1 .. This work is licensed under a Creative Commons Attribution 4.0 International License.
2 .. http://creativecommons.org/licenses/by/4.0
3 .. Copyright 2020 NOKIA
8 Standalone docker container
9 ---------------------------
11 Certification Service Client image:
15 nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-client:latest
18 1. Create file with environments as in example below.
23 REQUEST_URL=http://aaf-cert-service:8080/v1/certificate/
25 OUTPUT_PATH=/var/certs
29 ORGANIZATION=Linux-Foundation
30 ORGANIZATION_UNIT=ONAP
31 LOCATION=San-Francisco
34 SANS=test.onap.org:onap.com
37 2. Run docker container with environments file and docker network (API and client must be running in same network).
41 AAFCERT_CLIENT_IMAGE=nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-client:latest
42 DOCKER_ENV_FILE= <path to environment file>
43 NETWORK_CERT_SERVICE= <docker network of cert service>
44 DOCKER_VOLUME="<absolute path to local dir>:<output path>"
46 docker run --env-file $DOCKER_ENV_FILE --network $NETWORK_CERT_SERVICE --volume $DOCKER_VOLUME $AAFCERT_CLIENT_IMAGE
49 Configuring EJBCA server for testing
50 ------------------------------------
52 To instantiate an EJBCA server for testing purposes with an OOM deployment, cmpv2Enabled and cmpv2Testing have to be changed to true in oom/kubernetes/aaf/values.yaml.
54 cmpv2Enabled has to be true to enable aaf-cert-service to be instantiated and used with an external Certificate Authority to get certificates for secure communication.
56 If cmpv2Testing is enabled then an EJBCA test server will be instantiated in the OOM deployment as well, and will come pre-configured with a test CA to request a certificate from.
58 Currently the recommended mode is single-layer RA mode.
63 +---------------------+---------------------------------------------------------------------------------------------------------------------------------+
65 +=====================+=================================================================================================================================+
66 | Request URL | http://aaf-ejbca:8080/ejbca/publicweb/cmp/cmpRA |
67 +---------------------+---------------------------------------------------------------------------------------------------------------------------------+
68 | Response Type | PKI Response |
69 +---------------------+---------------------------------------------------------------------------------------------------------------------------------+
71 +---------------------+---------------------------------------------------------------------------------------------------------------------------------+
73 +---------------------+---------------------------------------------------------------------------------------------------------------------------------+
76 If you wish to configure the EJBCA server, you can find Documentation for EJBCA here: https://doc.primekey.com/ejbca/
78 If you want to understand how CMP works on EJBCA in more detail, you can find Details here: https://download.primekey.com/docs/EJBCA-Enterprise/6_14_0/CMP.html
80 Init Container for K8s
81 ----------------------
101 - mountPath: /var/certs #CERTS CAN BE FOUND IN THIS DIRECTORY
105 - name: cert-service-client
106 image: nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-client:latest
107 imagePullPolicy: Always
110 value: http://aaf-cert-service:8080/v1/certificate/
111 - name: REQUEST_TIMEOUT
120 value: Linux-Foundation
121 - name: ORGANIZATION_UNIT
130 value: test.onap.org:onap.com
132 - mountPath: /var/certs