:smsc.mnc001.mcc001.3gppnetwork.org:7060;transport=tcp"
+#

-#
-# parameter:
 #
 #  o Disable use of IPv4 addresses (only IPv6)
-#      no_ipv4: true
+#  parameter:
+#    no_ipv4: true
 #
 #  o Disable use of IPv6 addresses (only IPv4)
-#      no_ipv6: true
+#  parameter:
+#    no_ipv6: true
 #
 #  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
-#      prefer_ipv4: true
+#  parameter:
+#    prefer_ipv4: true
+#
+#  o Use MongoDB Change Stream
+#  parameter:
+#    use_mongodb_change_stream: true
 #
 parameter:

 #
-# max:
-#
-# o Maximum Number of UE
+#  o Maximum Number of UE
+#  max:
 #    ue: 1024
-# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#
+#  o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#  max:
 #    peer: 64
 #
 max:
--- a/configs/open5gs/meson.build
+++ b/configs/open5gs/meson.build
@ -46,3 +46,6 @@ foreach file : open5gs_conf
    meson.add_install_script(python3_exe, '-c',
            install_conf.format(gen, open5gs_sysconfdir))
 endforeach
+
+subdir('tls')
+subdir('hnet')
--- a/configs/open5gs/mme.yaml.in
+++ b/configs/open5gs/mme.yaml.in
@ -1,49 +1,53 @@
 #
-# logger:
-#
 #  o Set OGS_LOG_INFO to all domain level
 #   - If `level` is omitted, the default level is OGS_LOG_INFO)
 #   - If `domain` is omitted, the all domain level is set from 'level'
-#    (Nothing is needed)
+#    (Default values are used, so no configuration is required)
 #
 #  o Set OGS_LOG_ERROR to all domain level
 #   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
 #    level: error
 #
 #  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
 #    level: debug
 #    domain: mme,emm
 #
 #  o Set OGS_LOG_TRACE to all domain level
+#  logger:
 #    level: trace
-#    domain: core,s1ap,nas,fd,gtp,mme,emm,esm,event,tlv,mem,sock
+#    domain: core,sbi,ausf,event,tlv,mem,sock
 #
 logger:
    file: @localstatedir@/log/open5gs/mme.log

-#
-# mme:
 #
 #  <S1AP Server>>
 #
 #  o S1AP Server(all address available)
+#  mme:
 #    s1ap:
 #
 #  o S1AP Server(0.0.0.0:36412)
+#  mme:
 #    s1ap:
 #      addr: 0.0.0.0
 #
 #  o S1AP Server(127.0.0.2:36412, [::1]:36412)
+#  mme:
 #    s1ap:
 #      - addr: 127.0.0.2
 #      - addr: ::1
 #
 #  o S1AP Server(different port)
+#  mme:
 #    s1ap:
 #      - addr: 127.0.0.2
 #        port: 36413
 #
 #  o S1AP Server(address available in `eth0` interface)
+#  mme:
 #    s1ap:
 #      dev: eth0
 #
@ -51,6 +55,7 @@ logger:
 #    - sctp_nodelay : true
 #    - so_linger.l_onoff : false
 #
+#  mme:
 #    s1ap:
 #      addr: 127.0.0.2
 #      option:
@ -70,6 +75,7 @@ logger:
 #    - sinit_max_attempts : 4
 #    - sinit_max_init_timeo : 8000(8secs)
 #
+#  mme:
 #    s1ap:
 #      addr: 127.0.0.2
 #      option:
@ -87,9 +93,11 @@ logger:
 #  <GTP-C Server>>
 #
 #  o GTP-C Server(all address available)
+#  mme:
 #    gtpc:
 #
 #  o GTP-C Server(127.0.0.2:2123, [::1]:2123)
+#  mme:
 #    gtpc:
 #      - addr: 127.0.0.2
 #      - addr: ::1
@ -97,6 +105,7 @@ logger:
 #  <SGsAP>
 #
 #  o Single MSC/VLR(127.0.0.2)
+#  mme:
 #    sgsap:
 #      addr: 127.0.0.2
 #      map:
@ -123,6 +132,7 @@ logger:
 #          lac: 43692
 #
 #  o Multiple MSC/VLR
+#  mme:
 #    sgsap:
 #      - addr: 127.0.0.2
 #        port: 29119
@ -175,10 +185,18 @@ logger:
 #              mnc: 02
 #            lac: 43693
 #
+#  <Metrics Server>
+#
+#  o Metrics Server(http://<any address>:9090)
+#  mme:
+#    metrics:
+#      - addr: 0.0.0.0
+#        port: 9090
 #
 #  <GUMMEI>
 #
 #  o Multiple GUMMEI
+#  mme:
 #    gummei:
 #      - plmn_id:
 #          mcc: 001
@ -199,47 +217,105 @@ logger:
 #  <TAI>
 #
 #  o Multiple TAI
+#
+#  When multiple TAIs are configured as shown below,
+#  the Served TAI is determined by comparing UserLocationInformation
+#  of UplinkNASTransport sent from eNB.
+#
+#  For example, if the eNB sends TAC with 30 to the MME,
+#  the fourth TAI (TAC: 20, 28, 29-32, 36-38, 40-42, 50, 60, 70, 70)
+#  is determined as the Served TAI. The result is transmitted to the eNB
+#  as a Tracking Area identity List in Registration Accept.
+#
+#  mme:
 #    tai:
 #      - plmn_id:
 #          mcc: 001
 #          mnc: 01
-#        tac: [1, 2, 3]
+#        tac: [1, 3, 5]
 #    tai:
 #      - plmn_id:
 #          mcc: 002
 #          mnc: 02
-#        tac: 4
+#        tac: [6-10, 15-18]
+#    tai:
 #      - plmn_id:
 #          mcc: 003
 #          mnc: 03
-#        tac: 5
-#    tai:
+#        tac: 20
 #      - plmn_id:
 #          mcc: 004
 #          mnc: 04
-#        tac: [6, 7]
+#        tac: 21
+#    tai:
 #      - plmn_id:
 #          mcc: 005
 #          mnc: 05
-#        tac: 8
+#        tac: [22, 28]
 #      - plmn_id:
 #          mcc: 006
 #          mnc: 06
-#        tac: [9, 10]
+#        tac: [30-32, 34, 36-38, 40-42, 44, 46, 48]
+#      - plmn_id:
+#          mcc: 007
+#          mnc: 07
+#        tac: 50
+#      - plmn_id:
+#          mcc: 008
+#          mnc: 08
+#        tac: 60
+#      - plmn_id:
+#          mcc: 009
+#          mnc: 09
+#        tac: [70, 80]
+#
+#
+#  <Access Control>
+#
+#  If access_control is not specified, then all networks are allowed
+#  If access_control is defined,
+#  no other networks are allowed  other than matching plmn_id.
+#
+#  default_reject_cause may be used to overwrite the default error cause #11
+#  for non matching plmn_id
+#
+#  for matching plmn_id with reject_cause defined,
+#  the MME rejects access with the reject_cause error cause
+#
+#  for matching plmn_id without reject_cause defined,
+#  the MME accepts the PLMN traffic
+#
+#  o The example below only accepts 002/02 and 999/70 PLMNs.
+#    001/01 is rejected with cause 15,
+#    and the rest of the PLMNs are rejected with default cause 13.
+#
+#  mme:
+#    access_control:
+#      - default_reject_cause: 13
+#      - plmn_id:
+#          reject_cause: 15
+#          mcc: 001
+#          mnc: 01
+#      - plmn_id:
+#          mcc: 002
+#          mnc: 02
+#      - plmn_id:
+#          mcc: 999
+#          mnc: 70
 #
 #
 #  <Network Name>
-#
+#  mme:
 #    network_name:
 #        full: Open5GS
 #        short: Next
 #
 #  <MME Name>
-#
+#  mme:
 #    mme_name: open5gs-mme0
 #
 #  <Relative Capacity> - Default(255)
-#
+#  mme:
 #    relative_capacity: 100
 #
 mme:
@ -248,6 +324,9 @@ mme:
      - addr: 127.0.0.2
    gtpc:
      - addr: 127.0.0.2
+    metrics:
+      - addr: 127.0.0.2
+        port: 9090
    gummei:
      plmn_id:
        mcc: 999
@ -266,8 +345,6 @@ mme:
        full: Open5GS
    mme_name: open5gs-mme0

-#
-# sgwc:
 #
 # <GTP-C Client>
 #
@ -275,17 +352,20 @@ mme:
 #
 #  o One SGW is defined.
 #    If prefer_ipv4 is not true, [fd69:f21d:873c:fa::2] is selected.
+#  sgwc:
 #    gtpc:
 #      addr:
 #        - 127.0.0.3
 #        - fd69:f21d:873c:fa::2
 #
 #  o Two SGW are defined. MME selects SGW with round-robin manner per UE
+#  sgwc:
 #    gtpc:
 #      - addr: 127.0.0.3
 #      - addr: fd69:f21d:873c:fa::2
 #
 #  o Three SGW are defined. MME selects SGW with round-robin manner per UE
+#  sgwc:
 #    gtpc:
 #      - addr
 #        - 127.0.0.3
@ -297,30 +377,32 @@ mme:
 #
 # <SGW Selection Mode>
 #
-# o Round-Robin
+#  o Round-Robin
+#  sgwc:
+#    gtpc:
+#      addr: 127.0.0.3
+#      addr: 127.0.2.2
+#      addr: 127.0.4.2
 #
-#   gtpc:
-#     addr: 127.0.0.3
-#     addr: 127.0.2.2
-#     addr: 127.0.4.2
-#
-# o SGW selection by eNodeB TAC
+#  o SGW selection by eNodeB TAC
 #   (either single TAC or multiple TACs, DECIMAL representation)
 #
-#   gtpc:
-#     - addr: 127.0.0.3
-#       tac: 26000
-#     - addr: 127.0.2.2
-#       tac: [25000, 27000, 28000]
+#  sgwc:
+#    gtpc:
+#      - addr: 127.0.0.3
+#        tac: 26000
+#      - addr: 127.0.2.2
+#        tac: [25000, 27000, 28000]
 #
 # o SGW selection by e_cell_id(28bit)
 #   (either single or multiple e_cell_id, HEX representation)
 #
-#   gtpc:
-#     - addr: 127.0.0.3
-#       e_cell_id: abcde01
-#     - addr: 127.0.2.2
-#       e_cell_id: [12345, a9413, 98765]
+#  sgwc:
+#    gtpc:
+#      - addr: 127.0.0.3
+#        e_cell_id: abcde01
+#      - addr: 127.0.2.2
+#        e_cell_id: [12345, a9413, 98765]
 #
 sgwc:
    gtpc:
@ -335,15 +417,18 @@ sgwc:
 #    - To use a different APN for each SMF, specify gtpc.apn as the APN name.
 #    - If the HSS uses WebUI to set the SMF IP for each UE,
 #      you can use a specific SMF node for each UE.
+#    (Default values are used, so no configuration is required)
 #
 #  o Two SMF are defined. 127.0.0.4:2123 is used.
 #    [fd69:f21d:873c:fa::3]:2123 is ignored.
+#  smf:
 #    gtpc:
 #      - addr: 127.0.0.4
 #      - addr: fd69:f21d:873c:fa::3
 #
 #  o One SMF is defined. if prefer_ipv4 is not true,
 #    [fd69:f21d:873c:fa::3] is selected.
+#  smf:
 #    gtpc:
 #      - addr:
 #        - 127.0.0.4
@ -352,6 +437,7 @@ sgwc:
 #  o Two SMF are defined with a different APN.
 #    - Note that if SMF IP for UE is configured in HSS,
 #      the following configurion for this UE is ignored.
+#  smf:
 #    gtpc:
 #      - addr: 127.0.0.4
 #        apn: internet
@ -359,10 +445,29 @@ sgwc:
 #        apn: volte
 #
 #  o If APN is omitted, the default APN uses the first SMF node.
+#  smf:
 #    gtpc:
 #      - addr: 127.0.0.4
 #      - addr: 127.0.0.5
 #        apn: volte
+#
+# o SMF selection by eNodeB TAC
+#   (either single TAC or multiple TACs, DECIMAL representation)
+#
+#   gtpc:
+#     - addr: 127.0.0.4
+#       tac: 26000
+#     - addr: 127.0.2.4
+#       tac: [25000, 27000, 28000]
+#
+# o SMF selection by e_cell_id(28bit)
+#   (either single or multiple e_cell_id, HEX representation)
+#
+#   gtpc:
+#     - addr: 127.0.0.4
+#       e_cell_id: abcde01
+#     - addr: 127.0.2.4
+#       e_cell_id: [12345, a9413, 98765]
 smf:
    gtpc:
      - addr:
@ -370,30 +475,74 @@ smf:
        - ::1

 #
-# parameter:
+# <GTPv1C Client>
+#
+#  o Specify SGSN addresses the GTPv1C must connect to
+#
+#  o One SGSN is defined.
+#    If prefer_ipv4 is not true, [fd69:f21d:873c:fa::2] is selected.
+#  sgsn:
+#    - gtpc:
+#        addr:
+#          - 127.0.0.3
+#          - fd69:f21d:873c:fa::2
+#      routes:
+#      - rai:
+#          lai:
+#            plmn_id:
+#              mcc: 001
+#              mnc: 01
+#            lac: 43690
+#          rac: 187
+#        ci: 1223
+#
+#  o Two SGSNs are defined. Last one is used by default if no
+#    matching RAI+CI route is found.
+#  sgsn:
+#    - gtpc:
+#        addr:
+#          - 127.0.0.3
+#          - fd69:f21d:873c:fa::2
+#      routes:
+#      - rai:
+#          lai:
+#            plmn_id:
+#              mcc: 001
+#              mnc: 01
+#            lac: 43690
+#          rac: 187
+#        ci: 1223
+#    - name: sgsn3.open5gs.org
+#      default_route: true
+#
+sgsn:
+  - gtpc:
+      addr:
+        - 127.0.0.3
+    default_route: true
+
 #
 #  o Disable use of IPv4 addresses (only IPv6)
-#      no_ipv4: true
+#  parameter:
+#    no_ipv4: true
 #
 #  o Disable use of IPv6 addresses (only IPv4)
-#      no_ipv6: true
+#  parameter:
+#    no_ipv6: true
 #
 #  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
-#      prefer_ipv4: true
-#
-#  o Use OAI UE
-#    - Remove HashMME in Security-mode command message
-#    - Use the length 1 of EPS network feature support in Attach accept message
-#      use_openair: true
+#  parameter:
+#    prefer_ipv4: true
 #
 parameter:

 #
-# max:
-#
-# o Maximum Number of UE
+#  o Maximum Number of UE
+#  max:
 #    ue: 1024
-# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#
+#  o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#  max:
 #    peer: 64
 #
 max:
@ -404,34 +553,33 @@ max:
 #
 usrsctp:

-#
-# time:
 #
 #  o Message Wait Duration (Default : 10,000 ms = 10 seconds)
+#    (Default values are used, so no configuration is required)
 #
 #  o Message Wait Duration (3000 ms)
+#  time:
 #    message:
 #        duration: 3000
 #
 #  o Handover Wait Duration (Default : 300 ms)
 #    Time to wait for MME to send UEContextReleaseCommand
 #    to the source eNB after receiving HandoverNotify
+#    (Default values are used, so no configuration is required)
 #
 #  o Handover Wait Duration (500ms)
+#  time:
 #    handover:
 #        duration: 500
+#
+#  o Timers of EPS mobility/session management
+#  time:
+#    t3402:
+#      value: 720  # 12 minutes * 60 = 720 seconds
+#    t3412:
+#      value: 3240 # 54 minutes * 60 = 3240 seconds
+#    t3423:
+#      value: 720  # 12 minutes * 60 = 720 seconds
 time:
-
-#
-# metrics:
-#
-#  <Metrics Server>
-#
-#  o Metrics Server(http://<any address>:9090)
-#    metrics:
-#      addr: 0.0.0.0
-#      port: 9090
-#
-metrics:
-    addr: 127.0.0.2
-    port: 9090
+  t3412:
+    value: 540     # 9 mintues * 60 = 540 seconds
--- a/configs/open5gs/nrf.yaml.in
+++ b/configs/open5gs/nrf.yaml.in
@ -1,35 +1,91 @@
 #
-# logger:
-#
 #  o Set OGS_LOG_INFO to all domain level
 #   - If `level` is omitted, the default level is OGS_LOG_INFO)
 #   - If `domain` is omitted, the all domain level is set from 'level'
-#    (Nothing is needed)
+#    (Default values are used, so no configuration is required)
 #
 #  o Set OGS_LOG_ERROR to all domain level
 #   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
 #    level: error
 #
 #  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
 #    level: debug
 #    domain: mme,emm
 #
 #  o Set OGS_LOG_TRACE to all domain level
+#  logger:
 #    level: trace
-#    domain: core,sbi,nrf,event,mem,sock
+#    domain: core,sbi,ausf,event,tlv,mem,sock
 #
 logger:
    file: @localstatedir@/log/open5gs/nrf.log

 #
-# nrf:
+#  o TLS enable/disable
+#  sbi:
+#    server|client:
+#      no_tls: false|true
+#    - false: (Default) Use TLS
+#    - true:  TLS disabled
+#
+#  o Verification enable/disable
+#  sbi:
+#    server|client:
+#      no_verify: false|true
+#    - false: (Default) Verify the PEER
+#    - true:  Skip the verification step
+#
+#  o Server-side does not use TLS
+#  sbi:
+#    server:
+#      no_tls: true
+#
+#  o Client-side skips the verification step
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#
+#  o Use the specified certificate while verifying the client
+#  sbi:
+#    server
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+#  o Use the specified certificate while verifying the server
+#  sbi:
+#    client
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+sbi:
+    server:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/nrf.key
+      cert: @sysconfdir@/open5gs/tls/nrf.crt
+    client:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/nrf.key
+      cert: @sysconfdir@/open5gs/tls/nrf.crt
+
 #
 #  <SBI Server>
 #
 #  o SBI Server(http://<all address available>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  nrf:
 #    sbi:
 #
 #  o SBI Server(http://<any address>:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  nrf:
 #    sbi:
 #      - addr:
 #          - 0.0.0.0
@ -37,36 +93,81 @@ logger:
 #        port: 7777
 #
 #  o SBI Server(https://<all address available>:443)
+#  sbi:
+#    server:
+#      key: /etc/open5gs/tls/nrf.key
+#      cert: /etc/open5gs/tls/nrf.crt
+#  nrf:
 #    sbi:
-#        tls:
-#          key: nrf.key
-#          pem: nrf.pem
 #
-#  o SBI Server(https://127.0.0.10:443, http://[::1]:80)
+#  o SBI Server(https://127.0.0.10:443, https://[::1]:443) without verification
+#  sbi:
+#    server:
+#      no_verify: true
+#      key: /etc/open5gs/tls/nrf.key
+#      cert: /etc/open5gs/tls/nrf.crt
+#  nrf:
 #    sbi:
 #      - addr: 127.0.0.10
-#        tls:
-#          key: nrf.key
-#          pem: nrf.pem
 #      - addr: ::1
 #
-#  o SBI Server(http://nrf.open5gs.org:80)
+#  o SBI Server(https://nrf.open5gs.org:443)
+#    Use the specified certificate while verifying the client
+#
+#  sbi:
+#    server:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/nrf.key
+#      cert: /etc/open5gs/tls/nrf.crt
+#  nrf:
 #    sbi:
-#      name: nrf.open5gs.org
+#      - name: nrf.open5gs.org
 #
 #  o SBI Server(http://127.0.0.10:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  nrf:
 #    sbi:
 #      - addr: 127.0.0.10
 #        port: 7777
 #
 #  o SBI Server(http://<eth0 IP address>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  nrf:
 #    sbi:
-#      dev: eth0
+#      - dev: eth0
+#
+#  o Provide custom SBI address to be advertised to NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  nrf:
+#    sbi:
+#      - dev: eth0
+#        advertise: open5gs-nrf.svc.local
+#
+#  o Another example of advertising on NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  nrf:
+#    sbi:
+#      - addr: localhost
+#        advertise:
+#          - 127.0.0.99
+#          - ::1
 #
 #  o SBI Option (Default)
 #    - tcp_nodelay : true
 #    - so_linger.l_onoff : false
 #
+#  sbi:
+#    server:
+#      no_tls: true
+#  nrf:
 #    sbi:
 #      addr: 127.0.0.10
 #      option:
@ -78,76 +179,159 @@ logger:
 #  <NF Service>
 #
 #  o NF Service Name(Default : all NF services available)
+#  nrf:
 #    service_name:
 #
 #  o NF Service Name(Only some NF services are available)
+#  nrf:
 #    service_name:
 #      - nnrf-nfm
 #      - nnrf-disc
 #
 nrf:
    sbi:
-      addr:
+      - addr:
        - 127.0.0.10
        - ::1
-      port: 7777
+        port: 7777

 #
-# parameter:
+#  <SBI Client>>
+#
+#  o SBI Client(http://127.0.1.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      port: 7777
+#
+#  o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - addr: 127.0.1.10
+#      - addr: ::1
+#
+#  o SBI Client(https://scp.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - name: scp.open5gs.org
+#
+#  o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
+#    If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr:
+#        - 127.0.1.10
+#        - fd69:f21d:873c:fb::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#
+scp:
+    sbi:
+      - addr: 127.0.1.10
+        port: 7777
+
+
 #
 #  o Disable use of IPv4 addresses (only IPv6)
-#      no_ipv4: true
+#  parameter:
+#    no_ipv4: true
 #
 #  o Disable use of IPv6 addresses (only IPv4)
-#      no_ipv6: true
+#  parameter:
+#    no_ipv6: true
 #
 #  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
-#      prefer_ipv4: true
+#  parameter:
+#    prefer_ipv4: true
 #
 parameter:

 #
-# max:
-#
-# o Maximum Number of UE
+#  o Maximum Number of UE
+#  max:
 #    ue: 1024
-# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#
+#  o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#  max:
 #    peer: 64
 #
 max:

 #
-# time:
 #
 #  o NF Instance Heartbeat (Default : 10 seconds)
+#    (Default values are used, so no configuration is required)
 #
 #  o NF Instance Heartbeat (Disabled)
+#  time:
 #    nf_instance:
 #      heartbeat: 0
 #
 #  o NF Instance Heartbeat (5 seconds)
+#  time:
 #    nf_instance:
 #      heartbeat: 5
 #
 #  o NF Instance Validity (Default : 3600 seconds = 1 hour)
+#    (Default values are used, so no configuration is required)
 #
 #  o NF Instance Validity (10 seconds)
+#  time:
 #    nf_instance:
 #      validity: 10
 #
 #  o Subscription Validity (Default : 86400 seconds = 1 day)
+#    (Default values are used, so no configuration is required)
 #
 #  o Subscription Validity (Disabled)
+#  time:
 #    subscription:
 #      validity: 0
 #
 #  o Subscription Validity (3600 seconds = 1 hour)
+#  time:
 #    subscription:
 #      validity: 3600
 #
 #  o Message Wait Duration (Default : 10,000 ms = 10 seconds)
+#    (Default values are used, so no configuration is required)
 #
 #  o Message Wait Duration (3000 ms)
+#  time:
 #    message:
 #        duration: 3000
 time:
--- a/configs/open5gs/nssf.yaml.in
+++ b/configs/open5gs/nssf.yaml.in
@ -1,34 +1,91 @@
 #
-# logger:
-#
 #  o Set OGS_LOG_INFO to all domain level
 #   - If `level` is omitted, the default level is OGS_LOG_INFO)
 #   - If `domain` is omitted, the all domain level is set from 'level'
-#    (Nothing is needed)
+#    (Default values are used, so no configuration is required)
 #
 #  o Set OGS_LOG_ERROR to all domain level
 #   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
 #    level: error
 #
 #  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
 #    level: debug
 #    domain: mme,emm
 #
 #  o Set OGS_LOG_TRACE to all domain level
+#  logger:
 #    level: trace
-#    domain: core,sbi,nssf,event,tlv,mem,sock
+#    domain: core,sbi,ausf,event,tlv,mem,sock
 #
 logger:
    file: @localstatedir@/log/open5gs/nssf.log
+
 #
-# nssf:
+#  o TLS enable/disable
+#  sbi:
+#    server|client:
+#      no_tls: false|true
+#    - false: (Default) Use TLS
+#    - true:  TLS disabled
+#
+#  o Verification enable/disable
+#  sbi:
+#    server|client:
+#      no_verify: false|true
+#    - false: (Default) Verify the PEER
+#    - true:  Skip the verification step
+#
+#  o Server-side does not use TLS
+#  sbi:
+#    server:
+#      no_tls: true
+#
+#  o Client-side skips the verification step
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#
+#  o Use the specified certificate while verifying the client
+#  sbi:
+#    server
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+#  o Use the specified certificate while verifying the server
+#  sbi:
+#    client
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+sbi:
+    server:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/nssf.key
+      cert: @sysconfdir@/open5gs/tls/nssf.crt
+    client:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/nssf.key
+      cert: @sysconfdir@/open5gs/tls/nssf.crt
+
 #
 #  <SBI Server>
 #
 #  o SBI Server(http://<all address available>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  nssf:
 #    sbi:
 #
-#  o SBI Server(http://<any address>:80)
+#  o SBI Server(http://<any address>:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  nssf:
 #    sbi:
 #      - addr:
 #          - 0.0.0.0
@ -36,37 +93,67 @@ logger:
 #        port: 7777
 #
 #  o SBI Server(https://<all address available>:443)
+#  sbi:
+#    server:
+#      key: /etc/open5gs/tls/nssf.key
+#      cert: /etc/open5gs/tls/nssf.crt
+#  nssf:
 #    sbi:
-#      - tls:
-#          key: nssf.key
-#          pem: nssf.pem
 #
-#  o SBI Server(https://127.0.0.14:443, http://[::1]:80)
+#  o SBI Server(https://127.0.0.14:443, https://[::1]:443) without verification
+#  sbi:
+#    server:
+#      no_verify: true
+#      key: /etc/open5gs/tls/nssf.key
+#      cert: /etc/open5gs/tls/nssf.crt
+#  nssf:
 #    sbi:
 #      - addr: 127.0.0.14
-#        tls:
-#          key: nssf.key
-#          pem: nssf.pem
 #      - addr: ::1
 #
-#  o SBI Server(http://nssf.open5gs.org:80)
+#  o SBI Server(https://nssf.open5gs.org:443)
+#    Use the specified certificate while verifying the client
+#
+#  sbi:
+#    server:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/nssf.key
+#      cert: /etc/open5gs/tls/nssf.crt
+#  nssf:
 #    sbi:
 #      - name: nssf.open5gs.org
 #
 #  o SBI Server(http://127.0.0.14:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  nssf:
 #    sbi:
 #      - addr: 127.0.0.14
 #        port: 7777
 #
 #  o SBI Server(http://<eth0 IP address>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  nssf:
 #    sbi:
 #      - dev: eth0
 #
 #  o Provide custom SBI address to be advertised to NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  nssf:
 #    sbi:
 #      - dev: eth0
 #        advertise: open5gs-nssf.svc.local
 #
+#  o Another example of advertising on NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  nssf:
 #    sbi:
 #      - addr: localhost
 #        advertise:
@ -77,6 +164,10 @@ logger:
 #    - tcp_nodelay : true
 #    - so_linger.l_onoff : false
 #
+#  sbi:
+#    server:
+#      no_tls: true
+#  nssf:
 #    sbi:
 #      addr: 127.0.0.14
 #      option:
@ -91,6 +182,7 @@ logger:
 #   - NRF[http://::1:7777/nnrf-nfm/v1/nf-instances]
 #     NSSAI[SST:1]
 #
+#  nssf:
 #    nsi:
 #      - addr: ::1
 #        port: 7777
@ -107,6 +199,7 @@ logger:
 #   2. NRF[http://127.0.0.10:7777/nnrf-nfm/v1/nf-instances]
 #      NSSAI[SST:1, SD:009000]
 #
+#  nssf:
 #    nsi:
 #      - addr: ::1
 #        port: 7777
@ -127,6 +220,7 @@ logger:
 #    - tcp_nodelay : true
 #    - so_linger.l_onoff : false
 #
+#  nssf:
 #    nsi:
 #      addr: ::1
 #      option:
@ -138,9 +232,11 @@ logger:
 #  <NF Service>
 #
 #  o NF Service Name(Default : all NF services available)
+#  nssf:
 #    service_name:
 #
 #  o NF Service Name(Only some NF services are available)
+#  nssf:
 #    service_name:
 #      - nnssf-nsselection
 #
@ -148,12 +244,21 @@ logger:
 #
 #  o (Default) If you do not set Query Parameter as shown below,
 #
+#  sbi:
+#    server:
+#      no_tls: true
+#  nssf:
 #    sbi:
 #      - addr: 127.0.0.14
 #        port: 7777
 #
 #    - 'service-names' is included.
 #
+#  o Service-Names are not included
+#  sbi:
+#    server:
+#      no_tls: true
+#  nssf:
 #    sbi:
 #      - addr: 127.0.0.14
 #        port: 7777
@ -168,32 +273,149 @@ logger:
 #      'service-names' is always included in the URI query parameter.
 #    * That is, 'no_service_names' has no effect.
 #
+#  <For Indirect Communication with Delegated Discovery>
+#
+#  o (Default) If you do not set Delegated Discovery as shown below,
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  nssf:
+#    sbi:
+#      - addr: 127.0.0.14
+#        port: 7777
+#
+#    - Use SCP if SCP avaiable. Otherwise NRF is used.
+#      => App fails if both NRF and SCP are unavailable.
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  nssf:
+#    sbi:
+#      - addr: 127.0.0.14
+#        port: 7777
+#    discovery:
+#      delegated: auto
+#
+#  o To use SCP always => App fails if no SCP available.
+#      delegated: yes
+#
+#  o Don't use SCP server => App fails if no NRF available.
+#      delegated: no
+#
 nssf:
    sbi:
      - addr: 127.0.0.14
        port: 7777
    nsi:
-      - addr: ::1
+      - addr: 127.0.0.10
        port: 7777
        s_nssai:
          sst: 1

 #
-# nrf:
+#  <SBI Client>>
+#
+#  o SBI Client(http://127.0.1.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      port: 7777
+#
+#  o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - addr: 127.0.1.10
+#      - addr: ::1
+#
+#  o SBI Client(https://scp.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - name: scp.open5gs.org
+#
+#  o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
+#    If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr:
+#        - 127.0.1.10
+#        - fd69:f21d:873c:fb::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#
+scp:
+    sbi:
+      - addr: 127.0.1.10
+        port: 7777
+
 #
 #  <SBI Client>>
 #
 #  o SBI Client(http://127.0.0.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
 #    sbi:
 #      addr: 127.0.0.10
 #      port: 7777
 #
-#  o SBI Client(https://127.0.0.10:443, http://nrf.open5gs.org:80)
+#  o SBI Client(https://127.0.0.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
 #    sbi:
 #      - addr: 127.0.0.10
-#        tls:
-#          key: nrf.key
-#          pem: nrf.pem
+#      - addr: ::1
+#
+#  o SBI Client(https://nrf.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
+#    sbi:
 #      - name: nrf.open5gs.org
 #
 #  o SBI Client(http://[fd69:f21d:873c:fa::1]:80)
@ -204,62 +426,74 @@ nssf:
 #        - 127.0.0.10
 #        - fd69:f21d:873c:fa::1
 #
-nrf:
-    sbi:
-      - addr:
-          - 127.0.0.10
-          - ::1
-        port: 7777
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
+#    sbi:
+#      addr: 127.0.0.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#nrf:
+#    sbi:
+#      - addr:
+#          - 127.0.0.10
+#          - ::1
+#        port: 7777

-#
-# parameter:
 #
 #  o Disable use of IPv4 addresses (only IPv6)
-#      no_ipv4: true
+#  parameter:
+#    no_ipv4: true
 #
 #  o Disable use of IPv6 addresses (only IPv4)
-#      no_ipv6: true
+#  parameter:
+#    no_ipv6: true
 #
 #  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
-#      prefer_ipv4: true
+#  parameter:
+#    prefer_ipv4: true
 #
 parameter:

 #
-# max:
-#
-# o Maximum Number of UE
+#  o Maximum Number of UE
+#  max:
 #    ue: 1024
-# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#
+#  o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#  max:
 #    peer: 64
 #
 max:

-#
-# time:
 #
 #  o NF Instance Heartbeat (Default : 0)
 #    NFs will not send heart-beat timer in NFProfile
 #    NRF will send heart-beat timer in NFProfile
+#    (Default values are used, so no configuration is required)
 #
 #  o NF Instance Heartbeat (20 seconds)
 #    NFs will send heart-beat timer (20 seconds) in NFProfile
 #    NRF can change heart-beat timer in NFProfile
 #
+#  time:
 #    nf_instance:
 #      heartbeat: 20
 #
-#  o NF Instance Heartbeat (Disabled)
-#    nf_instance:
-#      heartbeat: 0
-#
-#  o NF Instance Heartbeat (10 seconds)
-#    nf_instance:
-#      heartbeat: 10
-#
 #  o Message Wait Duration (Default : 10,000 ms = 10 seconds)
+#    (Default values are used, so no configuration is required)
 #
 #  o Message Wait Duration (3000 ms)
+#  time:
 #    message:
 #        duration: 3000
 time:
--- a/configs/open5gs/pcf.yaml.in
+++ b/configs/open5gs/pcf.yaml.in
@ -1,36 +1,93 @@
 db_uri: mongodb://localhost/open5gs

-#
-# logger:
 #
 #  o Set OGS_LOG_INFO to all domain level
 #   - If `level` is omitted, the default level is OGS_LOG_INFO)
 #   - If `domain` is omitted, the all domain level is set from 'level'
-#    (Nothing is needed)
+#    (Default values are used, so no configuration is required)
 #
 #  o Set OGS_LOG_ERROR to all domain level
 #   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
 #    level: error
 #
 #  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
 #    level: debug
 #    domain: mme,emm
 #
 #  o Set OGS_LOG_TRACE to all domain level
+#  logger:
 #    level: trace
-#    domain: core,sbi,pcf,event,tlv,mem,sock
+#    domain: core,sbi,ausf,event,tlv,mem,sock
 #
 logger:
    file: @localstatedir@/log/open5gs/pcf.log
+
 #
-# pcf:
+#  o TLS enable/disable
+#  sbi:
+#    server|client:
+#      no_tls: false|true
+#    - false: (Default) Use TLS
+#    - true:  TLS disabled
+#
+#  o Verification enable/disable
+#  sbi:
+#    server|client:
+#      no_verify: false|true
+#    - false: (Default) Verify the PEER
+#    - true:  Skip the verification step
+#
+#  o Server-side does not use TLS
+#  sbi:
+#    server:
+#      no_tls: true
+#
+#  o Client-side skips the verification step
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#
+#  o Use the specified certificate while verifying the client
+#  sbi:
+#    server
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+#  o Use the specified certificate while verifying the server
+#  sbi:
+#    client
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+sbi:
+    server:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/pcf.key
+      cert: @sysconfdir@/open5gs/tls/pcf.crt
+    client:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/pcf.key
+      cert: @sysconfdir@/open5gs/tls/pcf.crt
+
 #
 #  <SBI Server>
 #
 #  o SBI Server(http://<all address available>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  pcf:
 #    sbi:
 #
-#  o SBI Server(http://<any address>:80)
+#  o SBI Server(http://<any address>:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  pcf:
 #    sbi:
 #      - addr:
 #          - 0.0.0.0
@ -38,37 +95,67 @@ logger:
 #        port: 7777
 #
 #  o SBI Server(https://<all address available>:443)
+#  sbi:
+#    server:
+#      key: /etc/open5gs/tls/pcf.key
+#      cert: /etc/open5gs/tls/pcf.crt
+#  pcf:
 #    sbi:
-#      - tls:
-#          key: pcf.key
-#          pem: pcf.pem
 #
-#  o SBI Server(https://127.0.0.13:443, http://[::1]:80)
+#  o SBI Server(https://127.0.0.13:443, https://[::1]:443) without verification
+#  sbi:
+#    server:
+#      no_verify: true
+#      key: /etc/open5gs/tls/pcf.key
+#      cert: /etc/open5gs/tls/pcf.crt
+#  pcf:
 #    sbi:
 #      - addr: 127.0.0.13
-#        tls:
-#          key: pcf.key
-#          pem: pcf.pem
 #      - addr: ::1
 #
-#  o SBI Server(http://pcf.open5gs.org:80)
+#  o SBI Server(https://pcf.open5gs.org:443)
+#    Use the specified certificate while verifying the client
+#
+#  sbi:
+#    server:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/pcf.key
+#      cert: /etc/open5gs/tls/pcf.crt
+#  pcf:
 #    sbi:
 #      - name: pcf.open5gs.org
 #
 #  o SBI Server(http://127.0.0.13:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  pcf:
 #    sbi:
 #      - addr: 127.0.0.13
 #        port: 7777
 #
 #  o SBI Server(http://<eth0 IP address>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  pcf:
 #    sbi:
 #      - dev: eth0
 #
 #  o Provide custom SBI address to be advertised to NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  pcf:
 #    sbi:
 #      - dev: eth0
 #        advertise: open5gs-pcf.svc.local
 #
+#  o Another example of advertising on NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  pcf:
 #    sbi:
 #      - addr: localhost
 #        advertise:
@ -79,6 +166,10 @@ logger:
 #    - tcp_nodelay : true
 #    - so_linger.l_onoff : false
 #
+#  sbi:
+#    server:
+#      no_tls: true
+#  pcf:
 #    sbi:
 #      addr: 127.0.0.13
 #      option:
@ -90,9 +181,11 @@ logger:
 #  <NF Service>
 #
 #  o NF Service Name(Default : all NF services available)
+#  pcf:
 #    service_name:
 #
 #  o NF Service Name(Only some NF services are available)
+#  pcf:
 #    service_name:
 #      - npcf-am-policy-control
 #      - npcf-smpolicycontrol
@ -127,10 +220,105 @@ logger:
 #      'service-names' is always included in the URI query parameter.
 #    * That is, 'no_service_names' has no effect.
 #
+#  <For Indirect Communication with Delegated Discovery>
+#
+#  o (Default) If you do not set Delegated Discovery as shown below,
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  pcf:
+#    sbi:
+#      - addr: 127.0.0.13
+#        port: 7777
+#
+#    - Use SCP if SCP avaiable. Otherwise NRF is used.
+#      => App fails if both NRF and SCP are unavailable.
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  pcf:
+#    sbi:
+#      - addr: 127.0.0.13
+#        port: 7777
+#    discovery:
+#      delegated: auto
+#
+#  o To use SCP always => App fails if no SCP available.
+#      delegated: yes
+#
+#  o Don't use SCP server => App fails if no NRF available.
+#      delegated: no
+#
+#
+#  <Metrics Server>
+#
+#  o Metrics Server(http://<any address>:9090)
+#  pcf:
+#    metrics:
+#    - addr: 0.0.0.0
+#      port: 9090
+#
 pcf:
    sbi:
      - addr: 127.0.0.13
        port: 7777
+    metrics:
+      - addr: 127.0.0.13
+        port: 9090
+
+#
+# scp:
+#
+#  <SBI Client>>
+#
+#  o SBI Client(http://127.0.1.10:7777)
+#    sbi:
+#      addr: 127.0.1.10
+#      port: 7777
+#
+#  o SBI Client(https://127.0.1.10:443, http://scp.open5gs.org:80)
+#    sbi:
+#      - addr: 127.0.1.10
+#        tls:
+#          key: /etc/open5gs/tls/pcf.key
+#          cert: /etc/open5gs/tls/pcf.crt
+#      - name: scp.open5gs.org
+#
+#  o SBI Client(https://scp.open5gs.org:443)
+#    Use the specified certificate to verify peer
+#
+#    sbi:
+#      - name: scp.open5gs.org
+#        tls:
+#          cacert: /etc/open5gs/tls/ca.crt
+#
+#  o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
+#    If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
+#
+#    sbi:
+#      addr:
+#        - 127.0.1.10
+#        - fd69:f21d:873c:fb::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#    sbi:
+#      addr: 127.0.1.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#
+scp:
+    sbi:
+      - addr: 127.0.1.10
+        port: 7777

 #
 # nrf:
@ -142,12 +330,24 @@ pcf:
 #      addr: 127.0.0.10
 #      port: 7777
 #
-#  o SBI Client(https://127.0.0.10:443, http://nrf.open5gs.org:80)
+#  o SBI Client(https://127.0.0.10:443, https://[::1]:443)
+#  tls:
+#    client:
+#      key: /etc/open5gs/tls/pcf.key
+#      cert: /etc/open5gs/tls/pcf.crt
+#  nrf:
 #    sbi:
 #      - addr: 127.0.0.10
-#        tls:
-#          key: nrf.key
-#          pem: nrf.pem
+#      - addr: ::1
+#
+#  o SBI Client(https://nrf.open5gs.org:443)
+#    Use the specified certificate to verify server
+#
+#  tls:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#  nrf:
+#    sbi:
 #      - name: nrf.open5gs.org
 #
 #  o SBI Client(http://[fd69:f21d:873c:fa::1]:80)
@ -170,54 +370,58 @@ pcf:
 #          l_onoff: true
 #          l_linger: 10
 #
-nrf:
-    sbi:
-      - addr:
-          - 127.0.0.10
-          - ::1
-        port: 7777
+#nrf:
+#    sbi:
+#      - addr:
+#          - 127.0.0.10
+#          - ::1
+#        port: 7777

-#
-# parameter:
 #
 #  o Disable use of IPv4 addresses (only IPv6)
-#      no_ipv4: true
+#  parameter:
+#    no_ipv4: true
 #
 #  o Disable use of IPv6 addresses (only IPv4)
-#      no_ipv6: true
+#  parameter:
+#    no_ipv6: true
 #
 #  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
-#      prefer_ipv4: true
+#  parameter:
+#    prefer_ipv4: true
 #
 parameter:

 #
-# max:
-#
-# o Maximum Number of UE
+#  o Maximum Number of UE
+#  max:
 #    ue: 1024
-# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#
+#  o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#  max:
 #    peer: 64
 #
 max:

-#
-# time:
 #
 #  o NF Instance Heartbeat (Default : 0)
 #    NFs will not send heart-beat timer in NFProfile
 #    NRF will send heart-beat timer in NFProfile
+#    (Default values are used, so no configuration is required)
 #
 #  o NF Instance Heartbeat (20 seconds)
 #    NFs will send heart-beat timer (20 seconds) in NFProfile
 #    NRF can change heart-beat timer in NFProfile
 #
+#  time:
 #    nf_instance:
 #      heartbeat: 20
 #
 #  o Message Wait Duration (Default : 10,000 ms = 10 seconds)
+#    (Default values are used, so no configuration is required)
 #
 #  o Message Wait Duration (3000 ms)
+#  time:
 #    message:
 #        duration: 3000
 time:
--- a/configs/open5gs/pcrf.yaml.in
+++ b/configs/open5gs/pcrf.yaml.in
@ -1,50 +1,85 @@
 db_uri: mongodb://localhost/open5gs
-
-#
-# logger:
+db_json:
+  default:
+    af:
+      ambr:
+        up: 10000
+        down: 10000
+      gmbr:
+        up: 1000
+        down: 1000
+      qci: 4
+    normal:
+      ambr:
+        up: 10000
+        down: 10000
+      gmbr:
+        up: 10000
+        down: 10000
+      qci: 5
+  charging_profiles:
+    af:
+      - 1
+      - 2
+      - 3
+      - 4
+    normal:
+      - 1
+      - 2
+      - 3
+      - 4
+    dir:
+      normal: "/tmp/profiles"
+      af: "/tmp/profiles_af"
 #
 #  o Set OGS_LOG_INFO to all domain level
 #   - If `level` is omitted, the default level is OGS_LOG_INFO)
 #   - If `domain` is omitted, the all domain level is set from 'level'
-#    (Nothing is needed)
+#    (Default values are used, so no configuration is required)
 #
 #  o Set OGS_LOG_ERROR to all domain level
 #   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
 #    level: error
 #
 #  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
 #    level: debug
 #    domain: mme,emm
 #
 #  o Set OGS_LOG_TRACE to all domain level
+#  logger:
 #    level: trace
-#    domain: core,fd,pcrf,event,mem,sock
+#    domain: core,sbi,ausf,event,tlv,mem,sock
+#
 logger:
    file: @localstatedir@/log/open5gs/pcrf.log

 pcrf:
    freeDiameter: @sysconfdir@/freeDiameter/pcrf.conf

-#
-# parameter:
 #
 #  o Disable use of IPv4 addresses (only IPv6)
-#      no_ipv4: true
+#  parameter:
+#    no_ipv4: true
 #
 #  o Disable use of IPv6 addresses (only IPv4)
-#      no_ipv6: true
+#  parameter:
+#    no_ipv6: true
 #
 #  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
-#      prefer_ipv4: true
+#  parameter:
+#    prefer_ipv4: true
 #
 parameter:

 #
-# max:
-#
-# o Maximum Number of UE
+#  o Maximum Number of UE
+#  max:
 #    ue: 1024
-# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#
+#  o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#  max:
 #    peer: 64
 #
 max:
--- a/configs/open5gs/scp.yaml.in
+++ b/configs/open5gs/scp.yaml.in
@ -1,37 +1,93 @@
 db_uri: mongodb://localhost/open5gs

-#
-# logger:
 #
 #  o Set OGS_LOG_INFO to all domain level
 #   - If `level` is omitted, the default level is OGS_LOG_INFO)
 #   - If `domain` is omitted, the all domain level is set from 'level'
-#    (Nothing is needed)
+#    (Default values are used, so no configuration is required)
 #
 #  o Set OGS_LOG_ERROR to all domain level
 #   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
 #    level: error
 #
 #  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
 #    level: debug
 #    domain: mme,emm
 #
 #  o Set OGS_LOG_TRACE to all domain level
+#  logger:
 #    level: trace
-#    domain: core,sbi,scp,event,tlv,mem,sock
+#    domain: core,sbi,ausf,event,tlv,mem,sock
 #
 logger:
    file: @localstatedir@/log/open5gs/scp.log

 #
-# scp:
+#  o TLS enable/disable
+#  sbi:
+#    server|client:
+#      no_tls: false|true
+#    - false: (Default) Use TLS
+#    - true:  TLS disabled
+#
+#  o Verification enable/disable
+#  sbi:
+#    server|client:
+#      no_verify: false|true
+#    - false: (Default) Verify the PEER
+#    - true:  Skip the verification step
+#
+#  o Server-side does not use TLS
+#  sbi:
+#    server:
+#      no_tls: true
+#
+#  o Client-side skips the verification step
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#
+#  o Use the specified certificate while verifying the client
+#  sbi:
+#    server
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+#  o Use the specified certificate while verifying the server
+#  sbi:
+#    client
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+sbi:
+    server:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/scp.key
+      cert: @sysconfdir@/open5gs/tls/scp.crt
+    client:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/scp.key
+      cert: @sysconfdir@/open5gs/tls/scp.crt
+
 #
 #  <SBI Server>
 #
 #  o SBI Server(http://<all address available>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  scp:
 #    sbi:
 #
-#  o SBI Server(http://<any address>:80)
+#  o SBI Server(http://<any address>:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  scp:
 #    sbi:
 #      - addr:
 #          - 0.0.0.0
@ -39,37 +95,67 @@ logger:
 #        port: 7777
 #
 #  o SBI Server(https://<all address available>:443)
+#  sbi:
+#    server:
+#      key: /etc/open5gs/tls/scp.key
+#      cert: /etc/open5gs/tls/scp.crt
+#  scp:
 #    sbi:
-#      - tls:
-#          key: scp.key
-#          pem: scp.pem
 #
-#  o SBI Server(https://127.0.1.10:443, http://[::1]:80)
+#  o SBI Server(https://127.0.1.10:443, https://[::1]:443) without verification
+#  sbi:
+#    server:
+#      no_verify: true
+#      key: /etc/open5gs/tls/scp.key
+#      cert: /etc/open5gs/tls/scp.crt
+#  scp:
 #    sbi:
 #      - addr: 127.0.1.10
-#        tls:
-#          key: scp.key
-#          pem: scp.pem
 #      - addr: ::1
 #
-#  o SBI Server(http://scp.open5gs.org:80)
+#  o SBI Server(https://scp.open5gs.org:443)
+#    Use the specified certificate while verifying the client
+#
+#  sbi:
+#    server:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/scp.key
+#      cert: /etc/open5gs/tls/scp.crt
+#  scp:
 #    sbi:
 #      - name: scp.open5gs.org
 #
 #  o SBI Server(http://127.0.1.10:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  scp:
 #    sbi:
 #      - addr: 127.0.1.10
 #        port: 7777
 #
 #  o SBI Server(http://<eth0 IP address>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  scp:
 #    sbi:
 #      - dev: eth0
 #
 #  o Provide custom SBI address to be advertised to NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  scp:
 #    sbi:
 #      - dev: eth0
 #        advertise: open5gs-scp.svc.local
 #
+#  o Another example of advertising on NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  scp:
 #    sbi:
 #      - addr: localhost
 #        advertise:
@ -80,6 +166,10 @@ logger:
 #    - tcp_nodelay : true
 #    - so_linger.l_onoff : false
 #
+#  sbi:
+#    server:
+#      no_tls: true
+#  scp:
 #    sbi:
 #      addr: 127.0.1.10
 #      option:
@ -88,19 +178,59 @@ logger:
 #          l_onoff: true
 #          l_linger: 10
 #
-#  <Next hop SCP>
+#  <SCP Information>
 #
-#  o Next hop SCP Server(https://127.0.1.11:7777)
-#  next_scp:
-#      sbi:
-#        - addr: 127.0.1.11
-#          port: 7777
+#  o SCP port number(s) WITHOUT SCP Domain
+#    - If no SCP port information is present in ScpInfo or
+#      in ScpDomainInfo for a specific SCP domain,
+#      the HTTP client shall use the default HTTP port number,
+#      i.e. TCP port 80 for "http" URIs or TCP port 443
+#      for "https" URIs as specified in IETF RFC 7540 [9]
+#      when sending a request to the SCP within the specific SCP domain.
+#  scp:
+#    info:
+#      port:
+#        http: 7777
+#        https: 8888
+#
+#  o SCP port number(s) WITH SCP Domain
+#    - If this attribute is present,
+#      it has precedence over the scpPorts attribute of ScpInfo.
+#  scp:
+#    info:
+#      domain:
+#        - name: SCP_Domain_1
+#          fqdn: scp.localdomain
+#          port:
+#            http: 7777
+#            https: 8888
+#
+#  o Complex Example
+#  scp:
+#    info:
+#      port:
+#        http: 7777
+#        https: 8888
+#      domain:
+#        - name: SCP_Domain_1
+#          fqdn: scp.hplmndomain
+#          port:
+#            http: 3333
+#            https: 4444
+#        - name: SCP_Domain_2
+#          fqdn: scp.vplmndomain
+#          port:
+#            http: 5555
+#            https: 6666
 #
 #  <For Indirect Communication with Delegated Discovery>
 #
 #  o (Default) If you do not set Delegated Discovery as shown below,
 #
-#  next_scp:
+#  sbi:
+#    server:
+#      no_tls: true
+#  scp:
 #    sbi:
 #      - addr: 127.0.1.10
 #        port: 7777
@ -108,7 +238,10 @@ logger:
 #    - Use SCP if SCP avaiable. Otherwise NRF is used.
 #      => App fails if both NRF and SCP are unavailable.
 #
-#  next_scp:
+#  sbi:
+#    server:
+#      no_tls: true
+#  scp:
 #    sbi:
 #      - addr: 127.0.1.10
 #        port: 7777
@ -126,22 +259,103 @@ scp:
      - addr: 127.0.1.10
        port: 7777

+#  <Next hop SCP>
 #
-# nrf:
+#  o SBI Client(http://127.0.1.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  next_scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      port: 7777
+#
+#  o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  next_scp:
+#    sbi:
+#      - addr: 127.0.1.10
+#      - addr: ::1
+#
+#  o SBI Client(https://scp.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  next_scp:
+#    sbi:
+#      - name: scp.open5gs.org
+#
+#  o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
+#    If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  next_scp:
+#    sbi:
+#      addr:
+#        - 127.0.1.10
+#        - fd69:f21d:873c:fb::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  next_scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#
+
 #
 #  <SBI Client>>
 #
 #  o SBI Client(http://127.0.0.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
 #    sbi:
 #      addr: 127.0.0.10
 #      port: 7777
 #
-#  o SBI Client(https://127.0.0.10:443, http://nrf.open5gs.org:80)
+#  o SBI Client(https://127.0.0.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
 #    sbi:
 #      - addr: 127.0.0.10
-#        tls:
-#          key: nrf.key
-#          pem: nrf.pem
+#      - addr: ::1
+#
+#  o SBI Client(https://nrf.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
+#    sbi:
 #      - name: nrf.open5gs.org
 #
 #  o SBI Client(http://[fd69:f21d:873c:fa::1]:80)
@ -156,6 +370,10 @@ scp:
 #    - tcp_nodelay : true
 #    - so_linger.l_onoff : false
 #
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
 #    sbi:
 #      addr: 127.0.0.10
 #      option:
@ -171,47 +389,51 @@ nrf:
          - ::1
        port: 7777

-#
-# parameter:
 #
 #  o Disable use of IPv4 addresses (only IPv6)
-#      no_ipv4: true
+#  parameter:
+#    no_ipv4: true
 #
 #  o Disable use of IPv6 addresses (only IPv4)
-#      no_ipv6: true
+#  parameter:
+#    no_ipv6: true
 #
 #  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
-#      prefer_ipv4: true
+#  parameter:
+#    prefer_ipv4: true
 #
 parameter:

 #
-# max:
-#
-# o Maximum Number of UE
+#  o Maximum Number of UE
+#  max:
 #    ue: 1024
-# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#
+#  o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#  max:
 #    peer: 64
 #
 max:

-#
-# time:
 #
 #  o NF Instance Heartbeat (Default : 0)
 #    NFs will not send heart-beat timer in NFProfile
 #    NRF will send heart-beat timer in NFProfile
+#    (Default values are used, so no configuration is required)
 #
 #  o NF Instance Heartbeat (20 seconds)
 #    NFs will send heart-beat timer (20 seconds) in NFProfile
 #    NRF can change heart-beat timer in NFProfile
 #
+#  time:
 #    nf_instance:
 #      heartbeat: 20
 #
 #  o Message Wait Duration (Default : 10,000 ms = 10 seconds)
+#    (Default values are used, so no configuration is required)
 #
 #  o Message Wait Duration (3000 ms)
+#  time:
 #    message:
 #        duration: 3000
 time:
--- a/configs/open5gs/sgwc.yaml.in
+++ b/configs/open5gs/sgwc.yaml.in
@ -1,32 +1,32 @@
 #
-# logger:
-#
 #  o Set OGS_LOG_INFO to all domain level
 #   - If `level` is omitted, the default level is OGS_LOG_INFO)
 #   - If `domain` is omitted, the all domain level is set from 'level'
-#    (Nothing is needed)
+#    (Default values are used, so no configuration is required)
 #
 #  o Set OGS_LOG_ERROR to all domain level
 #   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
 #    level: error
 #
 #  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
 #    level: debug
 #    domain: mme,emm
 #
 #  o Set OGS_LOG_TRACE to all domain level
+#  logger:
 #    level: trace
-#    domain: core,pfcp,gtp,sgwc,event,tlv,mem,sock
+#    domain: core,sbi,ausf,event,tlv,mem,sock
 #
 logger:
    file: @localstatedir@/log/open5gs/sgwc.log

-#
-# sgwc:
 #
 #  <GTP-C Server>
 #
 #  o GTP-C Server(127.0.0.3:2123, [fd69:f21d:873c:fa::2]:2123)
+#  sgwc:
 #    gtpc:
 #      addr:
 #        - 127.0.0.3
@ -34,6 +34,7 @@ logger:
 #
 #  o On SGW, Same Configuration(127.0.0.3:2123,
 #  [fd69:f21d:873c:fa::2]:2123) as below.
+#  sgwc:
 #    gtpc:
 #      - addr: 127.0.0.3
 #      - addr: fd69:f21d:873c:fa::2
@ -41,6 +42,7 @@ logger:
 #  o GTP-C Option (Default)
 #    - so_bindtodevice : NULL
 #
+#  sgwc:
 #    gtpc:
 #      addr: 127.0.0.3
 #      option:
@ -49,35 +51,43 @@ logger:
 #  <PFCP Server>
 #
 #  o PFCP Server(127.0.0.3:8805, ::1:8805)
+#  sgwc:
 #    pfcp:
 #      - addr: 127.0.0.3
 #      - addr: ::1
 #
 #  o PFCP-U Server(127.0.0.1:2152, [::1]:2152)
+#  sgwc:
 #    pfcp:
 #      name: localhost
 #
 #  o PFCP Option (Default)
 #    - so_bindtodevice : NULL
 #
+#  sgwc:
 #    pfcp:
 #      addr: 127.0.0.3
 #      option:
 #        so_bindtodevice: vrf-blue
 #
+#  o Provide custom PFCP address to be advertised in PFCP association
+#      request/respond
+#  sgwc:
+#    pfcp:
+#      - addr: 0.0.0.0
+#        advertise: open5gs-smf.svc.local
+#
 sgwc:
    gtpc:
      - addr: 127.0.0.3
    pfcp:
      - addr: 127.0.0.3

-#
-# sgwu:
 #
 #  <PFCP Client>>
 #
 #  o PFCP Client(127.0.0.6:8805)
-#
+#  sgwu:
 #    pfcp:
 #      addr: 127.0.0.6
 #
@ -122,41 +132,46 @@ sgwu:
    pfcp:
      - addr: 127.0.0.6

-#
-# parameter:
 #
 #  o Disable use of IPv4 addresses (only IPv6)
-#      no_ipv4: true
+#  parameter:
+#    no_ipv4: true
 #
 #  o Disable use of IPv6 addresses (only IPv4)
-#      no_ipv6: true
+#  parameter:
+#    no_ipv6: true
 #
 #  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
-#      prefer_ipv4: true
+#  parameter:
+#    prefer_ipv4: true
 #
 #  o Disable selection of SGW-U PFCP in Round-Robin manner
-#      no_pfcp_rr_select: true
+#  parameter:
+#    no_pfcp_rr_select: true
 #
 parameter:

-#
-# max:
 #
 # o Maximum Number of UE
-#    ue: 1024
+# max:
+#   ue: 1024
+#
 # o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
-#    peer: 64
+# max:
+#   peer: 64
+#
 # o Maximum Number of GTP peer nodes per SGWC/SMF
-#    gtp_peer: 64
+# max:
+#   gtp_peer: 64
 #
 max:

-#
-# time:
 #
 #  o Message Wait Duration (Default : 10,000 ms = 10 seconds)
+#    (Default values are used, so no configuration is required)
 #
 #  o Message Wait Duration (3000 ms)
+#  time:
 #    message:
 #        duration: 3000
 time:
--- a/configs/open5gs/sgwu.yaml.in
+++ b/configs/open5gs/sgwu.yaml.in
@ -1,48 +1,57 @@
 #
-# logger:
-#
 #  o Set OGS_LOG_INFO to all domain level
 #   - If `level` is omitted, the default level is OGS_LOG_INFO)
 #   - If `domain` is omitted, the all domain level is set from 'level'
-#    (Nothing is needed)
+#    (Default values are used, so no configuration is required)
 #
 #  o Set OGS_LOG_ERROR to all domain level
 #   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
 #    level: error
 #
 #  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
 #    level: debug
 #    domain: mme,emm
 #
 #  o Set OGS_LOG_TRACE to all domain level
+#  logger:
 #    level: trace
-#    domain: core,pfcp,gtp,sgwu,event,tlv,mem,sock
+#    domain: core,sbi,ausf,event,tlv,mem,sock
 #
 logger:
    file: @localstatedir@/log/open5gs/sgwu.log

-#
-# sgwu:
 #
 #  <PFCP Server>
 #
 #  o PFCP Server(127.0.0.6:8805, ::1:8805)
+#  sgwu:
 #    pfcp:
 #      - addr: 127.0.0.6
 #      - addr: ::1
 #
 #  o PFCP-U Server(127.0.0.1:2152, [::1]:2152)
+#  sgwu:
 #    pfcp:
 #      - name: localhost
 #
 #  o PFCP Option (Default)
 #    - so_bindtodevice : NULL
 #
+#  sgwu:
 #    pfcp:
 #      addr: 127.0.0.6
 #      option:
 #        so_bindtodevice: vrf-blue
 #
+#  o Provide custom PFCP address to be advertised in PFCP association
+#      request/respond
+#  sgwc:
+#    pfcp:
+#      - addr: 0.0.0.0
+#        advertise: open5gs-smf.svc.local
+#
 #  <GTP-U Server>
 #
 #  o GTP-U Server(127.0.0.6:2152, [::1]:2152)
@ -51,10 +60,12 @@ logger:
 #      - addr: ::1
 #
 #  o GTP-U Server(127.0.0.1:2152, [::1]:2152)
+#  sgwu:
 #    gtpu:
 #      - name: localhost
 #
 #  o User Plane IP Resource information
+#  sgwu:
 #    gtpu:
 #      - addr:
 #        - 127.0.0.6
@ -70,20 +81,24 @@ logger:
 #        source_interface: 1
 #
 #  o Provide custom SGW-U GTP-U address to be advertised inside S1AP messages
+#  sgwu:
 #    gtpu:
 #      - addr: 10.4.128.21
 #        advertise: 172.24.15.30
 #
+#  sgwu:
 #    gtpu:
 #      - addr: 10.4.128.21
 #        advertise:
 #        - 127.0.0.1
 #        - ::1
 #
+#  sgwu:
 #    gtpu:
 #      - addr: 10.4.128.21
 #        advertise: sgw1.epc.mnc001.mcc001.3gppnetwork.org
 #
+#  sgwu:
 #    gtpu:
 #      - dev: ens3
 #        advertise: sgw1.epc.mnc001.mcc001.3gppnetwork.org
@ -91,6 +106,7 @@ logger:
 #  o GTP-U Option (Default)
 #    - so_bindtodevice : NULL
 #
+#  sgwu:
 #    gtpu:
 #      addr: 127.0.0.6
 #      option:
@ -102,48 +118,49 @@ sgwu:
    gtpu:
      - addr: 127.0.0.6

-#
-# sgwc:
 #
 #  <PFCP Client>>
 #
 #  o PFCP Client(127.0.0.3:8805)
-#
+#  sgwc:
 #    pfcp:
 #      addr: 127.0.0.3
 #
 sgwc:

-#
-# parameter:
 #
 #  o Disable use of IPv4 addresses (only IPv6)
-#      no_ipv4: true
+#  parameter:
+#    no_ipv4: true
 #
 #  o Disable use of IPv6 addresses (only IPv4)
-#      no_ipv6: true
+#  parameter:
+#    no_ipv6: true
 #
 #  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
-#      prefer_ipv4: true
+#  parameter:
+#    prefer_ipv4: true
 #
 parameter:

-#
-# max:
 #
 # o Maximum Number of UE
-#    ue: 1024
+# max:
+#   ue: 1024
+#
 # o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
-#    peer: 64
+# max:
+#   peer: 64
 #
 max:

 #
-# time:
 #
 #  o Message Wait Duration (Default : 10,000 ms = 10 seconds)
+#    (Default values are used, so no configuration is required)
 #
 #  o Message Wait Duration (3000 ms)
+#  time:
 #    message:
 #        duration: 3000
 time:
--- a/configs/open5gs/smf.yaml.in
+++ b/configs/open5gs/smf.yaml.in
@ -1,34 +1,91 @@
 #
-# logger:
-#
 #  o Set OGS_LOG_INFO to all domain level
 #   - If `level` is omitted, the default level is OGS_LOG_INFO)
 #   - If `domain` is omitted, the all domain level is set from 'level'
-#    (Nothing is needed)
+#    (Default values are used, so no configuration is required)
 #
 #  o Set OGS_LOG_ERROR to all domain level
 #   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
 #    level: error
 #
 #  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
 #    level: debug
 #    domain: mme,emm
 #
 #  o Set OGS_LOG_TRACE to all domain level
+#  logger:
 #    level: trace
-#    domain: core,pfcp,fd,pfcp,gtp,smf,event,tlv,mem,sock
+#    domain: core,sbi,ausf,event,tlv,mem,sock
 #
 logger:
    file: @localstatedir@/log/open5gs/smf.log
+
 #
-# smf:
+#  o TLS enable/disable
+#  sbi:
+#    server|client:
+#      no_tls: false|true
+#    - false: (Default) Use TLS
+#    - true:  TLS disabled
+#
+#  o Verification enable/disable
+#  sbi:
+#    server|client:
+#      no_verify: false|true
+#    - false: (Default) Verify the PEER
+#    - true:  Skip the verification step
+#
+#  o Server-side does not use TLS
+#  sbi:
+#    server:
+#      no_tls: true
+#
+#  o Client-side skips the verification step
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#
+#  o Use the specified certificate while verifying the client
+#  sbi:
+#    server
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+#  o Use the specified certificate while verifying the server
+#  sbi:
+#    client
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+sbi:
+    server:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/smf.key
+      cert: @sysconfdir@/open5gs/tls/smf.crt
+    client:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/smf.key
+      cert: @sysconfdir@/open5gs/tls/smf.crt
+
 #
 #  <SBI Server>
 #
 #  o SBI Server(http://<all address available>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  smf:
 #    sbi:
 #
-#  o SBI Server(http://<any address>:80)
+#  o SBI Server(http://<any address>:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  smf:
 #    sbi:
 #      - addr:
 #          - 0.0.0.0
@ -36,37 +93,67 @@ logger:
 #        port: 7777
 #
 #  o SBI Server(https://<all address available>:443)
+#  sbi:
+#    server:
+#      key: /etc/open5gs/tls/smf.key
+#      cert: /etc/open5gs/tls/smf.crt
+#  smf:
 #    sbi:
-#      - tls:
-#          key: smf.key
-#          pem: smf.pem
 #
-#  o SBI Server(https://127.0.0.4:443, http://[::1]:80)
+#  o SBI Server(https://127.0.0.4:443, https://[::1]:443) without verification
+#  sbi:
+#    server:
+#      no_verify: true
+#      key: /etc/open5gs/tls/smf.key
+#      cert: /etc/open5gs/tls/smf.crt
+#  smf:
 #    sbi:
 #      - addr: 127.0.0.4
-#        tls:
-#          key: smf.key
-#          pem: smf.pem
 #      - addr: ::1
 #
-#  o SBI Server(http://smf.open5gs.org:80)
+#  o SBI Server(https://smf.open5gs.org:443)
+#    Use the specified certificate while verifying the client
+#
+#  sbi:
+#    server:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/smf.key
+#      cert: /etc/open5gs/tls/smf.crt
+#  smf:
 #    sbi:
 #      - name: smf.open5gs.org
 #
 #  o SBI Server(http://127.0.0.4:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  smf:
 #    sbi:
 #      - addr: 127.0.0.4
 #        port: 7777
 #
 #  o SBI Server(http://<eth0 IP address>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  smf:
 #    sbi:
 #      - dev: eth0
 #
 #  o Provide custom SBI address to be advertised to NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  smf:
 #    sbi:
 #      - dev: eth0
 #        advertise: open5gs-smf.svc.local
 #
+#  o Another example of advertising on NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  smf:
 #    sbi:
 #      - addr: localhost
 #        advertise:
@ -77,6 +164,10 @@ logger:
 #    - tcp_nodelay : true
 #    - so_linger.l_onoff : false
 #
+#  sbi:
+#    server:
+#      no_tls: true
+#  smf:
 #    sbi:
 #      addr: 127.0.0.4
 #      option:
@ -85,12 +176,15 @@ logger:
 #          l_onoff: true
 #          l_linger: 10
 #
+#
 #  <NF Service>
 #
 #  o NF Service Name(Default : all NF services available)
+#  smf:
 #    service_name:
 #
 #  o NF Service Name(Only some NF services are available)
+#  smf:
 #    service_name:
 #      - nsmf-pdusession
 #
@ -98,12 +192,21 @@ logger:
 #
 #  o (Default) If you do not set Query Parameter as shown below,
 #
+#  sbi:
+#    server:
+#      no_tls: true
+#  smf:
 #    sbi:
 #      - addr: 127.0.0.4
 #        port: 7777
 #
 #    - 'service-names' is included.
 #
+#  o Service-Names are not included
+#  sbi:
+#    server:
+#      no_tls: true
+#  smf:
 #    sbi:
 #      - addr: 127.0.0.4
 #        port: 7777
@ -118,29 +221,70 @@ logger:
 #      'service-names' is always included in the URI query parameter.
 #    * That is, 'no_service_names' has no effect.
 #
+#  <For Indirect Communication with Delegated Discovery>
+#
+#  o (Default) If you do not set Delegated Discovery as shown below,
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  smf:
+#    sbi:
+#      - addr: 127.0.0.4
+#        port: 7777
+#
+#    - Use SCP if SCP avaiable. Otherwise NRF is used.
+#      => App fails if both NRF and SCP are unavailable.
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  smf:
+#    sbi:
+#      - addr: 127.0.0.4
+#        port: 7777
+#    discovery:
+#      delegated: auto
+#
+#  o To use SCP always => App fails if no SCP available.
+#      delegated: yes
+#
+#  o Don't use SCP server => App fails if no NRF available.
+#      delegated: no
 #
 #  <PFCP Server>
 #
 #  o PFCP Server(127.0.0.4:8805, ::1:8805)
+#  smf:
 #    pfcp:
 #      - addr: 127.0.0.4
 #      - addr: ::1
 #
 #  o PFCP-U Server(127.0.0.1:2152, [::1]:2152)
+#  smf:
 #    pfcp:
 #      name: localhost
 #
 #  o PFCP Option (Default)
 #    - so_bindtodevice : NULL
 #
+#  smf:
 #    pfcp:
 #      addr: 127.0.0.4
 #      option:
 #        so_bindtodevice: vrf-blue
 #
+#  o Provide custom PFCP address to be advertised to UPF in PFCP association
+#      request/respond
+#  smf:
+#    pfcp:
+#      - addr: 0.0.0.0
+#        advertise: open5gs-smf.svc.local
+#
 #  <GTP-C Server>
 #
 #  o GTP-C Server(127.0.0.4:2123, [fd69:f21d:873c:fa::3]:2123)
+#  smf:
 #    gtpc:
 #      addr:
 #        - 127.0.0.4
@ -148,6 +292,7 @@ logger:
 #
 #  o On SMF, Same configuration
 #    (127.0.0.4:2123, [fd69:f21d:873c:fa::3]:2123).
+#  smf:
 #    gtpc:
 #      - addr: 127.0.0.4
 #      - addr: fd69:f21d:873c:fa::3
@ -155,6 +300,7 @@ logger:
 #  o GTP-C Option (Default)
 #    - so_bindtodevice : NULL
 #
+#  smf:
 #    gtpc:
 #      addr: 127.0.0.4
 #      option:
@ -163,29 +309,42 @@ logger:
 #  <GTP-U Server>>
 #
 #  o GTP-U Server(127.0.0.4:2152, [::1]:2152)
+#  smf:
 #    gtpu:
 #      - addr: 127.0.0.4
 #      - addr: ::1
 #
 #  o GTP-U Server(127.0.0.1:2152, [::1]:2152)
+#  smf:
 #    gtpu:
 #      name: localhost
 #
 #  o GTP-U Option (Default)
 #    - so_bindtodevice : NULL
 #
+#  smf:
 #    gtpu:
 #      addr: 127.0.0.4
 #      option:
 #        so_bindtodevice: vrf-blue
 #
+#  <Metrics Server>
+#
+#  o Metrics Server(http://<any address>:9090)
+#  smf:
+#    metrics:
+#      - addr: 0.0.0.0
+#        port: 9090
+#
 #  <Subnet for UE Pool>
 #
 #  o IPv4 Pool
+#  smf:
 #    subnet:
 #      addr: 10.45.0.1/16
 #
 #  o IPv4/IPv6 Pool
+#  smf:
 #    subnet:
 #      - addr: 10.45.0.1/16
 #      - addr: 2001:db8:cafe::1/48
@ -194,6 +353,7 @@ logger:
 #  o Specific DNN/APN(e.g 'ims') uses 10.46.0.1/16, 2001:db8:babe::1/48
 #    ; If the UE has unknown DNN/APN(not internet/ims), SMF/UPF will crash.
 #
+#  smf:
 #    subnet:
 #      - addr: 10.45.0.1/16
 #        dnn: internet
@ -207,6 +367,7 @@ logger:
 #  o Specific DNN/APN with the FALLBACK SUBNET(10.47.0.1/16)
 #    ; Note that put the FALLBACK SUBNET last to avoid SMF/UPF crash.
 #
+#  smf:
 #    subnet:
 #      - addr: 10.45.0.1/16
 #        dnn: internet
@ -215,22 +376,26 @@ logger:
 #      - addr: 10.50.0.1/16 ## FALLBACK SUBNET
 #
 #  o Pool Range Sample
+#  smf:
 #    subnet:
 #      - addr: 10.45.0.1/24
 #        range: 10.45.0.100-10.45.0.200
 #
+#  smf:
 #    subnet:
 #      - addr: 10.45.0.1/24
 #        range:
 #          - 10.45.0.5-10.45.0.50
 #          - 10.45.0.100-
 #
+#  smf:
 #    subnet:
 #      - addr: 10.45.0.1/24
 #        range:
 #          - -10.45.0.200
 #          - 10.45.0.210-10.45.0.220
 #
+#  smf:
 #    subnet:
 #      - addr: 10.45.0.1/16
 #        range:
@ -245,6 +410,7 @@ logger:
 #
 #  o Primary/Secondary can be configured. Others are ignored.
 #
+#  smf:
 #    dns:
 #      - 8.8.8.8
 #      - 8.8.4.4
@ -263,6 +429,7 @@ logger:
 #
 #  o Proxy Call Session Control Function
 #
+#  smf:
 #    p-cscf:
 #      - 127.0.0.1
 #      - ::1
@ -276,6 +443,7 @@ logger:
 #            reject subscribers if no OCS available among Diameter peers
 #    o no:   Don't use Gy interface if there is an OCS available
 #
+#  smf:
 #    ctf:
 #      enabled: auto|yes|no
 #
@ -288,6 +456,7 @@ logger:
 #  Note that if there is no SmfInfo, any AMF can select this SMF.
 #
 #  o S-NSSAI[SST:1] and DNN[internet] - At least 1 DNN is required in S-NSSAI
+#  smf:
 #    info:
 #      - s_nssai:
 #          - sst: 1
@ -295,6 +464,7 @@ logger:
 #              - internet
 #
 #  o S-NSSAI[SST:1 SD:009000] and DNN[internet or ims]
+#  smf:
 #    info:
 #      - s_nssai:
 #          - sst: 1
@ -304,6 +474,7 @@ logger:
 #              - ims
 #
 #  o S-NSSAI[SST:1] and DNN[internet] and TAI[PLMN-ID:99970 TAC:1]
+#  smf:
 #    info:
 #      - s_nssai:
 #          - sst: 1
@ -320,6 +491,7 @@ logger:
 #   - S-NSSAI[SST:2 SD:000080] and DNN[internet or ims]
 #   - S-NSSAI[SST:4] and DNN[internet] and TAI[PLMN-ID:99970 TAC:10-20,30-40]
 #
+#  smf:
 #    info:
 #      - s_nssai:
 #          - sst: 1
@ -329,7 +501,7 @@ logger:
 #          - plmn_id:
 #              mcc: 999
 #              mnc: 70
-#            range:
+#            tac:
 #              - 1-9
 #      - s_nssai:
 #          - sst: 2
@ -345,11 +517,12 @@ logger:
 #          - plmn_id:
 #              mcc: 999
 #              mnc: 70
-#            range:
+#            tac:
 #              - 10-20
 #              - 30-40
 #
 #  o Complex Example
+#  smf:
 #    info:
 #      - s_nssai:
 #          - sst: 1
@ -389,13 +562,13 @@ logger:
 #          - plmn_id:
 #              mcc: 999
 #              mnc: 70
-#            range:
+#            tac:
 #              - 100-200
 #              - 300-400
 #          - plmn_id:
 #              mcc: 999
 #              mnc: 70
-#            range:
+#            tac:
 #              - 500-600
 #              - 700-800
 #              - 900-1000
@ -409,7 +582,21 @@ logger:
 #              mnc: 70
 #            tac: 99
 #
-
+#  <Security Indication - 5G Core only>
+#
+#   According to 3GPP TS38.413 Section 9.3.1.27,
+#   Security Indication IE may be instructed to 5G gNB.
+#
+#   If you set the security_indication in smf.yaml,
+#   this information is delivered using PDU Session Resource Request Transfer IE
+#
+#  smf:
+#    security_indication:
+#      integrity_protection_indication: required|preferred|not-needed
+#      confidentiality_protection_indication: required|preferred|not-needed
+#      maximum_integrity_protected_data_rate_uplink: bitrate64kbs|maximum-UE-rate
+#      maximum_integrity_protected_data_rate_downlink: bitrate64kbs|maximum-UE-rate
+#
 smf:
    sbi:
      - addr: 127.0.0.4
@ -423,6 +610,9 @@ smf:
    gtpu:
      - addr: 127.0.0.4
      - addr: ::1
+    metrics:
+      - addr: 127.0.0.4
+        port: 9090
    subnet:
      - addr: 10.45.0.1/16
      - addr: 2001:db8:cafe::1/48
@ -437,21 +627,107 @@ smf:
    freeDiameter: @sysconfdir@/freeDiameter/smf.conf

 #
-# nrf:
+#  <SBI Client>>
+#
+#  o SBI Client(http://127.0.1.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      port: 7777
+#
+#  o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - addr: 127.0.1.10
+#      - addr: ::1
+#
+#  o SBI Client(https://scp.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - name: scp.open5gs.org
+#
+#  o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
+#    If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr:
+#        - 127.0.1.10
+#        - fd69:f21d:873c:fb::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#
+scp:
+    sbi:
+      - addr: 127.0.1.10
+        port: 7777
+
 #
 #  <SBI Client>>
 #
-#  o SBI Client(http://127.0.0.1:7777)
+#  o SBI Client(http://127.0.0.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
 #    sbi:
 #      addr: 127.0.0.10
 #      port: 7777
 #
-#  o SBI Client(https://127.0.0.10:443, http://nrf.open5gs.org:80)
+#  o SBI Client(https://127.0.0.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
 #    sbi:
 #      - addr: 127.0.0.10
-#        tls:
-#          key: nrf.key
-#          pem: nrf.pem
+#      - addr: ::1
+#
+#  o SBI Client(https://nrf.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
+#    sbi:
 #      - name: nrf.open5gs.org
 #
 #  o SBI Client(http://[fd69:f21d:873c:fa::1]:80)
@ -466,6 +742,10 @@ smf:
 #    - tcp_nodelay : true
 #    - so_linger.l_onoff : false
 #
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
 #    sbi:
 #      addr: 127.0.0.10
 #      option:
@ -474,34 +754,27 @@ smf:
 #          l_onoff: true
 #          l_linger: 10
 #
-nrf:
-    sbi:
-      - addr:
-          - 127.0.0.10
-          - ::1
-        port: 7777
+#nrf:
+#    sbi:
+#      - addr:
+#          - 127.0.0.10
+#          - ::1
+#        port: 7777

-#
-# upf:
 #
 #  <PFCP Client>>
 #
 #  o PFCP Client(127.0.0.7:8805)
-#
+#  upf:
 #    pfcp:
 #      addr: 127.0.0.7
 #
 #  <UPF Selection>
 #
-#  o Round-Robin
-#    (note that round robin can be disabled for a particular node
-#     by setting flag 'rr' to 0)
-#
 #  upf:
 #    pfcp:
 #      - addr: 127.0.0.7
 #      - addr: 127.0.0.12
-#        rr: 0
 #      - addr: 127.0.0.19
 #
 #  o UPF selection by eNodeB TAC
@ -537,56 +810,63 @@ upf:
    pfcp:
      - addr: 127.0.0.7

-#
-# parameter:
 #
 #  o Disable use of IPv4 addresses (only IPv6)
-#      no_ipv4: true
+#  parameter:
+#    no_ipv4: true
 #
 #  o Disable use of IPv6 addresses (only IPv4)
-#      no_ipv6: true
+#  parameter:
+#    no_ipv6: true
 #
 #  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
-#      prefer_ipv4: true
+#  parameter:
+#    prefer_ipv4: true
 #
 #  o Disable selection of UPF PFCP in Round-Robin manner
-#      no_pfcp_rr_select: true
+#  parameter:
+#    no_pfcp_rr_select: true
 #
 #  o Legacy support for pre-release LTE 11 devices
 #    - Omits adding local address in packet filters for compatibility
-#      no_ipv4v6_local_addr_in_packet_filter: true
+#  parameter:
+#    no_ipv4v6_local_addr_in_packet_filter: true
 #
 parameter:

-#
-# max:
 #
 # o Maximum Number of UE
-#    ue: 1024
+# max:
+#   ue: 1024
+#
 # o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
-#    peer: 64
+# max:
+#   peer: 64
+#
 # o Maximum Number of GTP peer nodes per SGWC/SMF
-#    gtp_peer: 64
+# max:
+#   gtp_peer: 64
 #
 max:

-#
-# time:
 #
 #  o NF Instance Heartbeat (Default : 0)
 #    NFs will not send heart-beat timer in NFProfile
 #    NRF will send heart-beat timer in NFProfile
+#    (Default values are used, so no configuration is required)
 #
 #  o NF Instance Heartbeat (20 seconds)
 #    NFs will send heart-beat timer (20 seconds) in NFProfile
 #    NRF can change heart-beat timer in NFProfile
-#
+#  time:
 #    nf_instance:
 #      heartbeat: 20
 #
 #  o Message Wait Duration (Default : 10,000 ms = 10 seconds)
+#    (Default values are used, so no configuration is required)
 #
 #  o Message Wait Duration (3000 ms)
+#  time:
 #    message:
 #        duration: 3000
 #
@ -594,22 +874,10 @@ max:
 #    Time to wait for SMF to send
 #    PFCP Session Modification Request(Remove Indirect Tunnel) to the UPF
 #    after sending Nsmf_PDUSession_UpdateSMContext Response(hoState:COMPLETED)
+#    (Default values are used, so no configuration is required)
 #
 #  o Handover Wait Duration (500ms)
+#  time:
 #    handover:
 #        duration: 500
 time:
-
-#
-# metrics:
-#
-#  <Metrics Server>
-#
-#  o Metrics Server(http://<any address>:9090)
-#    metrics:
-#      addr: 0.0.0.0
-#      port: 9090
-#
-metrics:
-    addr: 127.0.0.4
-    port: 9090
--- a/configs/open5gs/tls/amf.crt
+++ b/configs/open5gs/tls/amf.crt
@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAkOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjVaFw0zMjExMDgyMzM3MjVaMEoxCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGDAW
+BgNVBAMMD2FtZi5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAL5q1eXK8wzvyymrEpxLgdGg8ArHUiGk0BerkwIwOvkJRkqolQx1CVV+
+SZAsnLxrt1+DEb9PTEpqrAXXAWxGtjDCW8FARPFfhziq4B0NPHuTtXusvT+9xF0I
+EY/HFyO/3EYh5vRh5gGZdW5Ukgh4We4Zw/lw0d2BFA2/L5Xz4zOV1P3vSeATyNMq
+4mPWD5xUs0utUzOevmom/+vMO8HGecKv8dpdcM45Gget5pH9OwT0nEAOusW8vYZK
+kCVKNFAvfyCOVzVG82jS8XARrMGzFPfnrkadYrf/sV4OQ7hLc4ZdO83kXubOoCJm
+xrxp7Z8aaXjNEpGW2dZQqU9w57SP9sMCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNV
+HQ4EFgQU2olHBnRSjS69sZRJT5rFpHAQDhcwHwYDVR0jBBgwFoAUsWr6nJm8BCpC
+iGXXfr5gcKIO2kAwDQYJKoZIhvcNAQELBQADggEBAIEUFoQQ1yuR4apyUddE26Hm
+tnYmXWaTFtL3D98rSj+mwyUOOPD/r7JcsK36XUj8bbMZ4avxMJpYhQGV7x8LG1t1
+3mKlq9JAvLzIREe7zvR8BbOmPu8AVO2Z4uCGrSAa1BsxGgobZ5E2btPHR5RVWiQS
+yYhaIjBuUlPqpa20Pc5cKhZKa8bgfdVs/gsZVwa7T6Xr+hMiSlH0uGIUx85oW4sY
+MidmaMRM1dabSo6nTLcQA0k7h3iC4nZ1MpyMpzt98vZCzVZzWlcJ7AW+py9xKUlN
+48TKTdqHSwt5R9cLnrR7fSVzoPrS9H7KHcemP3poSN/E0PlD+Wou8AFBGBgle8o=
+-----END CERTIFICATE-----
--- a/configs/open5gs/tls/amf.csr
+++ b/configs/open5gs/tls/amf.csr
@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICjzCCAXcCAQAwSjEYMBYGA1UEAwwPYW1mLmxvY2FsZG9tYWluMQswCQYDVQQG
+EwJLTzEOMAwGA1UECAwFU2VvdWwxETAPBgNVBAoMCE5lb1BsYW5lMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvmrV5crzDO/LKasSnEuB0aDwCsdSIaTQ
+F6uTAjA6+QlGSqiVDHUJVX5JkCycvGu3X4MRv09MSmqsBdcBbEa2MMJbwUBE8V+H
+OKrgHQ08e5O1e6y9P73EXQgRj8cXI7/cRiHm9GHmAZl1blSSCHhZ7hnD+XDR3YEU
+Db8vlfPjM5XU/e9J4BPI0yriY9YPnFSzS61TM56+aib/68w7wcZ5wq/x2l1wzjka
+B63mkf07BPScQA66xby9hkqQJUo0UC9/II5XNUbzaNLxcBGswbMU9+euRp1it/+x
+Xg5DuEtzhl07zeRe5s6gImbGvGntnxppeM0SkZbZ1lCpT3DntI/2wwIDAQABoAAw
+DQYJKoZIhvcNAQELBQADggEBAGaPpZwtBx66RzpY4jkjHuIjxD4SQop5XbzfNr+l
+HupHV/maWqEwlExTiRqQLUYJ01f4d6y/X8ABU4dyXbaqzWBEBtNg8uIifXLyGcfw
+yzn9zzuE6Vlj2366ssJEP+YFYetrzGYkj4SrXQG7k9ZIM7cTTzD/ZjOAX4VI61LZ
+VXpEOUsjdP9BcxwI6U17NkFePLfLKByp0uTwECFonIyxzlJLSTbk9xtzPtxA7pax
+F/ZrQBEsTdzFQoZca1ZH3UTnmjpcbYJwOpzzlSfrMJs9sv42MZlBuSGzn8xq88xy
+KylL9BUn7ZCOhawIz4FEi335e9aq8xcZXnx40OBMOTFE+xo=
+-----END CERTIFICATE REQUEST-----
--- a/configs/open5gs/tls/amf.key
+++ b/configs/open5gs/tls/amf.key
@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC+atXlyvMM78sp
+qxKcS4HRoPAKx1IhpNAXq5MCMDr5CUZKqJUMdQlVfkmQLJy8a7dfgxG/T0xKaqwF
+1wFsRrYwwlvBQETxX4c4quAdDTx7k7V7rL0/vcRdCBGPxxcjv9xGIeb0YeYBmXVu
+VJIIeFnuGcP5cNHdgRQNvy+V8+MzldT970ngE8jTKuJj1g+cVLNLrVMznr5qJv/r
+zDvBxnnCr/HaXXDOORoHreaR/TsE9JxADrrFvL2GSpAlSjRQL38gjlc1RvNo0vFw
+EazBsxT3565GnWK3/7FeDkO4S3OGXTvN5F7mzqAiZsa8ae2fGml4zRKRltnWUKlP
+cOe0j/bDAgMBAAECggEAU0sRaLTXj4ufH4l9GRAwZ73R8q0QwLXC7u+23Siyyzfi
+3wqSNEJHxHV7AU16fDNUIbwIOdqaoRy7Rcywiyf9TyPdlhGidsEWOdQJN7wP/nB0
+3PYJTIYajKVYZT+t4A3vcWAoEjN2tLFnfE0TGhBnKi9sGcNfkdiCKKc+TgZCls/M
+ltrp3+QVH9UO6AMj74mNjNSN6EQOcsO8BUqNnzTsJ5mkTLfLyfoerWXtZlppXZM
+/0gyYshP+SN4d3Iuj1NUlM3LLTAx/hg08u3ioBURcRBF0wSIkywpgC9SdqAWKWsX
+V6BEIbNwRQk+0V782HTWaZ8H9aCRg6MOk5KO137r1QKBgQDkF5lApIoDAkVb0tFI
+wyRNnoNtv0HitbXGLGKS3KGyPPqCLgdnngeEgEqB8ejqjkMzdOmn0eaSmg/yml5O
+Vkkw1nSmYholzEbEzl7A34f3AOLMx5hegTjiJe3MrBjZN2qoyDJH8xikl+XFyV5J
+sNZe6uRyFozIRrzEPMxgW+R3hQKBgQDVtys66kqUz+5EGwY/n6kIV3ip8zp08KQj
+Q+a/h/2EZWvulKLv+Wcr8bwSqOs/ZSaKKgK6VOUK76CYQcHDIHuJEd6TEOC32wLM
+uhsjX+aVcTuWPHmGZdJxk5JCI1W0NIxdLVJKg5J1nAmsfRmhtk3yG+C+1i7PSQRT
+Y1m/92SzpwKBgQCpM3hUI7rdkImzHCh0OY5spfIJL5/IddNqNvLIzzKD7ghHGa4U
+h348JI8g5jtKBE6FlWzfOS46Al9iMHFU211gBTZzVsLe1zKIPC6+FRPff6C/GDFH
+qcRwvoIxGlk0iY9ttVTXWtYlAylIF6ECOVRNBSKCH4g/6XmOeSuDL6fDoQKBgQCk
+UWouqTdgxaKnwLOENakMXdzLptR6Vw+Mgcen2dJlemmLDcNdiT/3PKzjF/eQTaBd
+OMHSLDXSu72Zc22cLpxtHk0ofCCbnAvCBxGYmEK9AkvTTnoNiLpOUy1wJqTdok2N
+0qvj2NfCD5AsjB8qA/ZYQXECqcFh5P0rdEbsXzWRHwKBgQCM/GGUXWI0LrkcQpDY
+dpO1C161b+zNJHWwM+7cL2kM9azVwW3CNq1YV7c+GRuJG8YyToIYJJfIIUSiAFH0
+97J/JoQ2a/1baMXNaZf06WATtjsFywtG+O8FwZs9rAQ7oDeSe7l5jP5Mw/WjY/Kq
+BKoi+9Nz8JldcTIi1rj/YyuHag==
+-----END PRIVATE KEY-----
--- a/configs/open5gs/tls/ausf.crt
+++ b/configs/open5gs/tls/ausf.crt
@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDXDCCAkSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjVaFw0zMjExMDgyMzM3MjVaMEsxCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGTAX
+BgNVBAMMEGF1c2YubG9jYWxkb21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC4kKPcYH2eCayT80Ye9dBf6JmJGwfpkkHlwSlMNW8hh/aCEhDF8pj6
+8xU1Wqqptxs6hHHyLMdtqw9AlnOZlOZdTh8zwA5ExR+vf0IPK/bCDkRtUwBlyOUy
+LsEOoqMbdTEhGmriykQS0t7O63vsPeiX6oF31AgaNfI5glxZpjUI61rKcHTxCYAX
+XALSnIw13fnaQxz2ucmnioTToM28X0GA4ByGs8zgPkAf8F+tDYr+vfiYPZ0ELmLY
+AXJCdK4e/VzY1DsfkqnWCCbVZYg/sCjxFIa77PEQ8rUJ0VBdKE0n+O6hqR/7lL6g
+Idrk9Vh0LWueQI+cNy/IcVQbBOJaPVZXAgMBAAGjTTBLMAkGA1UdEwQCMAAwHQYD
+VR0OBBYEFBxp6AfQv4qeBrN5tM2WjNjC23pkMB8GA1UdIwQYMBaAFLFq+pyZvAQq
+Qohl136+YHCiDtpAMA0GCSqGSIb3DQEBCwUAA4IBAQBBnrBNSkmzMM5TTBrzCmgo
+GktZJy5iM5394OSNKwYdIAxFUotIP7PKwE4GGA9fMauYw+Q5AictubsZEW6Pc4SK
+wtvgDUkCmtOitdMxRGYa7lmVpLxsyCvyMVTH5eKvSWQeMBomOP6WR4Huzj+RGcTc
+dU3BbNByNMnGGoXO0WYoW6nal/cEIaogYtH2JM7v3otDztGN5ixmvkNxmd9ewLEu
+jYkcpqY6WPpK7TM55fBr4f7N5Tin7GM8lE/SQfnJzREsCDPrkLoEuB6DXG7dgjvA
+ZdrM3eD77xamzT3nA0/5Up2bDoQLtYMph0muVfDrOKL+pzrtSrR6CnkPVgX2aWrF
+-----END CERTIFICATE-----
--- a/configs/open5gs/tls/ausf.csr
+++ b/configs/open5gs/tls/ausf.csr
@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICkDCCAXgCAQAwSzEZMBcGA1UEAwwQYXVzZi5sb2NhbGRvbWFpbjELMAkGA1UE
+BhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQKDAhOZW9QbGFuZTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALiQo9xgfZ4JrJPzRh710F/omYkbB+mS
+QeXBKUw1byGH9oISEMXymPrzFTVaqqm3GzqEcfIsx22rD0CWc5mU5l1OHzPADkTF
+H69/Qg8r9sIORG1TAGXI5TIuwQ6ioxt1MSEaauLKRBLS3s7re+w96JfqgXfUCBo1
+8jmCXFmmNQjrWspwdPEJgBdcAtKcjDXd+dpDHPa5yaeKhNOgzbxfQYDgHIazzOA+
+QB/wX60Niv69+Jg9nQQuYtgBckJ0rh79XNjUOx+SqdYIJtVliD+wKPEUhrvs8RDy
+tQnRUF0oTSf47qGpH/uUvqAh2uT1WHQta55Aj5w3L8hxVBsE4lo9VlcCAwEAAaAA
+MA0GCSqGSIb3DQEBCwUAA4IBAQBUpX2wR4LNsuhCeFLjjiJKClOdkqKel/U2gCr5
+pW7JisU1pnSBW1ZnI0usssGQeejJUvS+24fTb4aQp68DJ4E70s4N6M+oMyUlCIhH
+5ELkG/rlXtir4/l7WP/vF5M1F0bPKLCA51nRfV9tvBR1nAVFfr5ZBGWo8vZBKz9v
+v43beNjJxmCkurN7j78WP0TYEs7ehGCXh0mDtW6SurKpnWswsjInKtyUR470XHwt
+cVJy0HelsBsqpf6I9SlY2J7SakGPDtqARkIisKA6vO4sZdKP0aYapY3nCB5rLvNH
+mC28DCX1R0gqBoHTML0lNUiGEsDe4R4O70dHvWHdZr+zPow6
+-----END CERTIFICATE REQUEST-----
--- a/configs/open5gs/tls/ausf.key
+++ b/configs/open5gs/tls/ausf.key
@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC4kKPcYH2eCayT
+80Ye9dBf6JmJGwfpkkHlwSlMNW8hh/aCEhDF8pj68xU1Wqqptxs6hHHyLMdtqw9A
+lnOZlOZdTh8zwA5ExR+vf0IPK/bCDkRtUwBlyOUyLsEOoqMbdTEhGmriykQS0t7O
+63vsPeiX6oF31AgaNfI5glxZpjUI61rKcHTxCYAXXALSnIw13fnaQxz2ucmnioTT
+oM28X0GA4ByGs8zgPkAf8F+tDYr+vfiYPZ0ELmLYAXJCdK4e/VzY1DsfkqnWCCbV
+ZYg/sCjxFIa77PEQ8rUJ0VBdKE0n+O6hqR/7lL6gIdrk9Vh0LWueQI+cNy/IcVQb
+BOJaPVZXAgMBAAECggEAIqhShNb/r7YMWKn1kGnDa8cfUa4oQbWLt0ua6Cseh7Li
+2NDwomMoU/Nil6bDZmQycj4dsYa0GkVlc1DtOzlJOtspI8wcQdCsXwWsD3JHf3Az
+bD4KVJKxa0d5TDjBHS5X/+nYiWbG+qvrV/rDRfzoGOLZ1fkUXmuj5SW0FseNrPNH
+VaRrC+YdnFfOs1m+U7PZQmxSrp3C9FxQWCg1xTXT4vnOeoqsJLDQX6njCI6AONPD
+9vfeGLMD3D45Bk06xfv1zFz7oNgdu0TbOISiDKewUJX1MIpZbaDvx0LO7dBeJBWI
+x7yZymTy6B7cspyO9WuC7B3uvSZb4Dj0kmityXze0QKBgQDk/6QY2FMZbOpC0xuw
+8T67sxiF9omr23lxWZD+2PMe4IgcD3mijr50bg+pnoZ/R1cPs9IRT27gtuKdpQlS
+FOrV9kmJqXGGMO8R2edafzGRim3M+oKVOC8KuI0z/euGTKtKpozMKaoUF68nrMx4
+/7ybauLVYOuWDEqI+Fu6/yY+MQKBgQDOU8OOe5oW3BcNY3/yq+PWlaI9qEehsJTn
+kyMvzn5YbKg5yfF6rexm04pY9WCOZfOzvP5NdwwG/InR86YaVOxuuiDE/4WMip18
+rDLabGhlcxsja137c14h8hr936xcF2A4Nd5Q6GYOtCMYNAvCTSAgI98jyiwDGxsY
+vXl7WdQTBwKBgQCgZa8698q89FzhkZzDwzZ9omR68MRda80UZ/f3iV5BMmQjw3Mf
+OXyNcMnntPHgFMgWZ42sMkcnfvIcGYz9wUj7tRatJdIue/f4OPijmpPNrXhbKtxs
+SH4qtDmzQRfHacxQ7XeRSV2n1S8KSy6tUfN5qNRZQRnCb7mFVvBpem3/AQKBgEIs
+VUzuUXZBcldF8TRIctNQvG8f+JFgC/HVm/RqOtVrS+z02rDo9SfpcrajRCuHgUjF
+NZ5srvvSpPUkOsK5N/cvVPE5roBruKTSqaCqIjVfXHXYqpTJ5IfomUWRJjuG98Iv
+bLTwREM0/Qh3MMpJaCNGvftBjSoV2HPv2PV50u2jAoGBALbTtPaHLmSjTE6L675y
+Qb440nmgkI+5jl/KX21Gjnes5OqqVmmFzz/1fj1/ZwGpbzp10jdBG2zKChATMsjl
+xqPq6G0Gu5RKUeRbT64at3e1+aukU1W4L05GAS8FQru4qixKVK5be/24bmTLTpJ8
+tm0reJD9N9KJQouyqctAnf1O
+-----END PRIVATE KEY-----
--- a/configs/open5gs/tls/bsf.crt
+++ b/configs/open5gs/tls/bsf.crt
@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAkOgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjZaFw0zMjExMDgyMzM3MjZaMEoxCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGDAW
+BgNVBAMMD2JzZi5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAKOY6GHHkFrexUafHFilmA+vsnx7tfbFS7Mkk41QmSXR2+xjG1MenpOQ
+kOJdDq5tFm8SsBIqaNmyTM1Tx2j6vT01KnludLJait4Q1F8o5npF5YFwMegVf06o
+ZcDrsFpdyIi1EjoFt1bhM02j1GkRVzfIycPi3xrJ1croWWtIj0J/CN4TkoAYaqUW
+8B2pccwVbb4jvUyGU61xIARkm/pHIYrCEjiuWP99imbROSUMBX9ne/krtgsJYylZ
+XPvZiZkrAXCFHx2KKrm9zOaXeYHSCEiHJQRAaSJICJA2COz3zzN8XpIJVP8paiXF
+B5oFoUwex/VdZ/a0m8jm05++jcHXVIECAwEAAaNNMEswCQYDVR0TBAIwADAdBgNV
+HQ4EFgQUgkNWEi5vGgi/rNh4n4WI3VkWdxQwHwYDVR0jBBgwFoAUsWr6nJm8BCpC
+iGXXfr5gcKIO2kAwDQYJKoZIhvcNAQELBQADggEBAE4+FPquzZPJfAg3namKryWe
+zJjibTvvZenRDoYhkJ9HWhi4tPvLAUqCHLe8sUfxcf5k17T+u7pYfK/+1IpGomWh
+Y6OxrxnNK4bnhxTFEch9j90x+cLyAAKVzDAotAgI/OoBQgqiSo0I3pe6MBVPZVIH
+Ga5aghA1u9QsLOr7XcuHLAXzMpYPq+6vjHTy1cSi3csQcVNLo67pB3l+b9o1lVGz
+6Y8V1L5n19OQ+gbCOSQrGXPAivWWJIDvKW6mtinFLNZ2f1/WDvkh9L/nSFNUsNOj
+uWqheRX7FegwvwpjhFfe7TdLQg4OZ5Q82JRFiVmcwx3cDRHPe8BlIdkkTmJvilo=
+-----END CERTIFICATE-----
--- a/configs/open5gs/tls/bsf.csr
+++ b/configs/open5gs/tls/bsf.csr
@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICjzCCAXcCAQAwSjEYMBYGA1UEAwwPYnNmLmxvY2FsZG9tYWluMQswCQYDVQQG
+EwJLTzEOMAwGA1UECAwFU2VvdWwxETAPBgNVBAoMCE5lb1BsYW5lMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo5joYceQWt7FRp8cWKWYD6+yfHu19sVL
+sySTjVCZJdHb7GMbUx6ek5CQ4l0Orm0WbxKwEipo2bJMzVPHaPq9PTUqeW50slqK
+3hDUXyjmekXlgXAx6BV/TqhlwOuwWl3IiLUSOgW3VuEzTaPUaRFXN8jJw+LfGsnV
+yuhZa0iPQn8I3hOSgBhqpRbwHalxzBVtviO9TIZTrXEgBGSb+kchisISOK5Y/32K
+ZtE5JQwFf2d7+Su2CwljKVlc+9mJmSsBcIUfHYoqub3M5pd5gdIISIclBEBpIkgI
+kDYI7PfPM3xekglU/ylqJcUHmgWhTB7H9V1n9rSbyObTn76NwddUgQIDAQABoAAw
+DQYJKoZIhvcNAQELBQADggEBAGh+iW6t1TL6ylPvzJpICuoSitSF2FsxbfNBpu+o
+rZpVlwUsJNRzofxoU7HGEJ8gIAs3MmkkMacaAnZ+o2sHuxtyVnHlXWBfFdRmJIW8
+WikaJTDV2s3lSgntvQJk9PiRtRJfUAO+z78WQisLah/lxKjDEUQs1PTKPbtQTj2O
+S4ys26g0OsBwRV11qB93EEQFjz9eExYk18CKgmzntTU5yOJJ3PFj8rjvyyybNtdY
+WulE9Ht0rcBZcsDfYw2DvOaz50MtUviTjAZxFHLuyE8igbjy3H5BORFOp5Vm2ybH
+/YUwcmvXBiszycaG0JRL+vOIEXAc1lsgmfg3er1QK5N2u7o=
+-----END CERTIFICATE REQUEST-----
--- a/configs/open5gs/tls/bsf.key
+++ b/configs/open5gs/tls/bsf.key
@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCjmOhhx5Ba3sVG
+nxxYpZgPr7J8e7X2xUuzJJONUJkl0dvsYxtTHp6TkJDiXQ6ubRZvErASKmjZskzN
+U8do+r09NSp5bnSyWoreENRfKOZ6ReWBcDHoFX9OqGXA67BaXciItRI6BbdW4TNN
+o9RpEVc3yMnD4t8aydXK6FlrSI9CfwjeE5KAGGqlFvAdqXHMFW2+I71MhlOtcSAE
+ZJv6RyGKwhI4rlj/fYpm0TklDAV/Z3v5K7YLCWMpWVz72YmZKwFwhR8diiq5vczm
+l3mB0ghIhyUEQGkiSAiQNgjs988zfF6SCVT/KWolxQeaBaFMHsf1XWf2tJvI5tOf
+vo3B11SBAgMBAAECggEAAlCr87PItz99LlPauWatA2ZQrd4sj9ugh85IBAVAqJJK
+5OJNaQCHPRZ79WccmcNvkIZ0vUoSOifxuitiCFpZhpnnsiiZ8ErzmYNGlRrpoY/3
+CK0VOLgCqWLcz0VKlWnLuGMLGSz66GjnEmWD0FGTcNW3pLzzfDAgZVbiyo/QHrBS
+mhayw3ceTgggFDeqBXEpG3w1CeWIdOLafdQ7fCUkv34Qww9/kJ7gERbX4eoAHZMO
+fwkkOZ6xsKxH4tKOEAo4hkTnTo95P9n5UpvDGG/8fKV4vkto9KMWnCUSMUZz/t0Y
+G/Jv5aHOQJkfnzS1QtfgfZiHGbto5R5oOGZsy0NdkQKBgQDbJgQwVErskpYGNJwc
+tOcz3gooTEkE9tTsX6mT5cCtY2A59k/y6rXSv8X1es2CCkDFLqGHuOW/TBG6ZE9d
+8JrQVqQbjLe3kcdRdHlwdfzaj9HfQa/ZBZ2gGzhzqrB9Cry7v14F8vQ1M4qWtEXn
+XhWFbR3YP8qjFs3eKLS7DC3x0QKBgQC/G4DJPXvivz+M6iQOYWZH6aO+00Lrm0iv
+UsHPphP3LbIz3cDSAqXRTG18oOikmFCQkfNCRzB55JFwf6Udd/A3CdrIQ4rsqEWn
+kgtY2ZKkU2ZFtCs5wOiD9gk9CnsAb6D8rSaiKkp1X7VMssyoMrHkBFXvQKHtXuCk
+OkEqR56zsQKBgQC43sst0g4aoFY7CeqgNOPN14QOFryKmYdpmBHAGFOAcZLdkrJD
+JEkabnka6uuuxeN59CqECjCWPh++c5yYjL6s/koWi5D4JNxWFMHVY1NZNXZAtnMX
+yyr7w7rNqLKV6ZbpczhoIFpu/vnsxEssMSxKkJBauwXAqx4kSYadPFsN4QKBgQCT
+2SVDi0ui2q7ByArpDTViAUFrSmoFePc8nFvQ1/2uRy4MrkyUrPO3/tbdimcxn50E
+m8WEyyqXwts6G6aUK8wt6HPYZ1i9SlnJEFWzAXBPrS38Uyz122aHYPs4vDj412PG
+1/aBkxJTyB2tHs7yeXXin/ATzv73c2V76I2ttgbzoQKBgF3J7l1yUQ+4yxMUF9PI
+Ta1S87ShIM6B6XgzmdGYyn27lB9jAvmnwNe4pLd5GXZsvIZi8FuQQ9WNPEl78Nj1
+8kSBwSi/MZS1/fiLyP+IaGuaKrfYbEzIlT2rXSgO9IG1gdfO/MouuL4+brynXeDS
+BUuR/ojPd0aSsdGhNFvcwUYA
+-----END PRIVATE KEY-----
--- a/configs/open5gs/tls/ca.crt
+++ b/configs/open5gs/tls/ca.crt
@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDczCCAlugAwIBAgIUWqr1d8XhDsM5Gk5y7G9u6KeTF1wwDQYJKoZIhvcNAQEL
+BQAwSTEXMBUGA1UEAwwOY2EubG9jYWxkb21haW4xCzAJBgNVBAYTAktPMQ4wDAYD
+VQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUwHhcNMjIxMTExMjMzNzI1WhcN
+MzIxMTA4MjMzNzI1WjBJMRcwFQYDVQQDDA5jYS5sb2NhbGRvbWFpbjELMAkGA1UE
+BhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQKDAhOZW9QbGFuZTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAOfs1L9v9DIXY21LuT8+Gvkmie4Zc1fN
+OXP+rZAwZYiQpu9Awtk/L2YgAnJ9zXCNrL8DoGJGWGp9KyN3LJeFu6XUbyXgYDWu
+Beg6LN6OUPv30zdjm6iIwEmBtiBgL5HYJZunP3b/OdABIJu9foeWdKVuT+jFNlHK
+f6Arod4sVGp2kc6owkGgYE920m04a4UsYuDGhpGvIAv/r5/SBNdKuysF6gE5YHHv
+4Hk8RnrxrRwQIGasMAlguwhNfbNqupQ1cxcOtMTBZ8KMv+dji+2f5PI0tmmbSeJO
+nENk+A/i0JiuBH6szjZ3ylAuMiMZ42FqFLb9k3FHV/YosxZlzTyFldECAwEAAaNT
+MFEwHQYDVR0OBBYEFLFq+pyZvAQqQohl136+YHCiDtpAMB8GA1UdIwQYMBaAFLFq
+pyZvAQqQohl136+YHCiDtpAMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL
+BQADggEBAK01l12RIId/hjjaQy0pEbB8LU0DV9KYw3ibkFTrVnxXdAtOEvsAAGOX
+s5hwltZChJJyIVEh5uwAHUMrOs3MazAMhD/FiWBeqeHjh60BTR66tof2Gll1uPRR
+D7HHg8E2q01OQmZ1zhj25gd5FP7OSAgXh71TfB6CpRC/gPtYv4vrfe7ca7ZCXKM8
+h3sQxwAMajjHzIKn4ZbqzUfP+ALpOGokbCo+a83PlZgTrG0wHH5MheGQmGKUQaMP
+THXAPNaAaoKXbA8rup/fzdinBG0aj5op8bNS+iZUKOLws6M2Zrns2UQ+PxkhlSoa
+soOVoABREvi8iSj0hkEFrVdp8loESs0=
+-----END CERTIFICATE-----
--- a/configs/open5gs/tls/ca.key
+++ b/configs/open5gs/tls/ca.key
@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDn7NS/b/QyF2Nt
+S7k/Phr5JonuGXNXzTlz/q2QMGWIkKbvQMLZPy9mIAJyfc1wjay/A6BiRlhqfSsj
+dyyXhbul1G8l4GA1rgXoOizejlD799M3Y5uoiMBJgbYgYC+R2CWbpz92/znQASCb
+vX6HlnSlbk/oxTZRyn+gK6HeLFRqdpHOqMJBoGBPdtJtOGuFLGLgxoaRryAL/6+f
+0gTXSrsrBeoBOWBx7+B5PEZ68a0cECBmrDAJYLsITX2zarqUNXMXDrTEwWfCjL/n
+Y4vtn+TyNLZpm0niTpxDZPgP4tCYrgR+rM42d8pQLjIjGeNhahS2/ZNxR1f2KLMW
+Zc08hZXRAgMBAAECggEACK8vkDOK+00w5ejN+PZEYEv3IjlFvmXq3tMMgLevNZvl
+BFRyd1wMVFCihtL7HFnRvB1Qph1oNiSVtvBBdTMGwcDgoJR0Rc5MXlO/Vl4R3j17
+ZTmPnJHyUU5QGYpAfb+QOPHcSIJqEcXZCLvhvwX9PCyTRW4NCKcCfGbl2sHiL1JL
+BQ4++zPfjqoK7sJ+WC6bcEYQLpRHZSIZm+kzlBNUyWdtY9WzT8mTdfpzS4X8sZIH
+DrmUFufMkgyciN7qt/jBhps/4/S4yjrbRcOsltcg/1Oba7ayC+vGyzGeGPGA1ddS
+bprG7+nUGRvo/bTC5YxVpIXSlOXizpwpzufpyV+GQKBgQDrVVROaG4dcUKdg35y
+dLjhRcAAgR2gRJYxG2tYRGsDhBWAvVqJ5MwY919j4kdwQ6UBTnWgCFsByiv6OX6P
+kK5Em8ImLEOPHn0nIYNFst5S9GfeEPaCo2jtH1k8KJYbIsUWg8toONv54Ee1VxXV
+r6kS9H66zOC0GlayNazQV85JvwKBgQD8SuFHrKrGdo1Wa49LnWRQsTF0rkBXXUR8
+2NC3SiwyrCH8A+nGv4msbkKRcEOQjkbAthYjdhSXdYFtNLYsYa3VCsMDGV3YwA4w
+LhjHUsdt2W8Wl26Oo+WcDa22NjTyc5kk827EsgB52N8ug/ylVP01AVr5kEeQ/t+T
+yzQzeftkbwKBgAccINvtk8YX8edIXb2fgSZtMQvS2s5IxDDfnzKffowwpWWqUt3v
+p6rpblxaLcZahNWxRSR8nCNFtGZu7j/wIxO3kPoORExCo41XGdw1NzpSYAD5ijkQ
+Ls9bLxr+LurK9iFkAfU4Io0+FWyJIQO/tt/3uwxxvCg004G21W3F+VmJAoGBAPJZ
+U7IwERP3yakcRVgTZsuEisdUo4XImAN9mnCXFYHPjA20DJrYXv1+JP/kYWK46Qox
+X27M/NbJD3zBx8U2R2+AmPefJGETjA2IGlFOGThSR73h1Ve75NJU6WtBAvdrR88Q
+8HSNsJtbUngyXTzMOTbziFp21+hWjJpB9nEEWhKNAoGAVLy+5NBYg3XUSZRDhjgG
+D4LyKf7PjaleMceeZHlhOfG03pjnqZ6vEH6g86fUj4CT4m9JNJPtmhTu8vb96h9X
+EVuEkfctkYy8KPmmqqiasZb8viMA3yz4o0gY2Vh/ZgEuFTjLVANmrP4FnPPQSLPX
+OoF11bTHRPDa1vAN0sBCVoY=
+-----END PRIVATE KEY-----
--- a/configs/open5gs/tls/hss.crt
+++ b/configs/open5gs/tls/hss.crt
@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAkOgAwIBAgIBBDANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjZaFw0zMjExMDgyMzM3MjZaMEoxCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGDAW
+BgNVBAMMD2hzcy5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBALljW/sKEWWc9NmMz8NpkskbjXtlhkduRWDapIKLTdUUjl+xP2Rbve0l
+ag7Gxw/bX3IkSKQcHwiT1+QMD+CgCcMMd9txI4nVkCP/7+YQVGfEe+2iclp1CrM8
+P7a2oaG3LzzS8Xz+iTWFW+eLE20B4QHygCyQwN14IPGYLkzQvGAe8MfiBfOCIJnm
+t4NKGyXGs31Tvbl5+Wzpm6hIXvlqPUEgjHXNtC6u6FQdCPPxcWwt2O8zT9aB5B4G
+n/914qWlzurUTlnhYg8HV9L+iyidD66v8JMiKQ9xuPNWMKdoxaw034qH3Dg9in9j
+Jqdk3AJdvuqjdmQvPBoOFBQKDcYW06kCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNV
+HQ4EFgQU5GTunEyNMXr1ZZTh79w1hSC6wDYwHwYDVR0jBBgwFoAUsWr6nJm8BCpC
+iGXXfr5gcKIO2kAwDQYJKoZIhvcNAQELBQADggEBADYTkXOb9Kx31MN3LSLCz+ky
+KEi3Pio+eI65vTByclmfu/ej2AmGMmHylJQ2RpHzbWOe2MPmpFyI/yfqR7ZoIcfs
+soEnYk3vi4Ul7ooYqWTIvAl24/g5ujb9vZ2+7ZtiyFsTNG3kB/zdtS6X6CUk+e3H
+GbYTHjxvN+VmFJmCJjQpSMTQC9JGuqof3z+R7OODyJG24aw2g7rVtSDW3J0rvDgc
+1RylH/D2KJMBGjo/JlXB6y6wCTu9iLQ5prqk7YunFlpLxjsEdqrQ+yukLhwRH93x
+C0GQA6rMQEhC3paBukP2ePAJoGCqanipp/oJ6OJLnKqVDha69IXPSJLEhqAqtX4=
+-----END CERTIFICATE-----
--- a/configs/open5gs/tls/hss.csr
+++ b/configs/open5gs/tls/hss.csr
@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICjzCCAXcCAQAwSjEYMBYGA1UEAwwPaHNzLmxvY2FsZG9tYWluMQswCQYDVQQG
+EwJLTzEOMAwGA1UECAwFU2VvdWwxETAPBgNVBAoMCE5lb1BsYW5lMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuWNb+woRZZz02YzPw2mSyRuNe2WGR25F
+YNqkgotN1RSOX7E/ZFu97SVqDsbHD9tfciRIpBwfCJPX5AwP4KAJwwx323EjidWQ
+I//v5hBUZ8R77aJyWnUKszw/trahobcvPNLxfP6JNYVb54sTbQHhAfKALJDA3Xgg
+8ZguTNC8YB7wx+IF84Igmea3g0obJcazfVO9uXn5bOmbqEhe+Wo9QSCMdc20Lq7o
+VB0I8/FxbC3Y7zNP1oHkHgaf/3XipaXO6tROWeFiDwdX0v6LKJ0Prq/wkyIpD3G4
+81Ywp2jFrDTfiofcOD2Kf2Mmp2TcAl2+6qN2ZC88Gg4UFAoNxhbTqQIDAQABoAAw
+DQYJKoZIhvcNAQELBQADggEBABWDs9H10OPMkVJspViUa7DpykmjwqgwZeobtUsn
+7MRP7a4/UUA/OMEgK3HQArIE36byYQM9u80FQRVmlgdM8h3gOABNlyD+Xq/PPCdV
+/+YrAWrLkPGbPgKeyAlVYlqi0j8laC9JB/5bEVh8JUxZ9RlZdYmMVITAnIAUfmJ+
+avGxytm5bss//Vat89HlUvPt5NzrmR2YgxzH5PmMx6AB13JIItg05YBE/KPZd+KC
+CsLyCzjZj7GJ12l1X8nI/EN032kRPQD/0knq1rt2gyxs45pzA1XGJNiFMFEnJ7Oh
+jIeFnbnGxBvx6hu8tOky41OubB1erMok0UV9XpT987tPA/Y=
+-----END CERTIFICATE REQUEST-----
--- a/configs/open5gs/tls/hss.key
+++ b/configs/open5gs/tls/hss.key
@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC5Y1v7ChFlnPTZ
+jM/DaZLJG417ZYZHbkVg2qSCi03VFI5fsT9kW73tJWoOxscP219yJEikHB8Ik9fk
+DA/goAnDDHfbcSOJ1ZAj/+/mEFRnxHvtonJadQqzPD+2tqGhty880vF8/ok1hVvn
+ixNtAeEB8oAskMDdeCDxmC5M0LxgHvDH4gXzgiCZ5reDShslxrN9U725efls6Zuo
+SF75aj1BIIx1zbQuruhUHQjz8XFsLdjvM0/WgeQeBp//deKlpc7q1E5Z4WIPB1fS
+/osonQ+ur/CTIikPcbjzVjCnaMWsNN+Kh9w4PYp/YyanZNwCXb7qo3ZkLzwaDhQU
+Cg3GFtOpAgMBAAECggEAO2h5PdnMmGTzW9HRdHwc80BWlvACV1qhdfeq10Cf2QQk
+2cp5l4YEt32RXpnZiZ3RmMjC1IBEe6GxAd3RqrhuWGhi8lnvuwhKkBbAwFeETNp8
+ojq37X/rRWOtwTYGVsXWp+WrSFRjENkjCfCZ8Yk0G0UkSOO8QlxwJiuPzsLnUt+b
+wO/bahViAu7c+CyPouw0+MJmysZba1DSRoYSAYF6yzOolOOfk9HIEcfFyY+wCO6d
+hRVcGe5FgFS6hsBC2RLDrKc4sp1VoWOSkI8MfsTsnSvIdWHKLqvmdDlhoEgLJQ2C
+BuPX9J50oa9naLb0FszZNjsF1o1xNXvdzzCvWXIYXwKBgQDWCjlJDte/o48jFbvV
+aIa7jkChD6NWlMhGv6wRftblNU2WxzwQNiDxKo2OK3o2OZaOkXD7u/GrUzsOAnRs
+N+4I340UQz9C7tfzUmsFjS4ju+xxeaPQX1Wmnz5HSN5mxU34y3FvLdyeitUbadNL
+CbSeLXI+qzMoecrUp30qHsKarwKBgQDduzhI0xQS3BAWxVz63vMv/Pp7dCjgg/VC
+ULYv2d4z5twS9fRwCzyhtmOPRQzHOvgxPbU/MF9DW/uXzAGPFYZSzfWuJcv4u1mp
+Ha48GZcxA3C3HWpimsn9yZjcdWG7QV2BV6RgMwH0nUIxZHxQ7I6gplJasZN5dwlZ
+glPAAOetJwKBgF8cV+xQ/ioYQgizJa5lLkm1op5vVoOoxX46uflkRZXAo+O2UMhb
+ZTQFVrWwODRUTsS3eF9EWtVovLsy+A0GpW2n+QbiAwB5Jdjn7Mqgu7oBTcX26YY0
+dtj9tizzAnDkiAtgS929oWWKB7yQv+V+QJZxV2zlomwAAtOQQZwv4wXdAoGATReE
+8D0DY7NDnMcuFsNhhjPM2xN+CuGWamIpleWIDj+cELOXM0WU5RzG7M8zLCnilSxB
+UiD9XiwjA5oYiKkRNMULQGs/ydFJ0TTSmW7EVHQ/wkrl7DapOCXZkfz15+dIHWpd
+al0RtvzeQNIRLwmwZUaup33KKpcqlwZrG/y0kE0CgYEAtSp7JuJWnFCRBGYzITFG
+3gILjbzWxKquho7vOjlOZ9Jn0zHAMjMFaa5jO+jDVeFTo2ma6vJNjkrwwSt2ta5j
+RL3+dBFB8uFgihY68j2yP8OeTuMOUevinbKgySMcTP7mlLzya/SAk9bZFqTJEB6w
+CA6ghp5l+Pzf2ziJKd3nc0c=
+-----END PRIVATE KEY-----
--- a/configs/open5gs/tls/meson.build
+++ b/configs/open5gs/tls/meson.build
@ -0,0 +1,63 @@
+# Copyright (C) 2022 by Sukchan Lee <acetcom@gmail.com>
+
+# This file is part of Open5GS.
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+tls_sysconfdir = join_paths(open5gs_sysconfdir, 'tls')
+meson.add_install_script(python3_exe, '-c',
+        mkdir_p.format(tls_sysconfdir))
+
+tls_security = '''
+    ca.crt
+    amf.key
+    ausf.key
+    bsf.key
+    hss.key
+    mme.key
+    nrf.key
+    nssf.key
+    pcf.key
+    pcrf.key
+    scp.key
+    smf.key
+    udm.key
+    udr.key
+    amf.crt
+    ausf.crt
+    bsf.crt
+    hss.crt
+    mme.crt
+    nrf.crt
+    nssf.crt
+    pcf.crt
+    pcrf.crt
+    scp.crt
+    smf.crt
+    udm.crt
+    udr.crt
+    testserver.key
+    testserver.crt
+    testclient.key
+    testclient.crt
+'''.split()
+
+foreach file : tls_security
+    gen = configure_file(
+            input : file,
+            output : file,
+            configuration : conf_data)
+    meson.add_install_script(python3_exe, '-c',
+            install_conf.format(gen, tls_sysconfdir))
+endforeach
--- a/configs/open5gs/tls/mme.crt
+++ b/configs/open5gs/tls/mme.crt
@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAkOgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjZaFw0zMjExMDgyMzM3MjZaMEoxCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGDAW
+BgNVBAMMD21tZS5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAOfRYYARkQf16dejrenOv9VbNAInKLH5BByRobC/FXYs/1ZEpE26QQpj
+ElSZfdc9ri6tlGm8JzsWdeospR10abH9wu/80lerrOJFsGAKC55tLbO0N71Odlk0
+UZms/Efets+4Y2N/ubgq1RStl6IhqkmUOgfbvX69h7+po4PILGMixbZiQTW9DwH+
+aZJ9Gb3YScewikE3J6E0RPf43ABX9roI1oU078n2nj7qZlCNd0zJ9vOXQiQOdcW3
+8PKHlrobulMYh5SmG5ASidZzexHy6csKiH/Rr2EC4mZTYBepb3QZy8+ad9b5Cl74
+yuCcKGf95xui1E+YqGBM9Gi5+HNdr3ECAwEAAaNNMEswCQYDVR0TBAIwADAdBgNV
+HQ4EFgQUVhByp4/5SHL0qj7sf6dXxrcO6L8wHwYDVR0jBBgwFoAUsWr6nJm8BCpC
+iGXXfr5gcKIO2kAwDQYJKoZIhvcNAQELBQADggEBAJTHO3re3/Tc9YeMs3Z+Kog6
+9z3Rb+OJ5nB56Y7nXVpJ70piUpTSVwPxK1r5a6QqHO9tTTgp5kp5i3u1H3cYnn3q
+r9if/lkNotdrOl1uwI9Kb3eb+4iwZe4VUnhDvWbC3oWVHcyZheS95qxuW/HfErxU
+eZakK1J5rynrd0R8fZiJBfpYeBfOczshDlLZ8G40gwmGcHBTJYQ6bYJjjA1jQXzF
+n1fE6WQBu7q79eX9w0U5Sf5Xo9Ale5Y7o6ud2aZT6F83Upt1G83BhEvQ8vrseTD6
+SHme/cpGXmSToBs9hJfrPuDzIkjGG/kjiVsFalHiaUtVbGvMqVa2iaHZ3HBzIro=
+-----END CERTIFICATE-----
--- a/configs/open5gs/tls/mme.csr
+++ b/configs/open5gs/tls/mme.csr
@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICjzCCAXcCAQAwSjEYMBYGA1UEAwwPbW1lLmxvY2FsZG9tYWluMQswCQYDVQQG
+EwJLTzEOMAwGA1UECAwFU2VvdWwxETAPBgNVBAoMCE5lb1BsYW5lMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA59FhgBGRB/Xp16Ot6c6/1Vs0AicosfkE
+HJGhsL8Vdiz/VkSkTbpBCmMSVJl91z2uLq2UabwnOxZ16iylHXRpsf3C7/zSV6us
+4kWwYAoLnm0ts7Q3vU52WTRRmaz8R962z7hjY3+5uCrVFK2XoiGqSZQ6B9u9fr2H
+v6mjg8gsYyLFtmJBNb0PAf5pkn0ZvdhJx7CKQTcnoTRE9/jcAFf2ugjWhTTvyfae
+PupmUI13TMn285dCJA51xbfw8oeWuhu6UxiHlKYbkBKJ1nN7EfLpywqIf9GvYQLi
+ZlNgF6lvdBnLz5p31vkKXvjK4JwoZ/3nG6LUT5ioYEz0aLn4c12vcQIDAQABoAAw
+DQYJKoZIhvcNAQELBQADggEBACCmqKiZ7lalTo2IacCqfhzE9XCzwltNoygocky7
+aEed7vSX/3pxf4x7ASphZd1gytnePc3bVvqChxFKkgTOUCLd6KTcKsPuXhVPcr6C
+0/f3APspWyvZX/sYMLHpS+b1BkO6Uego3ZM9FauEP1kynNHy6Bf0h5BL3YB7yYBJ
+nj9UaGWpEAs4LivGWD+4iici2a1GfhS++PBD8dSd6ipELCEOkTuTZoFquZF66cfC
+3q+Isd29jbIiO40LnQg3Qi75ECXw7Rgzn5rr0eclIEv50fayyd1vWAG5yXbSOyxT
+L/ZBnNDXSLtZV1DMHEvB7rlhXvLEK0874QDtYcQEOltgVOY=
+-----END CERTIFICATE REQUEST-----
--- a/configs/open5gs/tls/mme.key
+++ b/configs/open5gs/tls/mme.key
@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDn0WGAEZEH9enX
+o63pzr/VWzQCJyix+QQckaGwvxV2LP9WRKRNukEKYxJUmX3XPa4urZRpvCc7FnXq
+LKUddGmx/cLv/NJXq6ziRbBgCguebS2ztDe9TnZZNFGZrPxH3rbPuGNjf7m4KtUU
+rZeiIapJlDoH271+vYe/qaODyCxjIsW2YkE1vQ8B/mmSfRm92EnHsIpBNyehNET3
+NwAV/a6CNaFNO/J9p4+6mZQjXdMyfbzl0IkDnXFt/Dyh5a6G7pTGIeUphuQEonW
+c3sR8unLCoh/0a9hAuJmU2AXqW90GcvPmnfW+Qpe+MrgnChn/ecbotRPmKhgTPRo
+ufhzXa9xAgMBAAECggEAHPsdqSueXzQ8pZ32XjkKiCtXP1T9mZur38B1yjQRWaKl
+fKJR4iUWACzuO+UBM6P9PyOp3rrMMsRg6G49aYcbYZ+mZmdL3/RRRZZ4cYE//kXg
+RUuTU6zX+dijF5xl4RGe9tgH64aqcAjsIPd/cfWrJXi3n9zg/f5xgUy9aaUK+4zp
+K77vv6ir3PjtHdQOqDTHblLdXJBDtNprF6Q3kvzWLdVptM2jhtsfhoZ5J4RnrkGm
+e9VwUksWnWK6NU3ezYndN2zDe8fkwRKWmLD/DLMrWxOd/E+1T2sUsiTYytxhCMpR
+x9hQZ8P1ogWivYZe0aEwzEcr9SR7sOafdnF+pFnswKBgQD/4fFSHI+c/nL0d0TR
+72BfNieuelnaxWzbsPDC8/7YzRd4g25uWCwoyMxzVntVSAdADmI2aD6REfIejLro
+m27AvEkMvXCBJIn6ZD6a/GVvLGAiJt060Y3znyRm2xCsynnfw+4RAK3Rs3Vqu4EC
+igHytUCKRsU1F3PeFYBABSKdswKBgQDn7JyG4uFl8YB3dm47SiaVxSNHVNnIKQJD
+kULqgxLV0jWbMyXx/brS+tp0ABwavRFYxhl3f1wm/ZBk7YnFCTxrpwG3E1MPu4bn
+fMJqVEbGFfJEkBePpB+3o2VFGYCrC8wsQx9+RsM98+f+jETqIn7J/j8W9Ht4Y1J/
+2mlWubqUSwKBgQDFugBSJQPMmsqVobwqRUFBEYXkS2M3rCsMMFQ7MXQSb5jdZSJm
+XffxpAhob8FqCvifRP4bcL44N5fSh4i+yazxfg0srQ5MnMGKHQBLnxF6sN2wRjvZ
+gaihQq5MVKcz/lni0XIa7V1jl7r5uN5d6erLc8flkf49olvElvS9g7pWBQKBgBNX
+3q45WgdAnzBXhlYXlyRCrvCSGR/im7e689PPXtDKmYH6QB3wxZY3KeUm5TEtt7ap
+vxICY1M1LsfcL/NpE8r+wNveFr1nLJc+BpELumNnDS++vNhUHfkY/adHuz2I3FyM
+tKG5kSsnnp/SXyUP/3clZ2motmuSDR1wv/xlvTQFAoGBAKDDpj2v3u6R5qWWWb4C
+kO41YOGAlx52pcukmPV682CQZyJHdWFG3YHNeJaSBMVayHN+roIbnZQHJGTbS0B
+jOMxgRyt6a86uGBHQ9PUDRrtOH8hcM4Wg5RnKip5GGHWnZYXH421p2ErpDE3ZAO2
+nt+0/3cXT4rENRXogOlzP3aG
+-----END PRIVATE KEY-----
--- a/configs/open5gs/tls/nrf.crt
+++ b/configs/open5gs/tls/nrf.crt
@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAkOgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjZaFw0zMjExMDgyMzM3MjZaMEoxCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGDAW
+BgNVBAMMD25yZi5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAJYwtO+kISwKZjSQlQ9eQNtF1/DpUFi8qrupceRuPtlAwsEFaly8BRiH
+bCuBcRdGjrIgHtoyFJDW3wi3veKn+xkUoSTcIdHahGwon6nryW049ef5tV2CtNqf
+RovgVACdKh7QIruIyqUhJUED+lm4s18aJjKb8QYne4jl18unM5xQkdHfL2bRh7Ce
+BZV9/GxjYyNGcLQUWf1Qme3dqLvq539XACxBr8NqmYSDJGlrSRG0i4z0Faa2Znnn
+epOTyRuttBrRgsebzszh1evg/zWgc5hsMDr4DoPVOfWfAihNkXmq2LF5kZsBqXdr
+kQS6rZsxV4KRF1ynafMNxp0E2I768ZECAwEAAaNNMEswCQYDVR0TBAIwADAdBgNV
+HQ4EFgQUofXRxrSK7mNyrNQCStGT0rE5vJAwHwYDVR0jBBgwFoAUsWr6nJm8BCpC
+iGXXfr5gcKIO2kAwDQYJKoZIhvcNAQELBQADggEBAHAaED78OABG0UPbkWUG1Bqd
+kWPiZVKySEj1zc8dOqCcgn79VGH8TruxK+/dHwQY/YClq/8o9tZzfFOwc/OdtdfO
+dk4AxHwyA+5zJMBWOaGOAIFzPkrRY7RIQnUlkL9FgRg/3hel70TyjBsRm5QEUCPF
+p100S0TS5AACJm5gcC7QPfx0Pz1EPsK0q8nm0V1zAus/mDY67jJcbkCGwH839J3s
+rVzMrnXEVeoubEr0u4fPB4ulsT1uufnmRPjO+Gw4ToqW+QB8aUX1y0PdxaV2K17g
+HD7N6TaLZzXLZDhXB183tMKgOMTzAN/+sDofLUgAT/npO35bAbMmbisCk8Alha0=
+-----END CERTIFICATE-----
--- a/configs/open5gs/tls/nrf.csr
+++ b/configs/open5gs/tls/nrf.csr
@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICjzCCAXcCAQAwSjEYMBYGA1UEAwwPbnJmLmxvY2FsZG9tYWluMQswCQYDVQQG
+EwJLTzEOMAwGA1UECAwFU2VvdWwxETAPBgNVBAoMCE5lb1BsYW5lMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAljC076QhLApmNJCVD15A20XX8OlQWLyq
+u6lx5G4+2UDCwQVqXLwFGIdsK4FxF0aOsiAe2jIUkNbfCLe94qf7GRShJNwh0dqE
+bCifqevJbTj15/m1XYK02p9Gi+BUAJ0qHtAiu4jKpSElQQP6WbizXxomMpvxBid7
+iOXXy6cznFCR0d8vZtGHsJ4FlX38bGNjI0ZwtBRZ/VCZ7d2ou+rnf1cALEGvw2qZ
+hIMkaWtJEbSLjPQVprZmeed6k5PJG620GtGCx5vOzOHV6+D/NaBzmGwwOvgOg9U5
+9Z8CKE2RearYsXmRmwGpd2uRBLqtmzFXgpEXXKdp8w3GnQTYjvrxkQIDAQABoAAw
+DQYJKoZIhvcNAQELBQADggEBAD7FDen5uEbzgzjW6w3vbyKw/irx+s59YS9zLnrc
+K1l4C/eGUxOjXzL1i5th6TJ6y+860OalWfui1JMfdKFXAz4a/wGhZGbGsQelau7r
+lQTH1nlm+b5BGShGg0R053FuX3PK8vKBpZzPRuyn9n6unc/PKzoRjub5FXKZnrVJ
+8rDz2HXi7ZdxBrU3FUU8dbiTuROgsrCEldyndxhD7vH4mJIPM/0+j8aAU0t9GbRK
+pX2Jo1z0Z83NxKegAtMXho0IoEpESEMZmYStBreOY2mp38Zw3+hEJV7SP3nLxr68
+J/c1HVddfoLt7N6mKvIuVbWK7OxkeFLVGGq2o1/Gs+PkVjw=
+-----END CERTIFICATE REQUEST-----
--- a/configs/open5gs/tls/nrf.key
+++ b/configs/open5gs/tls/nrf.key
@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCWMLTvpCEsCmY0
+kJUPXkDbRdfw6VBYvKq7qXHkbj7ZQMLBBWpcvAUYh2wrgXEXRo6yIB7aMhSQ1t8I
+t73ip/sZFKEk3CHR2oRsKJ+p68ltOPXn+bVdgrTan0aL4FQAnSoe0CK7iMqlISVB
+A/pZuLNfGiYym/EGJ3uI5dfLpzOcUJHR3y9m0YewngWVffxsY2MjRnC0FFn9UJnt
+3ai76ud/VwAsQa/DapmEgyRpa0kRtIuM9BWmtmZ553qTk8kbrbQa0YLHm87M4dXr
+4P81oHOYbDA6+A6D1Tn1nwIoTZF5qtixeZGbAal3a5EEuq2bMVeCkRdcp2nzDcad
+BNiO+vGRAgMBAAECggEADL0D06F5mMknAwVSRzPoz1A8sPew813JI1KLUOMS3I1U
+F1f0vfnKetqdj5ESfPVki/ISe9IskV5QG2auKceykd2Aj2ZGTgy5F41YgWp4spVW
+sf6pZc18tmA09Q8pQMYTuPpRP9Op0Fif1sRWGv8B46qNm9RDHJEDtsg7xc+gHn1L
+oeMNin1jZvypm/ZHv0gv2s+/ziOP9ZLcEsI/Zp8ljlGMJJ4Gv5bpZyZB6MCrC1xI
+2EOBIeQbO/DnvKw5tiflIiiE+UoTcLvRiX0yxS9IpcYTpV65uwsBsmj+yeg9eunh
+ZhoQNnEYeTwHpdzCX0ZO0IwTacb/gElutJ1n/FlMUwKBgQDKHh9UZYx1ejPrCzKT
+jyoiXClNEt14Ze3bh3hIgDLaENq24jadNYOfTyCwPd1CGYYkgnNlY8VWBtisafRW
+g7e28VGrzaEoYZ0S8p1vNsMabM1oWnq/P/oy0vY9YFvth7lZdlegDj8om+7tA0L/
+q0bDpcU0rQhLzxGExJaLJUjlIwKBgQC+OrTxkfrPvK/CIXole2Gu/Se/5smWNxGc
+LNuX39vgIzPvSf1I9rHCr4omqHoeFooujTckfNKR1yc6x/a0jPjDD35ztmPmSKs+
+8PCmhaq3yfjYnt2+0oZd3KVZ9acayNJ205/YVYxG27Gn8s2V2TnEHMXO18NZxPnL
+KHKDCGm7uwKBgDf7L+JIXicLueWYLGICfUEXFblrSDxYvxDW7NHn8C3GDU4qScYx
+VEuDtyIZgHcWarkiCKREhhvVuZ3Hmw17Xh8lp+FWCxUMNF1TJZfwKwneqOYGaYkf
+R0VceSd20P9xYD0PMiX6zDOLPRoYlS4LWoZGG+EDLBETQV7stGXF5fLRAoGAa4xN
+WHYr0t7ej2bV4/MJmyFNI9WbCu4/aoiB7i+F5AaDCjpOlL3EaklMVebSg8hCf2cf
+UeWwNvvpFfaPqCw7SCyuVUU83akgCAm4RK01g4sQwYev3n6vsMlaQq37t8zqEHw8
+1tYm5Li4jDddu+aAHjwWKYcaztnqT82iUCqlfJkCgYEAyK8xQfiWNPWADHILRDy0
+xtI415k+skYDx77dSmancF/10PGaZRO+UWI/EfweV8lR6ChSf9MuJxKZXOGupv/N
+2MY5qTAJ0WluunA/bGRS7VSzetq0ZC2LOLlARqvZQQSVINq406eUjhLzdwJZaR8z
+dtlKQ+91L56ELsd1XZ5DZfQ=
+-----END PRIVATE KEY-----
--- a/configs/open5gs/tls/nssf.crt
+++ b/configs/open5gs/tls/nssf.crt
@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDXDCCAkSgAwIBAgIBBzANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjZaFw0zMjExMDgyMzM3MjZaMEsxCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGTAX
+BgNVBAMMEG5zc2YubG9jYWxkb21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDIrtclpBRox3SHlIWyxwKH/u77/UP+ML6C6AQOfsI6j7+G3o73cqIb
+zVlpFCfuy7Xh6+Y6uLqLQccNFlj0ckX/k+T3wR3Xpj6YAJ3W9ynPcgDWDK75Mlta
+YDR1r69mkZ+SvDAE2gjHgv9zb5Jujyd3s419wHv5qzJQmgEMmIfRhP3sBJNw5+GB
+D226dIR4QWmySrNku3BpTXrmKT8piStnnpWvEaoIBrYcAhUvFkETpWv2FIJyQJGH
+Ku5894DuK2kEdxhA2MTAeEOxRnq9Xfv4Qq9JpyYNRLSfpUeSeJW3ZjCYan+mpciA
+y7QPY2dG/RraGPvkGtTmlBEUMV2kThYjAgMBAAGjTTBLMAkGA1UdEwQCMAAwHQYD
+VR0OBBYEFKDi3dKxojvcTkXTSa6mQwULPtKBMB8GA1UdIwQYMBaAFLFq+pyZvAQq
+Qohl136+YHCiDtpAMA0GCSqGSIb3DQEBCwUAA4IBAQBJ5p0AF6bwFB2IaCdcpPix
+Ai8kh73og4G1fi6+5m0Es0Sj9atAS2jFerPw4w8qLlWQCQUu5c9TFRmC29PmYMKd
+1uPFfxOoaw6ohnfqbrmZyNOFpKLSYAi7VAcmVTt2ErolVAkWxknVTNFbC4QtgqOl
+vH7WF6UjRXpkGdEcDewBcNjo/GpMacTsMGpQrb09JH8Sfvi+O+RDJY3kYI8e8glx
+ejonu+gKXxCEZf0ALI/dIGyDIDTG30nShCMSBjOy+VjVFt2W9PFYykEc0yOpa+jX
+C0nbS8zvC0KnCFeIomYUTbkOj3mgEWKa+gewXkFA3+i8XxOPBbmsXU4cWyVJ3sBp
+-----END CERTIFICATE-----
--- a/configs/open5gs/tls/nssf.csr
+++ b/configs/open5gs/tls/nssf.csr
@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICkDCCAXgCAQAwSzEZMBcGA1UEAwwQbnNzZi5sb2NhbGRvbWFpbjELMAkGA1UE
+BhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQKDAhOZW9QbGFuZTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMiu1yWkFGjHdIeUhbLHAof+7vv9Q/4w
+voLoBA5+wjqPv4bejvdyohvNWWkUJ+7LteHr5jq4uotBxw0WWPRyRf+T5PfBHdem
+PpgAndb3Kc9yANYMrvkyW1pgNHWvr2aRn5K8MATaCMeC/3Nvkm6PJ3ezjX3Ae/mr
+MlCaAQyYh9GE/ewEk3Dn4YEPbbp0hHhBabJKs2S7cGlNeuYpPymJK2eela8RqggG
+thwCFS8WQROla/YUgnJAkYcq7nz3gO4raQR3GEDYxMB4Q7FGer1d+/hCr0mnJg1E
+tJ+lR5J4lbdmMJhqf6alyIDLtA9jZ0b9GtoY++Qa1OaUERQxXaROFiMCAwEAAaAA
+MA0GCSqGSIb3DQEBCwUAA4IBAQCFIub4/cIs9fJihlSgOfkqR5BVjv+UZgKocmPz
+wACPxgLeXGzH+8aQvCnsmb9p8A7r4CamKkpzeJHuYyzLj2wqTaif0gsAvVnjkksi
+uyxZtkWV9HDKgWYIaJnCYtKvAl7qKiY6DDk7McqPcGnI5zjYakxi6pLE2ZC0TUH2
+M0Zy54Tzj7rC889TfwGjbPIPm4mqliy7isxDJed1yiFizG0RT3CFB2qnjxqoU3sa
+x0fYGWP7mcNuioBU2VyPHkc8/8lNM9sR7+K5Ne8Orq8ooeb/kTdvGZJ5MX67W2Bz
+g+TwAs7ZPD4+ZGNIihlIMl2w8aOibYKmdIR6sc/01GHDhmV+
+-----END CERTIFICATE REQUEST-----
--- a/configs/open5gs/tls/nssf.key
+++ b/configs/open5gs/tls/nssf.key
@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDIrtclpBRox3SH
+lIWyxwKH/u77/UP+ML6C6AQOfsI6j7+G3o73cqIbzVlpFCfuy7Xh6+Y6uLqLQccN
+Flj0ckX/k+T3wR3Xpj6YAJ3W9ynPcgDWDK75MltaYDR1r69mkZ+SvDAE2gjHgv9z
+b5Jujyd3s419wHv5qzJQmgEMmIfRhP3sBJNw5+GBD226dIR4QWmySrNku3BpTXrm
+KT8piStnnpWvEaoIBrYcAhUvFkETpWv2FIJyQJGHKu5894DuK2kEdxhA2MTAeEOx
+Rnq9Xfv4Qq9JpyYNRLSfpUeSeJW3ZjCYan+mpciAy7QPY2dG/RraGPvkGtTmlBEU
+MV2kThYjAgMBAAECggEAHfOlE250cq781WogCkQUPKKanewkRGvsrd0IaKFtRmWY
+pah8mLH4lUMGH94Xl6xlGQhRnwdd0Cr2anL2E9slAgrbbEmGYAk6jl/ehEGfcTay
+qT/QsvYGbGwEvbaFlz66HPcOs6qsZMVIcGeBPhRfmkindX1Prj5pjrNtif5knFXZ
+YezQyv32wsXn0blE6Nfz7s6udA2JOhEj9hbl7VpK5Diq9X7zXD9eLlEB2vcF06xW
+u3mMZHCN0Bl9Ftq0KM3Mn56GjqIKMXZpQOZGL6hwKbQQRgLAwWqGGkQASsd+zpIJ
+i4NTibBDQarf6Wiob6SluEkpeaCim3cvf+lpHYCnAQKBgQDc/1StN7SB5Hpw6ApF
+RkWQb996UnmM7DUQp4G13iGww4iC9+pC/F6vb3WwcjITmxdLbSWPrMByTPzUIk+y
+kkBRD/TaAfPqSRsect9DjMhNyjxjSYL46jH7sR9VhebmuL4LhD2OpSPNGsnJwZ7O
+GcWWGRcEgQdMiXZTLpZhgJ+tXwKBgQDod9TRgADMMKFF55qCa5M+a/Jp2s6pgFBN
+BY8S0JApcOec0EyUZZ4fKX+vzP2PvQj4ITbEwsnnYDxGUIp76Wgo6ZvD50nSaxCC
+/liDY0pPEOFTIootByPVj56nrpBQ5Rcuon7DcIS2z7kCnoDZ3d52UTqXjuu1sQet
+8B7L8OVJvQKBgQDICwvgG+t2JJY8u54IZPq1Kr8035ENYgcKw0WjlaYTdnuMadMQ
+vZcL4K28gTIZEys76Fm2ux4cmNnHQCO6Na6ocfQmntvmuDQnFL5KTBZIbAbLrRA0
+NvH1rbf6V1HSiWnlzNdX1t4YW+ZKjcwtLaDwJFf0iMNNoaSM2T/glGh1qwKBgEB5
+5AQLTa1Um5Zo61ja/2bjx8OGVaV7mkoSjaE5SZLE5uh+eY77NEUOXITlBTrVwmQX
+yjn+kMNk1LLn6dD+Zs5aJMLMJpR+74B1jRU798NAOk61mL9uaIj2IZn+d7aII8ri
+dOg+EAEoUfchATnsKKSGWQrqMAQfyrJ6lAAam229AoGALHAQxLc2fXztnZ7g2ftw
+YsjutOSPPf+xBWZBVILYQMdY7Y3bEMIuz0oJqWSnvJ5ZMz09JQwoz9EzM1PL7GJ6
+PVlNNqqWdHtDlFamXS4rUXdsJLbKdoHy51bG1qIc5euYutpSUpKuc4n/g6erz7RD
+iJue+kVzeFjZeLSMFeoN5dQ=
+-----END PRIVATE KEY-----
--- a/configs/open5gs/tls/pcf.crt
+++ b/configs/open5gs/tls/pcf.crt
@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAkOgAwIBAgIBCDANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjdaFw0zMjExMDgyMzM3MjdaMEoxCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGDAW
+BgNVBAMMD3BjZi5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBANJDzsbZ910GqsJTS2Z+FKu3KnNHtPUvtJ4/pXdz6b2s9ECm0bPpTofQ
+7N17yvv1GmEoBiCEpoz13q6ZZ/CCW4PLXUTXQzKsB3HVbm7luJA9JziKbXnSrGnp
+SQk97HWN1RYdTKQKi46JaEg8MfyImeopyHQUmYbyg6oJSm/8JyXT9LAil8BJeLgS
+JpOGvhE+Pus1+7XS9hswr/zz/6jiy2i6Cc5AKxF1Qp1qp69/8EMBFPRtxiHkwnQR
+jMS3A7sk8N4z2P6JlRx3uBHvrActS7Q2IAUZHCqGPO+atdWjPpZmDJTTkiBcPBid
+xNBM1efy4xtCbJm3bXQStVgELdXxZwkCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNV
+HQ4EFgQUAPQBjYhnG8101VwEMOb7qk7Lix4wHwYDVR0jBBgwFoAUsWr6nJm8BCpC
+iGXXfr5gcKIO2kAwDQYJKoZIhvcNAQELBQADggEBADjP6PVyrc5X0Av/FvkODQ0f
+9FcVH36olgqHMXH8HMtSaLhWB/NdOoeMfNnrZKlJJe12t05vd1b6c495Xg5bCpCn
+14wjUg/TM4FijXECGl0KT/VvPd+DI6sJiDgJB6wwVQoujY8c8k3inPoRBmPY56C6
+6UeD+NA3rUKnCas2yKq+eR2l+U48nfN9Sxdj5/LAQeY6CEaKKAdLZoN5YyxzZfTZ
+esG7mPpj5c7+oF2SBk7NEf+3yT8aZ2Uy20GXwLnQYk9d92AWUtBywe1LXgJxY3Yi
+snDuwEymRteXODzjMp6JXsCUwZ7e2e2QvTdDASx1QREidr9z/ddcpnXQWwQncHA=
+-----END CERTIFICATE-----
--- a/configs/open5gs/tls/pcf.csr
+++ b/configs/open5gs/tls/pcf.csr
@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICjzCCAXcCAQAwSjEYMBYGA1UEAwwPcGNmLmxvY2FsZG9tYWluMQswCQYDVQQG
+EwJLTzEOMAwGA1UECAwFU2VvdWwxETAPBgNVBAoMCE5lb1BsYW5lMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0kPOxtn3XQaqwlNLZn4Uq7cqc0e09S+0
+nj+ld3Ppvaz0QKbRs+lOh9Ds3XvK+/UaYSgGIISmjPXerpln8IJbg8tdRNdDMqwH
+cdVubuW4kD0nOIptedKsaelJCT3sdY3VFh1MpAqLjoloSDwx/IiZ6inIdBSZhvKD
+qglKb/wnJdP0sCKXwEl4uBImk4a+ET4+6zX7tdL2GzCv/PP/qOLLaLoJzkArEXVC
+nWqnr3/wQwEU9G3GIeTCdBGMxLcDuyTw3jPY/omVHHe4Ee+sBy1LtDYgBRkcKoY8
+75q11aM+lmYMlNOSIFw8GJ3E0EzV5/LjG0JsmbdtdBK1WAQt1fFnCQIDAQABoAAw
+DQYJKoZIhvcNAQELBQADggEBACom4xjdCg4uDodIeninSNXwaOFK4g3zI6aIDyi2
+FhBxDcutDAAJHnXTOxVNWHan09UiYUeCRlh22NXfOXTAkR2cWDDizIGlcw7IUPal
+5+AqgyoBqZ1sD51+oDkZArZad07HbaBgkHoCDBDnGcWC7E6tpd1MniVuv5xPGp+g
+TIEKR9wEiHsUEePON9rrIqntgvpq8LpHVv9+BDdn6AEbkAim0U/IvHcmCjIzwp+8
+N2iFBuqngt/P/v/A0/eL06qqWIpVuVpBIYDdd6JrMMM3QWcATiFTVX19Dpov0dRN
+2iR9zsWC2Z/NYPQzGoJyKees7prTXpOyS/s8LLMTAKGnxdY=
+-----END CERTIFICATE REQUEST-----
--- a/configs/open5gs/tls/pcf.key
+++ b/configs/open5gs/tls/pcf.key
@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDSQ87G2fddBqrC
+U0tmfhSrtypzR7T1L7SeP6V3c+m9rPRAptGz6U6H0Ozde8r79RphKAYghKaM9d6u
+mWfwgluDy11E10MyrAdx1W5u5biQPSc4im150qxp6UkJPex1jdUWHUykCouOiWhI
+PDH8iJnqKch0FJmG8oOqCUpv/Ccl0/SwIpfASXi4EiaThr4RPj7rNfu10vYbMK/8
+8/+o4stougnOQCsRdUKdaqevf/BDART0bcYh5MJ0EYzEtwO7JPDeM9j+iZUcd7gR
+76wHLUu0NiAFGRwqhjzvmrXVoz6WZgyU05IgXDwYncTQTNXn8uMbQmyZt210ErVY
+BC3V8WcJAgMBAAECggEAEobL/ORuscEpIZcyQRUh4CFy+ZZbYPEzom/sNfK+KSrI
+mLu6JXaMp1Xm0Psb3whxKxdaNtpJTIlLdinpKR1rT9kG3k5zSs8ylrqeEOJn2Tmy
+L36u97ly3KAkAc71e0Qkft7VBm0xb702tYqsQtqMaUAGPAgmoOfUZxKLfwOCNYhn
+FvD76Qvv2jOwO0UvDzrlOdDsLiDPqYGR+4VhJOGEBVzZnQeQswbhTEj9JTBNc6Dn
+Gvh5ZxhaV82yxpB8J0JVWESb3w6KDnDpCskW8IVznjr4D2hxjQRjDXx4IMcWtCVg
+BnEknKR74uSaKZza5jwGf6XwoA1YlkCNbEmGeZn8yQKBgQDlFGx/KkSNIeDOUuFQ
+9la4jBjBf0RQkost9h10SVgk7UhnUOdhAzd8gygAdL8opesoVyY2lbIhv62iH+94
+5Eoh0mLT9siKjR/d56wyQRccrjoHLt91GnD6qKeGO0hbI5QeeKbdDrbCgzEpm385
+u0HYLhlkM+bpPnMDaai5wgnPpQKBgQDq+Vx2K9lNHN/Gdz7vq0xn/oGeiT0EWQAl
+nGD9E03f1QYsSA0DqX3MWJ+7rmXHxZcT4HC1DNcgpG27mEnIVxw3n3JoPWaY5DKd
+BXvQEA+SaNfXj+nEQft/mFgVGmadhnS8IgTk3obAQXVWXrgV/0xO4YaQH4D/08Zp
+eeWr7neclQKBgBceZoy24VA0+REZgC/BjKL3UJBGnchb4bvzuKlBtamUYNg8a/14
+a6MfQWw6XAhoJkFd+jdMCDwrsgRIoMxcjba4Gs01fKuu7mZguRohQ4nbc3PCIT8a
+Ogix+KYtWXIJNyuUFZL9pygeQVnnnYFgCpccn+di7Yzgho7znNmSYZcZAoGASOpi
+r+UBhLVuF5dPd24vwqGutXSe86durT0ut7ny03+2b61YJIfHGs9xmfsPaIO/UxK1
+xukaJO4Bg1JJqxqlDfmztfc/zDgcIK/f8Pva6TMRr7nf7+AN3FV5F+teZomf1fW0
+kRUgua5WbBvughz8IApKCJVOIZUlH/wMsmLIyVUCgYBL9vzRI1RliwBWZRRHGuuX
+Eg2x3GUvIAMbA7Yfpd08VCkxPGrNtPjb+nPbV5zHf0lSrKsBzCtgy6WAulhUGTBw
+tfcU//wg+1MDb7OY3ZBy0+8e0FDfS674DnD4YT7E+RoEqSrNPJ7v+Z1+LjkQPU/k
+58Nf0K4LaLiLah5T6dNIeA==
+-----END PRIVATE KEY-----
--- a/configs/open5gs/tls/pcrf.crt
+++ b/configs/open5gs/tls/pcrf.crt
@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDXDCCAkSgAwIBAgIBCTANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjdaFw0zMjExMDgyMzM3MjdaMEsxCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGTAX
+BgNVBAMMEHBjcmYubG9jYWxkb21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDMiA6Y/1qYyV3CMfVer498oPZNlnjciFECal71JbgigzvUUAIXT5tx
+KQUWKTjeyhbCGHMekwuyyUoljo6jMIoYFL5m1DKS6GV9mQgOhj2QpDEN44FFWm4B
+BRM+pHxXr71h51lXffH6l+wt1O7Y76ok2ZIxB8vzUUfKzmeg6wUQntS4oWuzZCHl
+5Ca/5FaDcty6H4ixE1O3+dRHPmbT+aWrZwekZyrOXYnOd4jNlJ9mz8STXLP+mEEH
+X3VbPkBOwFOHNq44WHYzZNj0CEjVghWWtse0T5V3QWluYxiBmJF3q9sWNe6bn9FI
+qOeJue5TzhqsldDZ75qhmvpRn7Kn+hz5AgMBAAGjTTBLMAkGA1UdEwQCMAAwHQYD
+VR0OBBYEFGyP1+kC3lw5HoXa6O9i41J/tZZqMB8GA1UdIwQYMBaAFLFq+pyZvAQq
+Qohl136+YHCiDtpAMA0GCSqGSIb3DQEBCwUAA4IBAQBkZI1BdcoRFyQGCb5AhiXc
+Su7MlrdPBACUvXqF4R1OeNUAa6dwlFVINxZmrFYrJ2MCo+4KBURXEBjugLloWGTP
+ChsM7eRoFniCQChWkEjoaTe8wDIWYSyZ6tBfiDgdM87uP4rbK9HO7C5lByj9QtAz
+OHYbkv5NEi5j+S0i9et9jjXoHjtqBRnlzF3lSWc461CkJA1Dgv6jldY+ozhxJlPq
+ZWvLc+8B44pgsQYkwpsg3CFESNAUa02h7qynswdmaB4AtPON13qjPzZxuawVco6K
+Fuy68CkHwwUTk3Qq2Nd5DLE5yOstiUOpJJ5qlQy0Fkp2SG+FEC9Rlfbl9Eh/Yxua
+-----END CERTIFICATE-----
--- a/configs/open5gs/tls/pcrf.csr
+++ b/configs/open5gs/tls/pcrf.csr
@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICkDCCAXgCAQAwSzEZMBcGA1UEAwwQcGNyZi5sb2NhbGRvbWFpbjELMAkGA1UE
+BhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQKDAhOZW9QbGFuZTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMyIDpj/WpjJXcIx9V6vj3yg9k2WeNyI
+UQJqXvUluCKDO9RQAhdPm3EpBRYpON7KFsIYcx6TC7LJSiWOjqMwihgUvmbUMpLo
+ZX2ZCA6GPZCkMQ3jgUVabgEFEz6kfFevvWHnWVd98fqX7C3U7tjvqiTZkjEHy/NR
+R8rOZ6DrBRCe1Liha7NkIeXkJr/kVoNy3LofiLETU7f51Ec+ZtP5patnB6RnKs5d
+ic53iM2Un2bPxJNcs/6YQQdfdVs+QE7AU4c2rjhYdjNk2PQISNWCFZa2x7RPlXdB
+aW5jGIGYkXer2xY17puf0Uio54m57lPOGqyV0NnvmqGa+lGfsqf6HPkCAwEAAaAA
+MA0GCSqGSIb3DQEBCwUAA4IBAQAmSA4jedvdB8xQrrEr5eJwAiBv72vu6t0okW/v
+80cLid140/stZSNHdJ7dXlXWhyWfCxS6dMVuXhYBgRCucwVpMjU2CX/ukhzT0JQW
+kTrdWCsrqzHnD/ukGQXA1fvaMHTLUzcBe/CznS/H3pVkSjdtiENZhxZwghigI0dP
+hePe2O2GmhKXCl+mtD08Wo9cD5NuDj937Wa0x9JHsjsoKxBRVvdmOXBrAZ+8p2k1
+nwwadBpUpGLbMDS19CMGOXjRpITE1lhXFDn1xtQRAM0eYE93jLzUE+i+o90CR24Q
+g21BL9lz3emPLDHgKB1PXdp2azdfd+cyVzDVGrzEFdFoqxNT
+-----END CERTIFICATE REQUEST-----
--- a/configs/open5gs/tls/pcrf.key
+++ b/configs/open5gs/tls/pcrf.key
@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDMiA6Y/1qYyV3C
+MfVer498oPZNlnjciFECal71JbgigzvUUAIXT5txKQUWKTjeyhbCGHMekwuyyUol
+jo6jMIoYFL5m1DKS6GV9mQgOhj2QpDEN44FFWm4BBRM+pHxXr71h51lXffH6l+wt
+1O7Y76ok2ZIxB8vzUUfKzmeg6wUQntS4oWuzZCHl5Ca/5FaDcty6H4ixE1O3+dRH
+PmbT+aWrZwekZyrOXYnOd4jNlJ9mz8STXLP+mEEHX3VbPkBOwFOHNq44WHYzZNj0
+CEjVghWWtse0T5V3QWluYxiBmJF3q9sWNe6bn9FIqOeJue5TzhqsldDZ75qhmvpR
+n7Kn+hz5AgMBAAECggEAAyK73I8fp7OAnztOWHkHEWFTXV2m9TSWz1troMUHBWpv
+JqJiYdKb3riDBjO0FkBRaIDg9PFKrt9Epn5AxBI4r8VTpPZwXw22jp4jwDtBIuBN
+izm3b+WCxbu6740shdihJeja1wtMhCvDmHFJByTnfiCiy+MjdpPCrsKK1q37uiU6
+NwQM96hwi6TYTX/i2FcTgB8TtPmy0hKiN5pUdWYGNq8xjNAKarNptELveOkTDmCc
+dlpqS+4ii5BrADrNDjuP7FS4KnBn45vEB+y13OAPrY2TvbfQDBI4i5HdCVw3zo0c
+NOf+TpJykg+Cxa/WqutX8im/3X8K8WymkcfdZ1I0QQKBgQDdadXvCrJNz8j5o2OU
+ClCvkFnPoCiySCT19/RN6C45C/LiWi67OxcD1kr3uWMjblPwXoyrfZnxjraOpeaM
+fVXnzNbqD+Rnre5/YskvU5hcgoKrAMSgcwa2wc/DKPrgj83PWaxrxLKCguPIh6zk
+DTvAFsx13SBQuRQwiAVyJY6KIQKBgQDsex/TndN4+kxdPhZMENExoqZ9wBvLFuvq
+q6ODTSDw/yahPlmAAuqyIYq3NY8Qdi4IEKnna6wVVBtZU313TADVntIKT+1xsdHp
+SLKChdFggqdUXIS1/FOCosoWCaFHe0jM/YVxn+QpooZLWtEjTofxGbfEiQf+sKPV
+KDED5wn2QKBgQCM/wazMLaXAojTIA8biO4UvvHSXAVOcs7Gq92xdvdocIl9RzyX
+Emv3j5Ex66aMO4fMfAlMc7GCuATdFhyYvn/kGveJGhGzTHmiOUAwmSVfU+TuDJEq
+M9XEr+skNoZ8VlcTgeFgx2N95Og1HOEmYJ76Fgqhy+z2OsX2mcgOBoicwQKBgEah
+R5I201CQwXof7xzs8O44PC3W0PZJdFD0zrOKt8oDCxChxK19MYfeiMXLk11BTuJN
+x9E80XrVUg3N5+1Xn/AtrWIzGSIaEC3y7o4ZVb3TiBKkR2brZC3iXSVT3v2wjr/b
+AJ49OTJOPnoHN+upquSR39ctblvdejGQPsQQPX2RAoGBAMPEbxnbW+4ueDqDLjZa
+Sycio+MO8wPtsBL6g0sg80zduoBLPb0djCSiqYCTEgwtkYG9oQtKYvEycvb8h1qB
+9TrLpwWTl/k1ERmjME94Kf0IJZU9KInq5zmIKAn0iIdoHjSWK78JiOMb9pw2A44V
+RmU/iXW95u9YMWPrtijdc/9y
+-----END PRIVATE KEY-----
--- a/configs/open5gs/tls/scp.crt
+++ b/configs/open5gs/tls/scp.crt
@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAkOgAwIBAgIBCjANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjdaFw0zMjExMDgyMzM3MjdaMEoxCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGDAW
+BgNVBAMMD3NjcC5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAJ34VbJi6C7XISkQdq0pKXcTITsG8w41IxlFm4nuglYyDWsdQJf4+sGO
+I+E6E8b0LVDkUljh4cRD3ZTZy/MlBC2EHIi1zP0ZRDzl6Av9qVUhCkQ5bviPmvUe
+fQp63Suo4MzdzhbAipzsEC/zFDdjtjHKziV16zxjzpWoR9Qhr8YzLWT4t2wxJVP8
+lOlgAdkWYPDW6/PAz9PNmJ0xuhtMC04Ia+RHxFi4xeH4umBcp2cHbdup8fW+sI4Q
+RSg6449FiL4XlElggMpNlixcvNE6umzCAS5rJj2FIODd1i4J7JJjbs2nxZWJQTj5
+B5mpvFr5UlkKAxNVDfEC1jNzkS7ttscCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNV
+HQ4EFgQUGcbPg++D5U187URxcjqTsqmmAogwHwYDVR0jBBgwFoAUsWr6nJm8BCpC
+iGXXfr5gcKIO2kAwDQYJKoZIhvcNAQELBQADggEBAD3hPDcxv6j4n92UC/+XSsLQ
+cR0gZH454Y52Tocee1MgbQeDQauJAVtu4A79reBDmL8pVF14auBzLqLdyBTxAfOn
+4hcbw9OjxF/eKeNvYXL4tNu4KzZOoZuUiM78wnvJQObRp+30/dIUHt5B2nuKdStI
+kHgQrUXMuvJBCzmDKqiyDkkY8gN6/no6LzHQcpC7KiAhhQZ9s6IIgg8ulVqgeLXd
+Ia7Jit1Abm68+JDifwof3IGF6fzjxmWNzifxlVSgbMWMOnmgIVXojZrS2ofiJ2es
+VvLkGvyeCQtUV0NuGNS5QHyKN68mfDNRbk7A5gcr4ga9YzXHc9aQ5VJZyDvax3I=
+-----END CERTIFICATE-----
--- a/configs/open5gs/tls/scp.csr
+++ b/configs/open5gs/tls/scp.csr
@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICjzCCAXcCAQAwSjEYMBYGA1UEAwwPc2NwLmxvY2FsZG9tYWluMQswCQYDVQQG
+EwJLTzEOMAwGA1UECAwFU2VvdWwxETAPBgNVBAoMCE5lb1BsYW5lMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnfhVsmLoLtchKRB2rSkpdxMhOwbzDjUj
+GUWbie6CVjINax1Al/j6wY4j4ToTxvQtUORSWOHhxEPdlNnL8yUELYQciLXM/RlE
+POXoC/2pVSEKRDlu+I+a9R59CnrdK6jgzN3OFsCKnOwQL/MUN2O2McrOJXXrPGPO
+lahH1CGvxjMtZPi3bDElU/yU6WAB2RZg8Nbr88DP082YnTG6G0wLTghr5EfEWLjF
+4fi6YFynZwdt26nx9b6wjhBFKDrjj0WIvheUSWCAyk2WLFy80Tq6bMIBLmsmPYUg
+4N3WLgnskmNuzafFlYlBOPkHmam8WvlSWQoDE1UN8QLWM3ORLu22xwIDAQABoAAw
+DQYJKoZIhvcNAQELBQADggEBAFRCjdAFXqzb4Hb9ssaABrW9nDwO+ZTGiMeQg122
+RJ8TiH0jq3qurRdq6owPDJiqVVNklCdba93fB9TRqXf3E8RKswp9JfM3OfVdpgT6
+gYoQcJOVsY1iyDbC/RQZvDGprAF/zUI/7+Lgb41CHU3rd2XOVgZtJf3NeBHV2ZmH
+VMnPW8t2KSxtDiCNuAePfFnmUfSYZfTqpyswO5nO+qyfazyH1teLKcnjrHi5yCXD
+r32l1W7sP46pQukJjLgEKQA+ekA7pTmqENJLY9a01yY42N/ZB35fXNuxeJNS0I8Q
+Zo4AoFwBWINSTiOF4/n1OSIctmkxc/51dKNLWu3kZSOholA=
+-----END CERTIFICATE REQUEST-----
--- a/configs/open5gs/tls/scp.key
+++ b/configs/open5gs/tls/scp.key
@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCd+FWyYugu1yEp
+EHatKSl3EyE7BvMONSMZRZuJ7oJWMg1rHUCX+PrBjiPhOhPG9C1Q5FJY4eHEQ92U
+2cvzJQQthByItcz9GUQ85egL/alVIQpEOW74j5r1Hn0Ket0rqODM3c4WwIqc7BAv
+8xQ3Y7Yxys4ldes8Y86VqEfUIa/GMy1k+LdsMSVT/JTpYAHZFmDw1uvzwM/TzZid
+MbobTAtOCGvkR8RYuMXh+LpgXKdnB23bqfH1vrCOEEUoOuOPRYi+F5RJYIDKTZYs
+XLzROrpswgEuayY9hSDg3dYuCeySY27Np8WViUE4+QeZqbxa+VJZCgMTVQ3xAtYz
+c5Eu7bbHAgMBAAECggEAFJLs2lxeYAddxsLhqgDT6THBILZxfna2OQrjTI4XRJGl
+RL+dE432XrIcAy/0tnND2aa7AN9+b3jlSYcqNGMsTZ9IthdzeL1LMWFCHRmu7art
+cuBGDzJo3KbZYz2IQ7DtglEbD8SI6RIns48FoYcnigmfWqqmdgmLtNsja8HtajM4
+nF9CZQvGkpM5DxXm5K6OigkZ9JKHkvw3a3uglH5uNTmf5UqMSktQQUks996lNlcF
+ncjJeagOazWk5suG/fR8y7jrf2JrhcKwuYSg8jEFwf/ykAKuy0SNHU1TfF0ply9w
+84HvMScv2nRsdB3cT0J2yfGhV1+y6S1tCkA1EhOWCQKBgQDY7V65kKaFJhyZDIrT
+vZoJMCWfYAYe9It64LLuGl+K2b7HQWMa8AONy8PV1NPIoMzX+AKmfvo7Yt6WL4tW
+lNdmQIcVPYnoPfGW+9si6ajByQuaLMYzFKXYsMmazNuIxgx/+4x7U4NJmtHxKhyW
+izy8M0D2GY5wPQqKDYD5Ew2MDwKBgQC6bGsTVoUp3RyQfuH8zCCavOjJCk36pyYX
+U7NToCNaDzA4j69NiDY3AQi4qjLN+qIuNh7WLi9VUubwaqiwVvzBiKe4AfVPlh2R
+cOtXJZxCmZ0pcsSsMvv5JbQVLbmOTU5OVUBx1IosakXFyPbX0+HlRTCXQWV9/WGU
+Rk1PvmZRyQKBgBApp3wmBfI3w7u3joR2RQrYNoVobyxRRi8ynMJW3rWGwcsw2QSB
+y5H+E6pUAC+bo4eX6AKlxVk1ZaZFBpm930q0FhyECElwjBaWz14LkNJXe3DSUzYt
+HKpHic3p45WORBIpGO97anXKfkf8vkKNP0o6e2Waw90i/y0IEor8W28LAoGBALQZ
+nfBWu9tP5BKsogKp6i3Tp0jiDafD54bNtAdsQ/rzhXB/T6qll0rYUuakduSL6Dag
+znW4tL3Hk5hcUo/Z2eHW9cFNEwNKUVJ7NsFAco/c+/pZCCwcLVXr2OhE/mi9wpLm
+xZWy8bIrETEdD2w/JJNsnp7h7P0k1yp6KKKLnSoRAoGAEZOB+A1EGllcsEMX23jZ
+SfECJntHZomP1GvstLvaQNlSC5lDmT6KO7Rw2RNEDJPyfelO/A17CICpDGU2NndC
+hI4zzywqqsLfCaYpPz1CD/BzP4ugyXM8W/kP4w8hSlHdqgyNi+iWqeBzsrZXtHLT
+4XJt75eQQ48u+NWkaQ4kLY4=
+-----END PRIVATE KEY-----
--- a/configs/open5gs/tls/smf.crt
+++ b/configs/open5gs/tls/smf.crt
@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAkOgAwIBAgIBCzANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjdaFw0zMjExMDgyMzM3MjdaMEoxCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGDAW
+BgNVBAMMD3NtZi5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAMrZsOPjIlGG8FptBo7fdxaEKusuBoQEfSV/8KoQovMca1yn3SEiFNdv
+dDG2RusBCzZ6K/bjTieYpkUuTH5nTPQiz0MRM0ErlxUXKrosZ8aalRNajveq3fgR
+K7pa1tnS4iEArMwtr1Fgj4jA5B48pOQrS5vmx8w5JCaPXJ9HPjTwdFubXSfMT9fT
+qcP/E9Z13zfhDZ1TStz0hYIanQZlp2BTJJgZQJ5kJsdEsp5Ect+t3ZVwDxT90iFo
+1X96dR/xf0DEKHxmybrahhmePvzEETgz03McVEUVBdQMMvDnqyXicLNzLJICY0Yw
+KzGeAg9Lh3PVjUnx/ctGdp8BCJRRkS0CAwEAAaNNMEswCQYDVR0TBAIwADAdBgNV
+HQ4EFgQU6p4PokOU3iROPZzUmvS88xnI/QcwHwYDVR0jBBgwFoAUsWr6nJm8BCpC
+iGXXfr5gcKIO2kAwDQYJKoZIhvcNAQELBQADggEBACpTSu1iB2ZWmTrR6zvnn57p
+xuE7udN7M52yG58N5k+f9cwXwmvvo//VK5AkJLqc/qBERwOC1yUQPTotBq8K0dF7
+Gx+zyG7o24GjZYgJvqIADEE0pWLTN6GkkYTzYXQwfv9kPDpAWbXl2bsYoY8610ce
+rRCQE7FkGuITR5mqKbJbvMSAwiH7gZ5yjjWXaUB1b6zzXiPOvME23IewgnddB3Ab
+zkGqgYO2qCcelkE5ciFl75d+DovfMXQDU1qGV6s0NTEqIWy5BnYj2jKoJJp2zKfE
+nOhyty5eh08CrH3PbYjmU5pNP7/ibG0oVJR5xLx5SWlPCbkEImcOwUH1cCoxEbU=
+-----END CERTIFICATE-----
--- a/configs/open5gs/tls/smf.csr
+++ b/configs/open5gs/tls/smf.csr
@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICjzCCAXcCAQAwSjEYMBYGA1UEAwwPc21mLmxvY2FsZG9tYWluMQswCQYDVQQG
+EwJLTzEOMAwGA1UECAwFU2VvdWwxETAPBgNVBAoMCE5lb1BsYW5lMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAytmw4+MiUYbwWm0Gjt93FoQq6y4GhAR9
+JX/wqhCi8xxrXKfdISIU1290MbZG6wELNnor9uNOJ5imRS5MfmdM9CLPQxEzQSuX
+FRcquixnxpqVE1qO96rd+BErulrW2dLiIQCszC2vUWCPiMDkHjyk5CtLm+bHzDkk
+Jo9cn0c+NPB0W5tdJ8xP19Opw/8T1nXfN+ENnVNK3PSFghqdBmWnYFMkmBlAnmQm
+x0SynkRy363dlXAPFP3SIWjVf3p1H/F/QMQofGbJutqGGZ4+/MQRODPTcxxURRUF
+1Awy8OerJeJws3MskgJjRjArMZ4CD0uHc9WNSfH9y0Z2nwEIlFGRLQIDAQABoAAw
+DQYJKoZIhvcNAQELBQADggEBAL883rfAD6ZTH1sxq7vdKax9V7R01o8b7IdQcV7M
+nwZx0wIH4ZGef6LwUXfWa07X8DxlySPxiMwRitkKWtJ1D63AgsfUhi9UOHj6IWjW
+skMVn/uczTq7eIZIjICftHVVvYd7HteMYxDLrLwWCSCE8P+UIE23eHrY391QOXjY
+J3OUXb2kvNK2snEvAL3h+tULePFsUqZix08c+L2DtjFmb2xAia/jte3Qii8nj3et
+9fw6Xl2yjM/fJ+pTwPXlmALvfzSxCFyBLdMAkuB/DeXeMsAEB6Z8S25lFEA3H6CD
+F27mGEVKeSrH2c9O24N34vToOZ1PM5rU9dEVD71Zj107sG4=
+-----END CERTIFICATE REQUEST-----
--- a/configs/open5gs/tls/smf.key
+++ b/configs/open5gs/tls/smf.key
@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDK2bDj4yJRhvBa
+bQaO33cWhCrrLgaEBH0lf/CqEKLzHGtcp90hIhTXb3QxtkbrAQs2eiv2404nmKZF
+Lkx+Z0z0Is9DETNBK5cVFyq6LGfGmpUTWo73qt34ESu6WtbZ0uIhAKzMLa9RYI+I
+wOQePKTkK0ub5sfMOSQmj1yfRz408HRbm10nzE/X06nD/xPWdd834Q2dU0rc9IWC
+Gp0GZadgUySYGUCeZCbHRLKeRHLfrd2VcA8U/dIhaNV/enUf8X9AxCh8Zsm62oYZ
+nj78xBE4M9NzHFRFFQXUDDLw56sl4nCzcyySAmNGMCsxngIPS4dz1Y1J8f3LRnaf
+AQiUUZEtAgMBAAECggEADlqgK0gPziAT0vpDDAohFa1Nki3EFURyDJzEjWw286gP
+qtNQEP+l5ObEnJ3u38NHpVe407Qa/C9PmLahgBJUPjRWYUMO0u5ANyRYCCuLPmEC
+6ocudbUYFu00IHA8ItbK3JX9JEeZT9Na5Mztd3xIGMM9iu8mNTvX5Iihf73dV4aK
+AtD1L5fCGckEJ0Va/xLta0sjdxLSYMIzacIpn9gdK7DXf9DL/eTACrf1U2ZAMQRr
+plKeri4OFBjMBy68kdpPF5ZyQwj1Plx6E2Dm0eNzsdF1zSkP75BYbi3OaIJR77Xk
+jp9lQvkP74e2ItzYJn9sGWhwAW2AiQt1zn+7v5eGEQKBgQDSajh8jMvFt93GgCqR
+OTGR2s4k4jp2XvcEWnJJax3ksqiGHMhlvCQDV/39saTcLUvc+bymtMc5Tws2ewaS
+LstUeBh/GrEMn8tQH7TXns+rq62I+CwSYzYqu2/uHBHkk1nXrTBxQ4LE/l4a6ZyT
+eVHr/x4iy9KMF3WhTBJytQJfFQKBgQD2y+7s1Hh7r+THSgo1CBZRtlw0CuA5EOgM
+iuglkU2cbx8q/XdXb9u6sLfldHGu3E18TYUJqPTrc3PVSEEA948qJ527PZh3VxRg
+L64M7gt+g1MqyZvuRYzTZOMBcJNJpfJSnP4mPY+o2L7mNpAS2Twe2K9/zuIWyChy
+g6xbVw4vuQKBgQCOGWQKYP9giHqCip20s35RdQYQjKNUu29whjB2epuWjj0XTSrc
+4cEkbPE/ug+PDhwUoKeRobaFcmctJMpcQLPaWLyaYgk9cFDazH7RuxOeaPNp88e3
+pz62fxzpHhXLWuOqrvBvHVub8/jTjf7K7XywtvrAHwwSxekPxBMVWj6+vQKBgHWS
+H4d5jNA3skByeDxdVuykeHZefAUTlchr4D4NY7DTi0CasWDZLA9bIrBP8dyAnPVL
+pMY+VDdar+L6YeVJCk3lw5GwvVKVDGLqM/t658TkYRlwJDW1smn+lNpZvAEI6lEK
+81RaXXbtkrvvYGFqVebICYtUjoaV4hbzvYdiCKMZAoGBAIFv6AMnXaWHoO4Qpnch
+FCSBNckhzajPmmZ1fskWR95d9ArmrJUaA0KKMqno767zVkrDzm2fw4+q12Ba1xRe
+J2KW1M12IPfZtNwSfQPYs4wej0VGScbOWve9qpA3WrLv08W63MXz7XRpeg5ZnzG/
+3bZZLfqZIBdQR9/f9ibP1h98
+-----END PRIVATE KEY-----
--- a/configs/open5gs/tls/testclient.crt
+++ b/configs/open5gs/tls/testclient.crt
@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDYjCCAkqgAwIBAgIBDzANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjhaFw0zMjExMDgyMzM3MjhaMFExCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxHzAd
+BgNVBAMMFnRlc3RjbGllbnQubG9jYWxkb21haW4wggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC/2SPBDa9KE9rRuKHp2ZNNm8X+Jgl34tocbcYiWm3I7+je
+NPOiUIB6TpuP0gkwbzfhqbRdO59EmAsGjtjonwC2mTxDLWflfAUVUEGUml3b9ESf
+ZUtMWh1qBBme99DL9kqqNWaXVL9xAX/yLWbdXxfc/+Zuc3j/uRVOzqGLROqfw/k7
+iKmfZvBjVrtxR/xyRa3LfjuTPnM30UA7sk0jrZH9feOCEbNeYGa12TloDh05RzU9
+RgkBL1AH7Zvha3iNlXwQLkgEpnJEeegQ/iS9pPEwgqsquBRoQTClzVGzbs5Ttpzi
+ZL5q/Hf7sGE2x00v3XKNDvUPg9k7RvVZoG/fUy+VAgMBAAGjTTBLMAkGA1UdEwQC
+MAAwHQYDVR0OBBYEFEegxvp7oDrpJfd4LDD4LSGouPVnMB8GA1UdIwQYMBaAFLFq
+pyZvAQqQohl136+YHCiDtpAMA0GCSqGSIb3DQEBCwUAA4IBAQAPDVSwdX8u25Pd
+a7UNANFAf87AurQKsaeLpKu1AfZZakgu+XQ9W/5fJXCSvuVc3g+JAwxVKZfO3yae
+C7vcLSughlUGbjJyVV4wn9xzbKISWwAXmBEt+pP+vJAcyCyRD2uXZjO89sCFxHmD
+/Oh84m/ygiUAx+u2to55HPjNTZs9wphdyDws1lPUwxj01B84r6QPgTKBpnhOAr96
+xUYNZKAt1ycRXcoi7RNieEZP/r0j92RVA57twMGSDHpCgb7YnCXAS9ptlpHySbOK
+akfqFx04eVilqKGee4NeM4rt7363Fr61H+bjkYjvS//ZS/L5ZrbNAMWmkr94Xkcj
+m1BG0Bwg
+-----END CERTIFICATE-----
--- a/configs/open5gs/tls/testclient.csr
+++ b/configs/open5gs/tls/testclient.csr
@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICljCCAX4CAQAwUTEfMB0GA1UEAwwWdGVzdGNsaWVudC5sb2NhbGRvbWFpbjEL
+MAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQKDAhOZW9QbGFuZTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL/ZI8ENr0oT2tG4oenZk02b
+xf4mCXfi2hxtxiJabcjv6N4086JQgHpOm4/SCTBvN+GptF07n0SYCwaO2OifALaZ
+PEMtZ+V8BRVQQZSaXdv0RJ9lS0xaHWoEGZ730Mv2Sqo1ZpdUv3EBf/ItZt1fF9z/
+5m5zeP+5FU7OoYtE6p/D+TuIqZ9m8GNWu3FH/HJFrct+O5M+czfRQDuyTSOtkf19
+44IRs15gZrXZOWgOHTlHNT1GCQEvUAftm+FreI2VfBAuSASmckR56BD+JL2k8TCC
+qyq4FGhBMKXNUbNuzlO2nOJkvmr8d/uwYTbHTS/dco0O9Q+D2TtG9Vmgb99TL5UC
+AwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAdqoupSBRB+iFdX3ULgt1sTfqxio9d
+X2avV8mhQt8Ivrgw3/+iggz0y54JS+yL+tfzFu2upxmeemnImkKremt/zwQDhKJC
+2yLtDBDCWIwrdQyoC8V5irUEZNwFjZn/VrZty7lFsAA46HOXPysPJuYEXMQ1JYoV
+VB7N7JdfaFDGDLe7lKsOA/zK3QF1yRvFqdaNyeVP7SZ68K6JzzuP1eakp6BO0pBF
+X8xQc3LlMcMSP+G+IjN5LFp+gRMpxv6BkLHFn3ahN9aUPOJb4np/uEg5Mo6fT+gc
+qNW1NZ9ZkYPWfTV7SmgWfar+tKXjG7TQyLQfTDqMD+VbSZtWQFGLp5T5
+-----END CERTIFICATE REQUEST-----
--- a/configs/open5gs/tls/testclient.key
+++ b/configs/open5gs/tls/testclient.key
@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC/2SPBDa9KE9rR
+uKHp2ZNNm8X+Jgl34tocbcYiWm3I7+jeNPOiUIB6TpuP0gkwbzfhqbRdO59EmAsG
+jtjonwC2mTxDLWflfAUVUEGUml3b9ESfZUtMWh1qBBme99DL9kqqNWaXVL9xAX/y
+LWbdXxfc/+Zuc3j/uRVOzqGLROqfw/k7iKmfZvBjVrtxR/xyRa3LfjuTPnM30UA7
+sk0jrZH9feOCEbNeYGa12TloDh05RzU9RgkBL1AH7Zvha3iNlXwQLkgEpnJEeegQ
+/iS9pPEwgqsquBRoQTClzVGzbs5TtpziZL5q/Hf7sGE2x00v3XKNDvUPg9k7RvVZ
+oG/fUy+VAgMBAAECggEABEzMuJsYKp/4d7AR+aYYX1+xB8yDSfuHbyYwZUeOGOLJ
+tHtO2lHqw0hc7mkN2YGl/hSZ7Ty0yeqM1WGLxTuqc4Kf6hM2i4X6A4Yy5hlcpl1a
+prue56/zDf6CstWz9B0J2OKisUcjawLBLaTXXqRZlP5BBF4/CspI9Y/Q6Uh1ks2d
+dkGob3+leeDCLtggVbIE7FqdjmLI4gD9cVYvH39cTvFd3uXYRyjDtGUdbAH5MYsy
+/ji8Y7ZkR+Phas0xYiJBRSKIxsdZzDDRbVDaQJM8DgUOQawtE7aQs+s8+rddR0xH
+WFdQIM51vTNYENVA0BzNY3Es7roBDaeaZbD53y30kQKBgQDLDq2c5OuxS66NaHGH
+UShytecC9ugeKYVALzDen/CM7Wvf/3hJw/bXrzEm+FO0h/Xz7rHBtSfOzwHbQmM/
+FZ4TxGohDhPgqR0bP0vqR9sKE9Kc4K2eRjjncd7wiVBstHMKZysyD3IQtNDJqzqw
+umVFyVy1lWBGLXM+l0IuTjNwRQKBgQDx3kse4lkIxYCFW+ZjJtUs2DzyOy0Ga7BD
+UkRw/tbyzD7kzj3xp9MJAeUz8vaZ+zcqQgjsfhmLMbflCuuNdREWLA17Cpejekmf
+nTu8hxpEEvtESkj0aq55iessUpfLxdPZepKfz/UkDNa+mJus4QILDp/tUnGSvGIA
+v0DV8AT/EQKBgCSR6SyXgec1ZSNsiv2+3RUDs64x/43nFmt/1EJT9cO7wrDd1rEa
+TOt9TtHg6VpbHi2ncHYdhSTW3VO6uhsTbpvKxP5dBbFxY5+Tn7164XUIKuc8A6i8
+puTv+iHB6S0atplKCVqDs5xUpEGdx/0qJLET2dGOLH+XEelU3oNubA8tAoGAbqs7
+Diede5D7LIoPUcD7+6f5wxBmmrB9l2A2JsnESpZAFOt1lnQm8NEoMevzACPdav2K
+HcPZJkKalTe47iHpro57oJgJKGkU9O653Zqn3wwcYnPnC8cgjEYaEE6+XCPpunIG
+Uw+RaGxjehRT7veJust3S9zUUMLXyOW54eoQLzECgYBBTcFVoDIqJY5MSOuQTYri
+lro7YcXk0kvahCSgXzdecU+ajG6+ppHvIje/h7nBZizFfsGsZQj3j9hrmxXxJn4H
+4gSLHSycFGY65G6tBC4eNKi6umBi8rgw+kQ0PtY23ZDoRTdePXYT4OzQaGiGzZhO
+4su2WwkXmgev/Rcan3hj1w==
+-----END PRIVATE KEY-----
--- a/configs/open5gs/tls/testserver.crt
+++ b/configs/open5gs/tls/testserver.crt
@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDYjCCAkqgAwIBAgIBDjANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjhaFw0zMjExMDgyMzM3MjhaMFExCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxHzAd
+BgNVBAMMFnRlc3RzZXJ2ZXIubG9jYWxkb21haW4wggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQDK/mRxA7vFDetSR7J58pT+deCpXdjH6rFyebKsPRklq6aq
+P8eLMj3CYG641BHNFoMygnK1SEuPXxoLqVYFOf1aZh+9OdvLPjKB37ZfikzXR5az
+PRvGKOO9bM+lgviZvmgnE2sEVYtoBJAeK+ZXQkPUQ+Q3QBsdyZXFKu4uQZukW7UO
+sp+IGQ5guCi+MAkppB/T6WbuTl7Hr7wjLd/eFK5rHik57D0N1f1fX7G5+K1jfFu9
+OsVYDsp3f7LB1QjZntAfE7dnddmAXdDz3FCPm7keLSrdsYSY9Q5tVqBl5yRzMcq2
+C4DQX7JcqWCfpGjm8Gnc4gmDyKV4zZPaQXiXr6TzAgMBAAGjTTBLMAkGA1UdEwQC
+MAAwHQYDVR0OBBYEFNNWx1Ixb8nBttAAziCdNf5iUfGCMB8GA1UdIwQYMBaAFLFq
+pyZvAQqQohl136+YHCiDtpAMA0GCSqGSIb3DQEBCwUAA4IBAQDeFTLtNW8hPvUB
+QOBVZU4kyzOw3v7Y74lug88I92XMagWVV71lLGCzHcQodI7p0ih/3uK9CO+yuhU9
+Wkmimb3oh44wao6+R9qtYF/OdbKLvRZ9y3Fd5y5RiYJNFCuBPLGf/0UwIifP0tcI
+bivpNkB5WByebbhzo7zZXz+pgMMDkLtBfvwNF9JYM6WAdEw/3cYaN6jwtwvA9/2O
+wQ08z1BtuA0Cxjy+7DgFl9b7EQE4q85+TNCyl59x0vO2M9lo01C/APQ8HmCRc8Ax
+YCY7zYz5AqnO3HPnQ6plYbIw1xaLEwNYDZ6sxIpCRP+g+ZDG6A3YW76n019lEm75
+02901MR9
+-----END CERTIFICATE-----
--- a/configs/open5gs/tls/testserver.csr
+++ b/configs/open5gs/tls/testserver.csr
@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICljCCAX4CAQAwUTEfMB0GA1UEAwwWdGVzdHNlcnZlci5sb2NhbGRvbWFpbjEL
+MAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQKDAhOZW9QbGFuZTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMr+ZHEDu8UN61JHsnnylP51
+4Kld2MfqsXJ5sqw9GSWrpqo/x4syPcJgbrjUEc0WgzKCcrVIS49fGgupVgU5/Vpm
+H70528s+MoHftl+KTNdHlrM9G8Yo471sz6WC+Jm+aCcTawRVi2gEkB4r5ldCQ9RD
+5DdAGx3JlcUq7i5Bm6RbtQ6yn4gZDmC4KL4wCSmkH9PpZu5OXsevvCMt394Urmse
+KTnsPQ3V/V9fsbn4rWN8W706xVgOynd/ssHVCNme0B8Tt2d12YBd0PPcUI+buR4t
+Kt2xhJj1Dm1WoGXnJHMxyrYLgNBfslypYJ+kaObwadziCYPIpXjNk9pBeJevpPMC
+AwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQACkHItCrvQWANviVk27ntZE/Ze1/NF
+W8jPeJG3V9Zemwp2QWE530gdhNy717kGJzW0Udvx57By4tS1bORlKDL7ikpPaIm3
+q2YLXzusJ3JXyD2aYoaY+uP6+gt1541aLep8eSQPgG0jJlo8VbbsrPrXj9T15Nsb
+MhDlKDLZhW+JCwp53/IB8Az3s6oCUelwENOTDkmuaksTbo9NX9TJ68ByAtSqroT3
+/jHqvSpD+VVnQcWn6XE6lLNyXcFcQ/jQLKLVbdV+CLPrUORNCyB5Vy7Qxm49g4lB
+H9Cx2fPDBpYw7BlFIrNU9bxLAem2lE2x+H5NbbFoMfi8Bq3q+2MWZg+a
+-----END CERTIFICATE REQUEST-----
--- a/configs/open5gs/tls/testserver.key
+++ b/configs/open5gs/tls/testserver.key
@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDK/mRxA7vFDetS
+R7J58pT+deCpXdjH6rFyebKsPRklq6aqP8eLMj3CYG641BHNFoMygnK1SEuPXxoL
+qVYFOf1aZh+9OdvLPjKB37ZfikzXR5azPRvGKOO9bM+lgviZvmgnE2sEVYtoBJAe
+K+ZXQkPUQ+Q3QBsdyZXFKu4uQZukW7UOsp+IGQ5guCi+MAkppB/T6WbuTl7Hr7wj
+Ld/eFK5rHik57D0N1f1fX7G5+K1jfFu9OsVYDsp3f7LB1QjZntAfE7dnddmAXdDz
+3FCPm7keLSrdsYSY9Q5tVqBl5yRzMcq2C4DQX7JcqWCfpGjm8Gnc4gmDyKV4zZPa
+QXiXr6TzAgMBAAECggEAGwG1EkDJaAJIkcCpMvE+YmEDcUpjj4F0Ie36rVCkT683
+yW8ag189TpGELuyZVlxNkILrc56OiEts9yqMdRM4gkuToxoXWcHIzXTv2g6Cgk0W
+HyWc/tms0aRa4e3RWP8MnfpG4s47cazTEbiMeNp/lLYtntjVYrqm8D2cb6SvP4fu
+kvi7bKLhcd4l9v42oZKF5wZjynUEh+424TNxqI8OTcnT15xoOjauM9aQnbFYB0ON
+tOJ5cO8Pmjbo1wfFsSntC7NrIspaTrlseOl/bK3LadLlb9UHW3GRVwIcIzEYPabU
+PZcTKjzk1nAu1fpHgoCuMequxDaXSSWyDLMqwLfqoQKBgQDtcOHFJHO63SIOrwlG
+OjZiMxKekjVqtbdiN+7h3FBR0+M7EZnyFO7zsfmDaN3k4m3a6idlnn9HvsEilf+K
+Cc+8I0dCeBbZOs/TqVN8ZHB6MqUmtMdGIc1Fau1HYis+d4g1pbQ9tpG0OVa806rR
+AkBwD+/Vm6+8uZKilq+oijSpEwKBgQDa3Dt9LFYOG6gnWHlq7uLIWnA4wHKmgEGL
+AykaZgW2bxIhQa1C+460OQaCwBbBG2NlN7Lt8MXsr48epnSKROfCYIBuqlH3i2CN
+ka+W7pEtnkeEnZSUMb/IF5T868xbYkzXFqJkr17o2MBMbLiM2G79dT/j83MJVc1A
+FecQByNwoQKBgArrdBai9IeVf+l49045gyLFAog0ZSyBKuvjcqMEhNUej4a56oCN
+oeenObhnbD0IhNDaj/FGdsgP58X1bAknJlyaqr5N048t+zzavrIr1FhqV9oN2lRJ
+Xa1hm4P66c43pRYChuWHre/B61FH0sVF+zysHvWN8WkWh73efDmeEYntAoGAMcq1
+Bg9WLLOCGCF6zic3FRnuOhseel7ninbXnRfk6NJwL3y/rGOK3dmzb3/ALYLLpDV9
+0cBbZzOxvelkzihLCd/mmEbLiyP8fXjNl+sCwHwoDTXEncqLtTwYO0pyHcBJdw3B
+OGLlltfpN/nsKq764VMRjAzQ+Si6H4BcJztYhsECgYEAnql7JlJlg/jUOS3hU/sM
+iZ1EY7K8DFjaIOitcPcjbZqH4Ha9922MSGW4hCKMo3ncDdaDKDvrfYd9pgtrSvHd
+vH1vXcVrdzuLPVzvCxlRxQbSZpK6RZT+OF1OTvg9zMu2hemMwyKNxrRmjADwuU/E
+f7etkEMnboFO//fGoMXU5cc=
+-----END PRIVATE KEY-----
--- a/configs/open5gs/tls/udm.crt
+++ b/configs/open5gs/tls/udm.crt
@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAkOgAwIBAgIBDDANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjdaFw0zMjExMDgyMzM3MjdaMEoxCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGDAW
+BgNVBAMMD3VkbS5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAMnNHwgMDlTfi2x5QMvhdhGzOxCZvboqcrkHrTGkRJtUrxNjddjhSkm3
+KeRKEdcDq/t126t2CAxiYiRprKr9II1o6rq2JUZz7VU0aC9wWnZyWhIf4VIzyhz5
+G5s5cWT7IoJZ/cjmoS89e5cPv34G0jLaqz2m/Kl2zqmVozQRdDuO7Hreh9KgPs92
+kqA6XYy1z+hxUILAjpdVoTwgJm0UchF9Ibgc5+ab1XuaaYzxlYAzwcWcCibFzgGO
+I6+MdTpJISJBHRzkLOsmFyJ2XpH53aRPN51yQDRnPTDfJj4og6FyFWjtIfCeBHBf
+3taz6SPFPHIZhR8OIMt25T4r2bXmS68CAwEAAaNNMEswCQYDVR0TBAIwADAdBgNV
+HQ4EFgQUfzKzBycjEgN97TEqC+0iKaWBdVIwHwYDVR0jBBgwFoAUsWr6nJm8BCpC
+iGXXfr5gcKIO2kAwDQYJKoZIhvcNAQELBQADggEBACQXPgeUMGyWGbGPwr/cg0lC
+SPiIL1s7oZQoNisbTtTqnBHo36xLTGb051o9ZTwd2xTRNJ4ue9/rDnMTK//9+6V5
+FKDOYFqikSmCtzuJFB5Q24KxdUM679feAy7v7BWTGd7LoN0dOgPCHqPT7/daxgYW
+Xaip1lslx5TYNTnhrJAoVfj0VGrSrTqQqCNf3ifQDI0HRuheKC2WM6Ep7E8MyjiT
+kzfsznaWul06geQn7vT4MMTHUNUI49Y2uCCgosD8Xi23Oi8qSiguCeSLcg2ns0p6
+eELtPm1xcTWoJHomDNf150ZW5swFDfE9asAWGeYqONShUp5Zim1agcuGTpp9uaQ=
+-----END CERTIFICATE-----
--- a/configs/open5gs/tls/udm.csr
+++ b/configs/open5gs/tls/udm.csr
@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICjzCCAXcCAQAwSjEYMBYGA1UEAwwPdWRtLmxvY2FsZG9tYWluMQswCQYDVQQG
+EwJLTzEOMAwGA1UECAwFU2VvdWwxETAPBgNVBAoMCE5lb1BsYW5lMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyc0fCAwOVN+LbHlAy+F2EbM7EJm9uipy
+uQetMaREm1SvE2N12OFKSbcp5EoR1wOr+3Xbq3YIDGJiJGmsqv0gjWjqurYlRnPt
+VTRoL3BadnJaEh/hUjPKHPkbmzlxZPsigln9yOahLz17lw+/fgbSMtqrPab8qXbO
+qZWjNBF0O47set6H0qA+z3aSoDpdjLXP6HFQgsCOl1WhPCAmbRRyEX0huBzn5pvV
+e5ppjPGVgDPBxZwKJsXOAY4jr4x1OkkhIkEdHOQs6yYXInZekfndpE83nXJANGc9
+MN8mPiiDoXIVaO0h8J4EcF/e1rPpI8U8chmFHw4gy3blPivZteZLrwIDAQABoAAw
+DQYJKoZIhvcNAQELBQADggEBAMN+RIzcc2m7iImxiGpwIitwP8l7XLVYdZhMm90/
+SEDHmmlxebl8Re/nrt/17xKTH7xM+vjvWqieal6MT476Ye3cvk/obR7mv6f5UPoq
+nmOCr9Ov3SaUy0WKEqEShs171NM6+DOLoXaN8oBWYkL8mGL4tP7lKcBTmNlM5Vuu
+Y42XzLa2NO4nkm3cVTJma/hvMw9zNDwbBeH7qgfWDAL4LAC9Ea6RrYgLvgEiiJHm
+J6CkrntvPfemwMguWtt3Roq0MkR3J4vyHgyfIHpJIEM1GLJhXSaEZ3cUPELrIyVs
+ro8vAXGEXaxriKCCQ0BWiCPUN08Tisc9k5AKEe8Yst2M2Qg=
+-----END CERTIFICATE REQUEST-----
--- a/configs/open5gs/tls/udm.key
+++ b/configs/open5gs/tls/udm.key
@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDJzR8IDA5U34ts
+eUDL4XYRszsQmb26KnK5B60xpESbVK8TY3XY4UpJtynkShHXA6v7ddurdggMYmIk
+aayq/SCNaOq6tiVGc+1VNGgvcFp2cloSH+FSM8oc+RubOXFk+yKCWf3I5qEvPXuX
+D79+BtIy2qs9pvypds6plaM0EXQ7jux63ofSoD7PdpKgOl2Mtc/ocVCCwI6XVaE8
+ICZtFHIRfSG4HOfmm9V7mmmM8ZWAM8HFnAomxc4BjiOvjHU6SSEiQR0c5CzrJhci
+dl6R+d2kTzedckA0Zz0w3yY+KIOhchVo7SHwngRwX97Ws+kjxTxyGYUfDiDLduU+
+K9m15kuvAgMBAAECggEAGPA7bIAo6T4y+bXGVyvGrotKulN1ieMjCFC1i5P0UonV
+lPzOnH3C83cqOycYK00t3MaE3hyZBAbIgB17FCpx8mfL0kUeOCWtZ8ExOuOUmlyp
+WuILs1/pE0mJqtYfeE48xoUegsxVkQP1GQb+MDHhmh1B2j2frcWb5oMyhwW9KnrX
+8yoMUq0J41keGbM4nd6hYY/0mqQL4BffJd/UdLOGL5SupAYTzyELuycktMBbt8EG
+CIlIOsd5ZfD5aLHiM0ZUGnK7URQBIpf//tBw6SBeYmc02CmfaLvqRLvnH9oE47/9
+0vFLDGifUY9vRuX4rBlghmy+/jzCBMRW6Rlbj8LyGQKBgQDb2UXmQ7NiMAuNTb2+
+4498QIi1ReQyyg1ONtMoZ9vXc9CwtFVdLk6JTru2VRvXIwpCWHZGsS9vWtuIk+1p
+QqZYT8lRqX4TEDIjC4MG2XdGCnox4FuKPqyjESwd0O45xqfv45Nbx2NAsNOgm/xg
+oJULFMuVVHMztOcH+6fQamRJxQKBgQDq/B++VMDoXnYyNmhxfSR0NPfeQuCkHlXo
+kfX2cve27yI9mLKXKtNKtwlAAdhSGZ9Hbe2B1mINLpqajKUuoyD0eyNPzZGWiINH
+7BM+oxIMbzRo+o2a7Eyaa12RLJ1b2O2wOPriddwa0ycx3BqTy2mzgRvSzoA9fAPY
+6mHAXp164wKBgE6YJSIFj+qJLIgOg8frSE9uLrFHVCZID2uns+NdBb3HXJLfVSkj
+tdXmfLrZQEOv9inzwAzTqRaRD6yK3bPkrN0jYOA9zKF6B8J5ihT3x2kVs8uC3pbU
+gxkkuXXLTG8BMuZSoEqORFBLJszjFt1gawf0Hje7YhfZE0LKV5rtff7VAoGAMIMg
+opCoytBFopQs99EYJ42P5qjz663/mmYX22tczL2N2h2eMSs8N96V4EsBN+HmSj7d
+m8KAt6v5axLCP2CaOx746U7NUcCZKc4JIxNTdJG4xjuD5IoIPpEP3hrR2dZtK8Z3
+tS0T5c3V96szKXQDPHXZIqpTO15RBQVObQKbjHUCgYEAo6smzS8yppgd4zQaPkIK
+7gRdfvIxXwcmWeVG5GeFIHmSpBsdPVgcwhbsdHoFWLBu1kU4pXsi6Mm8RQqW8GQv
+TqLtQg+8UZwOUcZpwK3ubEJpPst8meVfi5KPQYgeqNHcBjOhllQWobdI1Zh6i76r
+BDBpY0brm19iZHspDFURjjY=
+-----END PRIVATE KEY-----
--- a/configs/open5gs/tls/udr.crt
+++ b/configs/open5gs/tls/udr.crt
@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAkOgAwIBAgIBDTANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK
+DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjhaFw0zMjExMDgyMzM3MjhaMEoxCzAJ
+BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGDAW
+BgNVBAMMD3Vkci5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBALS3q+2uJj5htQxIoV5PjCbuUbETFbWunNBpU3n/bs5wtcl1jf/Ez8f+
+4nhN+liNHvInFyxflA9Qu2eL9/+HbZxMXlyFwcHZo82SMa+CQEoFcZQUxtPa7Zo0
+WovYJJH+XMqdFFPMQgq3VRsRkbSJJIRID0Lx1jx3RSIMMCcWTOyrGgIDOySSkNGo
+8CuJ3VzsH5Httj1crrZhypGrY4rgoYO2gsc9KtI4r3hS7hHTjD1C3lDLKJj035Xu
+t8g0rDe4S5DqKJ7WF+z7nIplVuVmj6HWFhW8H16fxNMohmjkHMLL7QIkyCZOYkWY
+rbymCPQGYuBRKajTAoI80yj237vxiFkCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNV
+HQ4EFgQUoc0vMqJQ773qf3xn5qGb3YTTtDUwHwYDVR0jBBgwFoAUsWr6nJm8BCpC
+iGXXfr5gcKIO2kAwDQYJKoZIhvcNAQELBQADggEBAFbO+6lgHIhX9tcNDspiO/2d
+BwBVruQuslYNVmKN53IS+Dr1fku49/WDo5WVd59JVV5OStLdXMZoj6103ie12GQ0
+2fTelMDLk/GRBv80OpD8vPnUKRI/uNDjGjAgle6ruMX7LZHmPfoIM4s1yIfYMEOt
+R9F6BmZbRAPQX6OgHsTp6+uaCRIk6nBVJP+eIdVU+IAON7gzJIsiJesm78u+Jmvm
+SdOkSsoW/mHgoDtC5EgwMHYOfuHZPPBZOa5HOFvQPhi7lgFNUVUim2iNBxYoDecF
+J2i3J07fE7mvETfmfiTUfWPqGHSJG9C8zuKvHRWW0rky9Vjjcux69QyUANnyYZU=
+-----END CERTIFICATE-----
--- a/configs/open5gs/tls/udr.csr
+++ b/configs/open5gs/tls/udr.csr
@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICjzCCAXcCAQAwSjEYMBYGA1UEAwwPdWRyLmxvY2FsZG9tYWluMQswCQYDVQQG
+EwJLTzEOMAwGA1UECAwFU2VvdWwxETAPBgNVBAoMCE5lb1BsYW5lMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLer7a4mPmG1DEihXk+MJu5RsRMVta6c
+0GlTef9uznC1yXWN/8TPx/7ieE36WI0e8icXLF+UD1C7Z4v3/4dtnExeXIXBwdmj
+zZIxr4JASgVxlBTG09rtmjRai9gkkf5cyp0UU8xCCrdVGxGRtIkkhEgPQvHWPHdF
+IgwwJxZM7KsaAgM7JJKQ0ajwK4ndXOwfke22PVyutmHKkatjiuChg7aCxz0q0jiv
+eFLuEdOMPULeUMsomPTfle63yDSsN7hLkOoontYX7PucimVW5WaPodYWFbwfXp/E
+0yiGaOQcwsvtAiTIJk5iRZitvKYI9AZi4FEpqNMCgjzTKPbfu/GIWQIDAQABoAAw
+DQYJKoZIhvcNAQELBQADggEBAHSvfRFofc40z1H15RtNFs1aISVznyWYueOMcxlN
+kJ6V6SzEhGhDCssGfP3o4/ruO/EKtj01YXJOQHfdU/tNv2ukDlJTOLXx7f3CTrOZ
+U28esxISCbfrMcjHUe46cRc4fO6wW1GyZAB4engShdQLzTCPi+EMp6sodQt1aVV1
+wCs2t7FI35gXoxydTn/AGzW86nmy61XHNHxhSZPAH1cE+ynfN6PI1ApCX71HgsyN
+3bWt1D+hFQ4Q1t0p2W2x3jyXS/1O/7Uxr7Og8Zwvziwb+WvZRSed1dyaR/kdo7pW
+aMLhY/WGaSYY72mV+fXAhhwVW7A0u8EvrRmzpu/pjonsoVE=
+-----END CERTIFICATE REQUEST-----
--- a/configs/open5gs/tls/udr.key
+++ b/configs/open5gs/tls/udr.key
@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC0t6vtriY+YbUM
+SKFeT4wm7lGxExW1rpzQaVN5/27OcLXJdY3/xM/H/uJ4TfpYjR7yJxcsX5QPULtn
+i/f/h22cTF5chcHB2aPNkjGvgkBKBXGUFMbT2u2aNFqL2CSR/lzKnRRTzEIKt1Ub
+EZG0iSSESA9C8dY8d0UiDDAnFkzsqxoCAzskkpDRqPArid1c7B+R7bY9XK62YcqR
+q2OK4KGDtoLHPSrSOK94Uu4R04w9Qt5QyyiY9N+V7rfINKw3uEuQ6iie1hfs+5yK
+ZVblZo+h1hYVvB9en8TTKIZo5BzCy+0CJMgmTmJFmK28pgj0BmLgUSmo0wKCPNMo
+9t+78YhZAgMBAAECggEADdVR7jKSl5uZ1OAB5zLaYPgE7ZOvCZ5dP1hSpR/sAtYu
+miZbGWkeuRnOCuS4LTtXMzTSEanazu3QfJmCoS8kES7o2bb86QpwfxnJ3xwOsQPX
+6PyKqDilz7QierovuXOxtWo+/jegVgro0za98yZ80rnj3i1eJ3h/RJ8PeAx9VK/W
+nsE/aoR/AiNmdwyZRStVdsvW98GNdONc8la2Cs9fC71tbeKnL/QFSmgZpVGz606u
+Y3ykNxPgcePFscS+6UR+ML5L34HtZfQV4KCAnEWUO1tXYoLDKM+h7sp03rNoGdQK
+/L3xNd1jI0gcm/t0LFhBuKGrKo1pKwrONwm6LMbRkQKBgQDAep8a46jKwQbbVNnp
+qSxy9l3it/TjbYuLSAuRlz8YXaJSvF/EMmTYtYQ1G4T2exkBN11UeP/tdywD+J/p
+4jEI9UZz9QCjXFyleDZZfScs7SuRfKlZ6ygY+cbKb8T75rO/J/StU4VgNPtKjxzv
+OZEpJwCLsZLkOj7mmqlfwSwaiQKBgQDwW2P9XF2XkcoGyEffQDX0qylekUZ8Zqq9
+UnuWmjLJxD+rbJcQiyMIKxzY5gKw1FtquBMKryfuKHiDRCTO/Sr5V4VjRG13etAN
+WqPWUrjmvlutMZhvwS876wS15hyHkL9Jjbj6F0TvYRIMXTa6yLFMLVNBZFSJzfRH
+aRxnfb9LUQKBgF2S/4i+BxBTGTdGIA6lrTNSrMAM+KQcXIvhAabNJeJ9mu2oINKs
+QTTNwjFjaJe/rp9VwCzSCnHyztY7Z9r3mSkmvRKgmKfSvkO/loSZAJOp1dWMCnTp
+ivvhapB+GADy3o3fKeedxCjKeSR9QO7YSMb97Bj9wlDsNCo+JHul2QApAoGAb5/B
+3BRdUtreHDA/UKsdY7dpywVk2rlDahE4XETYeWOuvgn8Ti6P4mdDSmfnr/+vROyf
+y0J1JOGetjebcJWas5m11NgejnJ21PzXQd3BCUg2g0SZKq1pJkaLNX7cmQjcDWjI
+Ez1jQliubReNJ0m1LU+PbrsNl8ISRGfITTfU80ECgYEAjzlKdEB0GUyDev9yuJWb
+xLPgbtQmIFJ0wcr55R1BrLlOw5nhJvHYUuAqNVwbZyDOcZT6RdC2k1uyybAupPFF
+ZRFFBnGQGGXj2fiPvFyJCVcbT6QhtkvXqBRwbRakJY1FMWCw079VzcoRtt+mcgFu
+u179+NNjjTx63C4ZElNl654=
+-----END PRIVATE KEY-----
--- a/configs/open5gs/udm.yaml.in
+++ b/configs/open5gs/udm.yaml.in
@ -1,34 +1,134 @@
 #
-# logger:
-#
 #  o Set OGS_LOG_INFO to all domain level
 #   - If `level` is omitted, the default level is OGS_LOG_INFO)
 #   - If `domain` is omitted, the all domain level is set from 'level'
-#    (Nothing is needed)
+#    (Default values are used, so no configuration is required)
 #
 #  o Set OGS_LOG_ERROR to all domain level
 #   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
 #    level: error
 #
 #  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
 #    level: debug
 #    domain: mme,emm
 #
 #  o Set OGS_LOG_TRACE to all domain level
+#  logger:
 #    level: trace
-#    domain: core,sbi,udm,event,tlv,mem,sock
+#    domain: core,sbi,ausf,event,tlv,mem,sock
 #
 logger:
    file: @localstatedir@/log/open5gs/udm.log
+
 #
-# udm:
+#  o TLS enable/disable
+#  sbi:
+#    server|client:
+#      no_tls: false|true
+#    - false: (Default) Use TLS
+#    - true:  TLS disabled
+#
+#  o Verification enable/disable
+#  sbi:
+#    server|client:
+#      no_verify: false|true
+#    - false: (Default) Verify the PEER
+#    - true:  Skip the verification step
+#
+#  o Server-side does not use TLS
+#  sbi:
+#    server:
+#      no_tls: true
+#
+#  o Client-side skips the verification step
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#
+#  o Use the specified certificate while verifying the client
+#  sbi:
+#    server
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+#  o Use the specified certificate while verifying the server
+#  sbi:
+#    client
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+sbi:
+    server:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/udm.key
+      cert: @sysconfdir@/open5gs/tls/udm.crt
+    client:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/udm.key
+      cert: @sysconfdir@/open5gs/tls/udm.crt
+
+#
+#  <Home Network Public Key>
+#
+#  o Generate the private key as below.
+#    $ openssl genpkey -algorithm X25519 -out /etc/open5gs/hnet/curve25519-1.key
+#    $ openssl ecparam -name prime256v1 -genkey -conv_form compressed -out /etc/open5gs/hnet/secp256r1-2.key
+#
+#  o The private and public keys can be viewed with the command.
+#    The public key is used when creating the SIM.
+#    $ openssl pkey -in /etc/open5gs/hnet/curve25519-1.key -text
+#    $ openssl ec -in /etc/open5gs/hnet/secp256r1-2.key -conv_form compressed -text
+#
+#  o Home network public key identifier(PKI) value : 1
+#    Protection scheme identifier : ECIES scheme profile A
+#  udm:
+#    hnet:
+#      - id: 1
+#        scheme: 1
+#        key: /etc/open5gs/hnet/curve25519-1.key
+#
+#  o Home network public key identifier(PKI) value : 2
+#    Protection scheme identifier : ECIES scheme profile B
+#  udm:
+#    hnet:
+#      - id: 2
+#        scheme: 2
+#        key: /etc/open5gs/hnet/secp256r1-2.key
+#
+#  o Home network public key identifier(PKI) value : 3
+#    Protection scheme identifier : ECIES scheme profile A
+#  udm:
+#    hnet:
+#      - id: 3
+#        scheme: 1
+#        key: /etc/open5gs/hnet/curve25519-1.key
+#
+#  o Home network public key identifier(PKI) value : 4
+#    Protection scheme identifier : ECIES scheme profile B
+#  udm:
+#    hnet:
+#      - id: 4
+#        scheme: 2
+#        key: /etc/open5gs/hnet/secp256r1-2.key
 #
 #  <SBI Server>
 #
 #  o SBI Server(http://<all address available>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  udm:
 #    sbi:
 #
-#  o SBI Server(http://<any address>:80)
+#  o SBI Server(http://<any address>:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  udm:
 #    sbi:
 #      - addr:
 #          - 0.0.0.0
@ -36,37 +136,67 @@ logger:
 #        port: 7777
 #
 #  o SBI Server(https://<all address available>:443)
+#  sbi:
+#    server:
+#      key: /etc/open5gs/tls/udm.key
+#      cert: /etc/open5gs/tls/udm.crt
+#  udm:
 #    sbi:
-#      - tls:
-#          key: udm.key
-#          pem: udm.pem
 #
-#  o SBI Server(https://127.0.0.12:443, http://[::1]:80)
+#  o SBI Server(https://127.0.0.12:443, https://[::1]:443) without verification
+#  sbi:
+#    server:
+#      no_verify: true
+#      key: /etc/open5gs/tls/udm.key
+#      cert: /etc/open5gs/tls/udm.crt
+#  udm:
 #    sbi:
 #      - addr: 127.0.0.12
-#        tls:
-#          key: udm.key
-#          pem: udm.pem
 #      - addr: ::1
 #
-#  o SBI Server(http://udm.open5gs.org:80)
+#  o SBI Server(https://udm.open5gs.org:443)
+#    Use the specified certificate while verifying the client
+#
+#  sbi:
+#    server:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/udm.key
+#      cert: /etc/open5gs/tls/udm.crt
+#  udm:
 #    sbi:
 #      - name: udm.open5gs.org
 #
 #  o SBI Server(http://127.0.0.12:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  udm:
 #    sbi:
 #      - addr: 127.0.0.12
 #        port: 7777
 #
 #  o SBI Server(http://<eth0 IP address>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  udm:
 #    sbi:
 #      - dev: eth0
 #
 #  o Provide custom SBI address to be advertised to NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  udm:
 #    sbi:
 #      - dev: eth0
 #        advertise: open5gs-udm.svc.local
 #
+#  o Another example of advertising on NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  udm:
 #    sbi:
 #      - addr: localhost
 #        advertise:
@ -77,6 +207,10 @@ logger:
 #    - tcp_nodelay : true
 #    - so_linger.l_onoff : false
 #
+#  sbi:
+#    server:
+#      no_tls: true
+#  udm:
 #    sbi:
 #      addr: 127.0.0.12
 #      option:
@ -88,9 +222,11 @@ logger:
 #  <NF Service>
 #
 #  o NF Service Name(Default : all NF services available)
+#  udm:
 #    service_name:
 #
 #  o NF Service Name(Only some NF services are available)
+#  udm:
 #    service_name:
 #      - nudm-sdm
 #      - nudm-uecm
@ -100,12 +236,21 @@ logger:
 #
 #  o (Default) If you do not set Query Parameter as shown below,
 #
+#  sbi:
+#    server:
+#      no_tls: true
+#  udm:
 #    sbi:
 #      - addr: 127.0.0.12
 #        port: 7777
 #
 #    - 'service-names' is included.
 #
+#  o Service-Names are not included
+#  sbi:
+#    server:
+#      no_tls: true
+#  udm:
 #    sbi:
 #      - addr: 127.0.0.12
 #        port: 7777
@ -120,27 +265,163 @@ logger:
 #      'service-names' is always included in the URI query parameter.
 #    * That is, 'no_service_names' has no effect.
 #
+#  <For Indirect Communication with Delegated Discovery>
+#
+#  o (Default) If you do not set Delegated Discovery as shown below,
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  udm:
+#    sbi:
+#      - addr: 127.0.0.12
+#        port: 7777
+#
+#    - Use SCP if SCP avaiable. Otherwise NRF is used.
+#      => App fails if both NRF and SCP are unavailable.
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  udm:
+#    sbi:
+#      - addr: 127.0.0.12
+#        port: 7777
+#    discovery:
+#      delegated: auto
+#
+#  o To use SCP always => App fails if no SCP available.
+#      delegated: yes
+#
+#  o Don't use SCP server => App fails if no NRF available.
+#      delegated: no
+#
 udm:
+    hnet:
+      - id: 1
+        scheme: 1
+        key: @sysconfdir@/open5gs/hnet/curve25519-1.key
+      - id: 2
+        scheme: 2
+        key: @sysconfdir@/open5gs/hnet/secp256r1-2.key
+      - id: 3
+        scheme: 1
+        key: @sysconfdir@/open5gs/hnet/curve25519-3.key
+      - id: 4
+        scheme: 2
+        key: @sysconfdir@/open5gs/hnet/secp256r1-4.key
+      - id: 5
+        scheme: 1
+        key: @sysconfdir@/open5gs/hnet/curve25519-5.key
+      - id: 6
+        scheme: 2
+        key: @sysconfdir@/open5gs/hnet/secp256r1-6.key
    sbi:
      - addr: 127.0.0.12
        port: 7777

 #
-# nrf:
+#  <SBI Client>>
+#
+#  o SBI Client(http://127.0.1.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      port: 7777
+#
+#  o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - addr: 127.0.1.10
+#      - addr: ::1
+#
+#  o SBI Client(https://scp.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - name: scp.open5gs.org
+#
+#  o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
+#    If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr:
+#        - 127.0.1.10
+#        - fd69:f21d:873c:fb::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#
+scp:
+    sbi:
+      - addr: 127.0.1.10
+        port: 7777
+
 #
 #  <SBI Client>>
 #
 #  o SBI Client(http://127.0.0.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
 #    sbi:
 #      addr: 127.0.0.10
 #      port: 7777
 #
-#  o SBI Client(https://127.0.0.10:443, http://nrf.open5gs.org:80)
+#  o SBI Client(https://127.0.0.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
 #    sbi:
 #      - addr: 127.0.0.10
-#        tls:
-#          key: nrf.key
-#          pem: nrf.pem
+#      - addr: ::1
+#
+#  o SBI Client(https://nrf.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
+#    sbi:
 #      - name: nrf.open5gs.org
 #
 #  o SBI Client(http://[fd69:f21d:873c:fa::1]:80)
@ -155,6 +436,10 @@ udm:
 #    - tcp_nodelay : true
 #    - so_linger.l_onoff : false
 #
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
 #    sbi:
 #      addr: 127.0.0.10
 #      option:
@ -163,54 +448,58 @@ udm:
 #          l_onoff: true
 #          l_linger: 10
 #
-nrf:
-    sbi:
-      - addr:
-          - 127.0.0.10
-          - ::1
-        port: 7777
+#nrf:
+#    sbi:
+#      - addr:
+#          - 127.0.0.10
+#          - ::1
+#        port: 7777

-#
-# parameter:
 #
 #  o Disable use of IPv4 addresses (only IPv6)
-#      no_ipv4: true
+#  parameter:
+#    no_ipv4: true
 #
 #  o Disable use of IPv6 addresses (only IPv4)
-#      no_ipv6: true
+#  parameter:
+#    no_ipv6: true
 #
 #  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
-#      prefer_ipv4: true
+#  parameter:
+#    prefer_ipv4: true
 #
 parameter:

 #
-# max:
-#
-# o Maximum Number of UE
+#  o Maximum Number of UE
+#  max:
 #    ue: 1024
-# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#
+#  o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#  max:
 #    peer: 64
 #
 max:

-#
-# time:
 #
 #  o NF Instance Heartbeat (Default : 0)
 #    NFs will not send heart-beat timer in NFProfile
 #    NRF will send heart-beat timer in NFProfile
+#    (Default values are used, so no configuration is required)
 #
 #  o NF Instance Heartbeat (20 seconds)
 #    NFs will send heart-beat timer (20 seconds) in NFProfile
 #    NRF can change heart-beat timer in NFProfile
 #
+#  time:
 #    nf_instance:
 #      heartbeat: 20
 #
 #  o Message Wait Duration (Default : 10,000 ms = 10 seconds)
+#    (Default values are used, so no configuration is required)
 #
 #  o Message Wait Duration (3000 ms)
+#  time:
 #    message:
 #        duration: 3000
 time:
--- a/configs/open5gs/udr.yaml.in
+++ b/configs/open5gs/udr.yaml.in
@ -1,36 +1,93 @@
 db_uri: mongodb://localhost/open5gs

-#
-# logger:
 #
 #  o Set OGS_LOG_INFO to all domain level
 #   - If `level` is omitted, the default level is OGS_LOG_INFO)
 #   - If `domain` is omitted, the all domain level is set from 'level'
-#    (Nothing is needed)
+#    (Default values are used, so no configuration is required)
 #
 #  o Set OGS_LOG_ERROR to all domain level
 #   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
 #    level: error
 #
 #  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
 #    level: debug
 #    domain: mme,emm
 #
 #  o Set OGS_LOG_TRACE to all domain level
+#  logger:
 #    level: trace
-#    domain: core,sbi,udr,event,tlv,mem,sock
+#    domain: core,sbi,ausf,event,tlv,mem,sock
 #
 logger:
    file: @localstatedir@/log/open5gs/udr.log
+
 #
-# udr:
+#  o TLS enable/disable
+#  sbi:
+#    server|client:
+#      no_tls: false|true
+#    - false: (Default) Use TLS
+#    - true:  TLS disabled
+#
+#  o Verification enable/disable
+#  sbi:
+#    server|client:
+#      no_verify: false|true
+#    - false: (Default) Verify the PEER
+#    - true:  Skip the verification step
+#
+#  o Server-side does not use TLS
+#  sbi:
+#    server:
+#      no_tls: true
+#
+#  o Client-side skips the verification step
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#
+#  o Use the specified certificate while verifying the client
+#  sbi:
+#    server
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+#  o Use the specified certificate while verifying the server
+#  sbi:
+#    client
+#      cacert: /etc/open5gs/tls/ca.crt
+#
+sbi:
+    server:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/udr.key
+      cert: @sysconfdir@/open5gs/tls/udr.crt
+    client:
+      no_tls: true
+      cacert: @sysconfdir@/open5gs/tls/ca.crt
+      key: @sysconfdir@/open5gs/tls/udr.key
+      cert: @sysconfdir@/open5gs/tls/udr.crt
+
 #
 #  <SBI Server>
 #
 #  o SBI Server(http://<all address available>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
 #    sbi:
 #
-#  o SBI Server(http://<any address>:80)
+#  o SBI Server(http://<any address>:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
 #    sbi:
 #      - addr:
 #          - 0.0.0.0
@ -38,37 +95,67 @@ logger:
 #        port: 7777
 #
 #  o SBI Server(https://<all address available>:443)
+#  sbi:
+#    server:
+#      key: /etc/open5gs/tls/bsf.key
+#      cert: /etc/open5gs/tls/bsf.crt
+#  bsf:
 #    sbi:
-#      - tls:
-#          key: udr.key
-#          pem: udr.pem
 #
-#  o SBI Server(https://127.0.0.20:443, http://[::1]:80)
+#  o SBI Server(https://127.0.0.15:443, https://[::1]:443) without verification
+#  sbi:
+#    server:
+#      no_verify: true
+#      key: /etc/open5gs/tls/bsf.key
+#      cert: /etc/open5gs/tls/bsf.crt
+#  bsf:
 #    sbi:
-#      - addr: 127.0.0.20
-#        tls:
-#          key: udr.key
-#          pem: udr.pem
+#      - addr: 127.0.0.15
 #      - addr: ::1
 #
-#  o SBI Server(http://udr.open5gs.org:80)
-#    sbi:
-#      - name: udr.open5gs.org
+#  o SBI Server(https://bsf.open5gs.org:443)
+#    Use the specified certificate while verifying the client
 #
-#  o SBI Server(http://127.0.0.20:7777)
+#  sbi:
+#    server:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/bsf.key
+#      cert: /etc/open5gs/tls/bsf.crt
+#  bsf:
 #    sbi:
-#      - addr: 127.0.0.20
+#      - name: bsf.open5gs.org
+#
+#  o SBI Server(http://127.0.0.15:7777)
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
+#    sbi:
+#      - addr: 127.0.0.15
 #        port: 7777
 #
 #  o SBI Server(http://<eth0 IP address>:80)
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
 #    sbi:
 #      - dev: eth0
 #
 #  o Provide custom SBI address to be advertised to NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
 #    sbi:
 #      - dev: eth0
-#        advertise: open5gs-udr.svc.local
+#        advertise: open5gs-bsf.svc.local
 #
+#  o Another example of advertising on NRF
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
 #    sbi:
 #      - addr: localhost
 #        advertise:
@ -79,20 +166,27 @@ logger:
 #    - tcp_nodelay : true
 #    - so_linger.l_onoff : false
 #
+#  sbi:
+#    server:
+#      no_tls: true
+#  bsf:
 #    sbi:
-#      addr: 127.0.0.20
+#      addr: 127.0.0.15
 #      option:
 #        tcp_nodelay: false
 #        so_linger:
 #          l_onoff: true
 #          l_linger: 10
 #
+#
 #  <NF Service>
 #
 #  o NF Service Name(Default : all NF services available)
+#  udr:
 #    service_name:
 #
 #  o NF Service Name(Only some NF services are available)
+#  udr:
 #    service_name:
 #      - nudr-dr
 #
@ -100,12 +194,21 @@ logger:
 #
 #  o (Default) If you do not set Query Parameter as shown below,
 #
+#  sbi:
+#    server:
+#      no_tls: true
+#  udr:
 #    sbi:
 #      - addr: 127.0.0.20
 #        port: 7777
 #
 #    - 'service-names' is included.
 #
+#  o Service-Names are not included
+#  sbi:
+#    server:
+#      no_tls: true
+#  udr:
 #    sbi:
 #      - addr: 127.0.0.20
 #        port: 7777
@ -120,27 +223,144 @@ logger:
 #      'service-names' is always included in the URI query parameter.
 #    * That is, 'no_service_names' has no effect.
 #
+#  <For Indirect Communication with Delegated Discovery>
+#
+#  o (Default) If you do not set Delegated Discovery as shown below,
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  udr:
+#    sbi:
+#      - addr: 127.0.0.20
+#        port: 7777
+#
+#    - Use SCP if SCP avaiable. Otherwise NRF is used.
+#      => App fails if both NRF and SCP are unavailable.
+#
+#  sbi:
+#    server:
+#      no_tls: true
+#  udr:
+#    sbi:
+#      - addr: 127.0.0.20
+#        port: 7777
+#    discovery:
+#      delegated: auto
+#
+#  o To use SCP always => App fails if no SCP available.
+#      delegated: yes
+#
+#  o Don't use SCP server => App fails if no NRF available.
+#      delegated: no
+#
 udr:
    sbi:
      - addr: 127.0.0.20
        port: 7777

 #
-# nrf:
+#  <SBI Client>>
+#
+#  o SBI Client(http://127.0.1.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      port: 7777
+#
+#  o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - addr: 127.0.1.10
+#      - addr: ::1
+#
+#  o SBI Client(https://scp.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  scp:
+#    sbi:
+#      - name: scp.open5gs.org
+#
+#  o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
+#    If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr:
+#        - 127.0.1.10
+#        - fd69:f21d:873c:fb::1
+#
+#  o SBI Option (Default)
+#    - tcp_nodelay : true
+#    - so_linger.l_onoff : false
+#
+#  sbi:
+#    client:
+#      no_tls: true
+#  scp:
+#    sbi:
+#      addr: 127.0.1.10
+#      option:
+#        tcp_nodelay: false
+#        so_linger:
+#          l_onoff: true
+#          l_linger: 10
+#
+#
+scp:
+    sbi:
+      - addr: 127.0.1.10
+        port: 7777
+
 #
 #  <SBI Client>>
 #
 #  o SBI Client(http://127.0.0.10:7777)
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
 #    sbi:
 #      addr: 127.0.0.10
 #      port: 7777
 #
-#  o SBI Client(https://127.0.0.10:443, http://nrf.open5gs.org:80)
+#  o SBI Client(https://127.0.0.10:443, https://[::1]:443) without verification
+#  sbi:
+#    client:
+#      no_verify: true
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
 #    sbi:
 #      - addr: 127.0.0.10
-#        tls:
-#          key: nrf.key
-#          pem: nrf.pem
+#      - addr: ::1
+#
+#  o SBI Client(https://nrf.open5gs.org:443)
+#    Use the specified certificate while verifying the server
+#
+#  sbi:
+#    client:
+#      cacert: /etc/open5gs/tls/ca.crt
+#      key: /etc/open5gs/tls/amf.key
+#      cert: /etc/open5gs/tls/amf.crt
+#  nrf:
+#    sbi:
 #      - name: nrf.open5gs.org
 #
 #  o SBI Client(http://[fd69:f21d:873c:fa::1]:80)
@ -155,6 +375,10 @@ udr:
 #    - tcp_nodelay : true
 #    - so_linger.l_onoff : false
 #
+#  sbi:
+#    client:
+#      no_tls: true
+#  nrf:
 #    sbi:
 #      addr: 127.0.0.10
 #      option:
@ -163,62 +387,58 @@ udr:
 #          l_onoff: true
 #          l_linger: 10
 #
-nrf:
-    sbi:
-      - addr:
-          - 127.0.0.10
-          - ::1
-        port: 7777
+#nrf:
+#    sbi:
+#      - addr:
+#          - 127.0.0.10
+#          - ::1
+#        port: 7777

-#
-# parameter:
 #
 #  o Disable use of IPv4 addresses (only IPv6)
-#      no_ipv4: true
+#  parameter:
+#    no_ipv4: true
 #
 #  o Disable use of IPv6 addresses (only IPv4)
-#      no_ipv6: true
+#  parameter:
+#    no_ipv6: true
 #
 #  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
-#      prefer_ipv4: true
+#  parameter:
+#    prefer_ipv4: true
 #
 parameter:

 #
-# max:
-#
-# o Maximum Number of UE
+#  o Maximum Number of UE
+#  max:
 #    ue: 1024
-# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#
+#  o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+#  max:
 #    peer: 64
 #
 max:

-#
-# time:
 #
 #  o NF Instance Heartbeat (Default : 0)
 #    NFs will not send heart-beat timer in NFProfile
 #    NRF will send heart-beat timer in NFProfile
+#    (Default values are used, so no configuration is required)
 #
 #  o NF Instance Heartbeat (20 seconds)
 #    NFs will send heart-beat timer (20 seconds) in NFProfile
 #    NRF can change heart-beat timer in NFProfile
 #
+#  time:
 #    nf_instance:
 #      heartbeat: 20
 #
-#  o NF Instance Heartbeat (Disabled)
-#    nf_instance:
-#      heartbeat: 0
-#
-#  o NF Instance Heartbeat (10 seconds)
-#    nf_instance:
-#      heartbeat: 10
-#
 #  o Message Wait Duration (Default : 10,000 ms = 10 seconds)
+#    (Default values are used, so no configuration is required)
 #
 #  o Message Wait Duration (3000 ms)
+#  time:
 #    message:
 #        duration: 3000
 time:
--- a/configs/open5gs/upf.yaml.in
+++ b/configs/open5gs/upf.yaml.in
@ -1,60 +1,72 @@
 #
-# logger:
-#
 #  o Set OGS_LOG_INFO to all domain level
 #   - If `level` is omitted, the default level is OGS_LOG_INFO)
 #   - If `domain` is omitted, the all domain level is set from 'level'
-#    (Nothing is needed)
+#    (Default values are used, so no configuration is required)
 #
 #  o Set OGS_LOG_ERROR to all domain level
 #   - `level` can be set with none, fatal, error, warn, info, debug, trace
+#  logger:
 #    level: error
 #
 #  o Set OGS_LOG_DEBUG to mme/emm domain level
+#  logger:
 #    level: debug
 #    domain: mme,emm
 #
 #  o Set OGS_LOG_TRACE to all domain level
+#  logger:
 #    level: trace
-#    domain: core,pfcp,gtp,upf,event,tlv,mem,sock
+#    domain: core,sbi,ausf,event,tlv,mem,sock
 #
 logger:
    file: @localstatedir@/log/open5gs/upf.log

-#
-# upf:
 #
 #  <PFCP Server>
 #
 #  o PFCP Server(127.0.0.7:8805, ::1:8805)
+#  upf:
 #    pfcp:
 #      - addr: 127.0.0.7
 #      - addr: ::1
 #
 #  o PFCP-U Server(127.0.0.1:2152, [::1]:2152)
+#  upf:
 #    pfcp:
 #      name: localhost
 #
 #  o PFCP Option (Default)
 #    - so_bindtodevice : NULL
 #
+#  upf:
 #    pfcp:
 #      addr: 127.0.0.7
 #      option:
 #        so_bindtodevice: vrf-blue
 #
+#  o Provide custom PFCP address to be advertised to SMF in PFCP association
+#      request/respond
+#  upf:
+#    pfcp:
+#      - addr: 0.0.0.0
+#        advertise: open5gs-smf.svc.local
+#
 #  <GTP-U Server>>
 #
 #  o GTP-U Server(127.0.0.7:2152, [::1]:2152)
+#  upf:
 #    gtpu:
 #      - addr: 127.0.0.7
 #      - addr: ::1
 #
 #  o GTP-U Server(127.0.0.1:2152, [::1]:2152)
+#  upf:
 #    gtpu:
 #      name: localhost
 #
 #  o User Plane IP Resource information
+#  upf:
 #    gtpu:
 #      - addr:
 #        - 127.0.0.7
@ -70,20 +82,24 @@ logger:
 #        source_interface: 1
 #
 #  o Provide custom UPF GTP-U address to be advertised inside NGAP messages
+#  upf:
 #    gtpu:
 #      - addr: 10.4.128.21
 #        advertise: 172.24.15.30
 #
+#  upf:
 #    gtpu:
 #      - addr: 10.4.128.21
 #        advertise:
 #        - 127.0.0.1
 #        - ::1
 #
+#  upf:
 #    gtpu:
 #      - addr: 10.4.128.21
 #        advertise: upf1.5gc.mnc001.mcc001.3gppnetwork.org
 #
+#  upf:
 #    gtpu:
 #      - dev: ens3
 #        advertise: upf1.5gc.mnc001.mcc001.3gppnetwork.org
@ -91,6 +107,7 @@ logger:
 #  o GTP-U Option (Default)
 #    - so_bindtodevice : NULL
 #
+#  upf:
 #    gtpu:
 #      addr: 127.0.0.7
 #      option:
@ -104,6 +121,7 @@ logger:
 #  o IPv4 Pool
 #    $ sudo ip addr add 10.45.0.1/16 dev ogstun
 #
+#  upf:
 #    subnet:
 #      addr: 10.45.0.1/16
 #
@ -111,6 +129,7 @@ logger:
 #    $ sudo ip addr add 10.45.0.1/16 dev ogstun
 #    $ sudo ip addr add 2001:db8:cafe::1/48 dev ogstun
 #
+#  upf:
 #    subnet:
 #      - addr: 10.45.0.1/16
 #      - addr: 2001:db8:cafe::1/48
@ -125,6 +144,7 @@ logger:
 #
 #    ; If the UE has unknown DNN/APN(not internet/ims), SMF/UPF will crash.
 #
+#  upf:
 #    subnet:
 #      - addr: 10.45.0.1/16
 #        dnn: internet
@ -138,6 +158,7 @@ logger:
 #  o Specific DNN/APN with the FALLBACK SUBNET(10.47.0.1/16)
 #    ; Note that put the FALLBACK SUBNET last to avoid SMF/UPF crash.
 #
+#  upf:
 #    subnet:
 #      - addr: 10.45.0.1/16
 #        dnn: internet
@ -151,6 +172,7 @@ logger:
 #    $ sudo ip addr add 10.46.0.1/16 dev ogstun3
 #    $ sudo ip addr add 2001:db8:babe::1/48 dev ogstun3
 #
+#  upf:
 #    subnet:
 #      - addr: 10.45.0.1/16
 #        dnn: internet
@ -164,6 +186,14 @@ logger:
 #        dnn: ims
 #        dev: ogstun3
 #
+#  <Metrics Server>
+#
+#  o Metrics Server(http://<any address>:9090)
+#  upf:
+#    metrics:
+#    - addr: 0.0.0.0
+#      port: 9090
+#
 upf:
    pfcp:
      - addr: 127.0.0.7
@ -172,52 +202,56 @@ upf:
    subnet:
      - addr: 10.45.0.1/16
      - addr: 2001:db8:cafe::1/48
+    metrics:
+      - addr: 127.0.0.7
+        port: 9090

-#
-# smf:
 #
 #  <PFCP Client>>
 #
 #  o PFCP Client(127.0.0.4:8805)
-#
+#  smf:
 #    pfcp:
 #      addr: 127.0.0.4
 #
 smf:

-#
-# parameter:
 #
 #  o Number of output streams per SCTP associations.
-#      sctp_streams: 30
+#  parameter:
+#    sctp_streams: 30
 #
 #  o Disable use of IPv4 addresses (only IPv6)
-#      no_ipv4: true
+#  parameter:
+#    no_ipv4: true
 #
 #  o Disable use of IPv6 addresses (only IPv4)
-#      no_ipv6: true
+#  parameter:
+#    no_ipv6: true
 #
 #  o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
-#      prefer_ipv4: true
+#  parameter:
+#    prefer_ipv4: true
 #
 parameter:

-#
-# max:
 #
 # o Maximum Number of UE
-#    ue: 1024
+# max:
+#   ue: 1024
+#
 # o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
-#    peer: 64
+# max:
+#   peer: 64
 #
 max:

-#
-# time:
 #
 #  o Message Wait Duration (Default : 10,000 ms = 10 seconds)
+#    (Default values are used, so no configuration is required)
 #
 #  o Message Wait Duration (3000 ms)
+#  time:
 #    message:
 #        duration: 3000
 time:
--- a/Show More
+++ b/Show More