1 .. This work is licensed under a Creative Commons Attribution 4.0 International License.
2 .. http://creativecommons.org/licenses/by/4.0
3 .. Copyright 2020-2021 NOKIA
6 ***************************************
7 OOM Certification Service Release Notes
8 ***************************************
20 This document provides the release notes for the Istanbul release.
25 Certificate update use case is now available. For details go to:
26 :ref:`How to use instructions<how_to_use_certificate_update>`
31 +--------------------------------------+---------------------------------------------------------------------------------------+
34 +--------------------------------------+---------------------------------------------------------------------------------------+
35 | **Docker images** | * onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.4.0 |
36 | | * onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.4.0 |
37 | | * onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.4.0|
39 +--------------------------------------+---------------------------------------------------------------------------------------+
40 | **Release designation** | Istanbul |
42 +--------------------------------------+---------------------------------------------------------------------------------------+
48 - `OOM-2754 <https://jira.onap.org/browse/OOM-2754>`_ Implement certificate update in CMPv2 external issuer
50 - `OOM-2753 <https://jira.onap.org/browse/OOM-2753>`_ Implement certificate update in CMPv2 CertService
52 - `OOM-2744 <https://jira.onap.org/browse/OOM-2744>`_ Remove CertService Client mechanism from ONAP
54 - `OOM-2649 <https://jira.onap.org/browse/OOM-2649>`_ Update contrib/ejbca to 7.x
58 - `OOM-2771 <https://jira.onap.org/browse/OOM-2771>`_ Fix CertificateRequest resource was not found issue in CMPv2 external issuer
60 - `OOM-2764 <https://jira.onap.org/browse/OOM-2764>`_ Fix sonar issues in CertService
64 If Cert-Manager was down for some time and did not trigger certificate update on time, then updating an outdated certificate may require manual actions.
65 The required actions are described in :ref:`Troubleshooting section <troubleshooting>`
72 Docker images mentioned in Release Date section.
74 Documentation Deliverables
75 ~~~~~~~~~~~~~~~~~~~~~~~~~~
77 - :ref:`CMPv2 certificate provider description <cmpv2_cert_provider>`
79 Known Limitations, Issues and Workarounds
80 -----------------------------------------
85 Any known system limitations.
91 Any known vulnerabilities.
97 Any known workarounds.
103 **Fixed Security Issues**
107 **Known Security Issues**
120 For more information on the ONAP Istanbul release, please see:
123 #. `ONAP Documentation`_
124 #. `ONAP Release Downloads`_
133 This document provides the release notes for the Honolulu release.
138 Certification Service provides certificates signed by external CMPv2 server - such certificates are further called operators certificates. Operators certificates are meant to secure external ONAP traffic - traffic between network functions (xNFs) and ONAP.
140 This project was moved from Application Authorization Framework (AAF), to check previous release notes see, `AAF CertService release notes <https://docs.onap.org/projects/onap-aaf-certservice/en/frankfurt/sections/release-notes.html>`_ .
146 +--------------------------------------+---------------------------------------------------------------------------------------+
147 | **Project** | OOM |
149 +--------------------------------------+---------------------------------------------------------------------------------------+
150 | **Docker images** | * onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.3.3 |
151 | | * onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3 |
152 | | * onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.3 |
153 | | * onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.3.3|
155 +--------------------------------------+---------------------------------------------------------------------------------------+
156 | **Release designation** | Honolulu |
158 +--------------------------------------+---------------------------------------------------------------------------------------+
164 - `OOM-2560 <https://jira.onap.org/browse/OOM-2560>`_ Integrated CMPv2 certificate provider with Cert-Manager
166 An CMPv2 certificate provider is a part of PKI infrastructure. It consumes CertificateRequest custom resource from Cert-Manager and calls CertService API to enroll certificate from CMPv2 server.
167 During ONAP deployment, the CMPv2 certificate provider is enabled when flags cmpv2Enabled, CMPv2CertManagerIntegration and platform.enabled equals true.
169 More information can be found on dedicated `wiki page <https://wiki.onap.org/display/DW/CertService+and+K8s+Cert-Manager+integration>`_
171 - `OOM-2632 <https://jira.onap.org/browse/OOM-2632>`_ Extended CertService API and clients to correctly support SANs parameters such as: e-mails, URIs and IP addresses.
175 - `OOM-2656 <https://jira.onap.org/browse/OOM-2656>`_ Adjusted CertService API to RFC4210 - changed MAC protection algorithm and number of iteration for such algorithm.
177 - `OOM-2657 <https://jira.onap.org/browse/OOM-2657>`_ Enhanced CertServiceAPI response in order to include CMP server error messages.
179 - `OOM-2658 <https://jira.onap.org/browse/OOM-2658>`_ Fixed KeyUsage extension sent to CMPv2 server
188 Software Deliverables
189 ~~~~~~~~~~~~~~~~~~~~~
190 Docker images mentioned in Release Date section.
192 Documentation Deliverables
193 ~~~~~~~~~~~~~~~~~~~~~~~~~~
195 - :ref:`CMPv2 certificate provider description <cmpv2_cert_provider>`
197 Known Limitations, Issues and Workarounds
198 -----------------------------------------
203 Any known system limitations.
206 Known Vulnerabilities
207 ---------------------
209 Any known vulnerabilities.
215 Any known workarounds.
221 **Fixed Security Issues**
225 **Known Security Issues**
238 For more information on the ONAP Honolulu release, please see:
241 #. `ONAP Documentation`_
242 #. `ONAP Release Downloads`_
246 .. _`ONAP Home Page`: https://www.onap.org
247 .. _`ONAP Wiki Page`: https://wiki.onap.org
248 .. _`ONAP Documentation`: https://docs.onap.org
249 .. _`ONAP Release Downloads`: https://git.onap.org