1 .. This work is licensed under a Creative Commons Attribution 4.0 International License.
2 .. http://creativecommons.org/licenses/by/4.0
3 .. Copyright 2020-2021 NOKIA
6 ***************************************
7 OOM Certification Service Release Notes
8 ***************************************
14 Version: 2.4.0 [not released yet]
15 =================================
20 This document provides the release notes for the Istanbul release.
25 Certificate update use case is now available. For details go to:
26 :ref:`How to use instructions<how_to_use_certificate_update>`
31 +--------------------------------------+---------------------------------------------------------------------------------------+
34 +--------------------------------------+---------------------------------------------------------------------------------------+
35 | **Docker images** | * onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.4.0 |
36 | | * onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.4.0 |
37 | | * onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.4.0|
39 +--------------------------------------+---------------------------------------------------------------------------------------+
40 | **Release designation** | Istanbul |
42 +--------------------------------------+---------------------------------------------------------------------------------------+
48 - `OOM-2754 <https://jira.onap.org/browse/OOM-2754>`_ Implement certificate update in CMPv2 external issuer
50 - `OOM-2753 <https://jira.onap.org/browse/OOM-2753>`_ Implement certificate update in CMPv2 CertService
52 - `OOM-2744 <https://jira.onap.org/browse/OOM-2744>`_ Remove CertService Client mechanism from ONAP
54 - `OOM-2649 <https://jira.onap.org/browse/OOM-2649>`_ Update contrib/ejbca to 7.x
58 - `OOM-2771 <https://jira.onap.org/browse/OOM-2771>`_ Fix CertificateRequest resource was not found issue in CMPv2 external issuer
60 - `OOM-2764 <https://jira.onap.org/browse/OOM-2764>`_ Fix sonar issues in CertService
71 Docker images mentioned in Release Date section.
73 Documentation Deliverables
74 ~~~~~~~~~~~~~~~~~~~~~~~~~~
76 - :ref:`CMPv2 certificate provider description <cmpv2_cert_provider>`
78 Known Limitations, Issues and Workarounds
79 -----------------------------------------
84 Any known system limitations.
90 Any known vulnerabilities.
96 Any known workarounds.
102 **Fixed Security Issues**
106 **Known Security Issues**
119 For more information on the ONAP Istanbul release, please see:
122 #. `ONAP Documentation`_
123 #. `ONAP Release Downloads`_
132 This document provides the release notes for the Honolulu release.
137 Certification Service provides certificates signed by external CMPv2 server - such certificates are further called operators certificates. Operators certificates are meant to secure external ONAP traffic - traffic between network functions (xNFs) and ONAP.
139 This project was moved from Application Authorization Framework (AAF), to check previous release notes see, `AAF CertService release notes <https://docs.onap.org/projects/onap-aaf-certservice/en/frankfurt/sections/release-notes.html>`_ .
145 +--------------------------------------+---------------------------------------------------------------------------------------+
146 | **Project** | OOM |
148 +--------------------------------------+---------------------------------------------------------------------------------------+
149 | **Docker images** | * onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.3.3 |
150 | | * onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3 |
151 | | * onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.3 |
152 | | * onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.3.3|
154 +--------------------------------------+---------------------------------------------------------------------------------------+
155 | **Release designation** | Honolulu |
157 +--------------------------------------+---------------------------------------------------------------------------------------+
163 - `OOM-2560 <https://jira.onap.org/browse/OOM-2560>`_ Integrated CMPv2 certificate provider with Cert-Manager
165 An CMPv2 certificate provider is a part of PKI infrastructure. It consumes CertificateRequest custom resource from Cert-Manager and calls CertService API to enroll certificate from CMPv2 server.
166 During ONAP deployment, the CMPv2 certificate provider is enabled when flags cmpv2Enabled, CMPv2CertManagerIntegration and platform.enabled equals true.
168 More information can be found on dedicated `wiki page <https://wiki.onap.org/display/DW/CertService+and+K8s+Cert-Manager+integration>`_
170 - `OOM-2632 <https://jira.onap.org/browse/OOM-2632>`_ Extended CertService API and clients to correctly support SANs parameters such as: e-mails, URIs and IP addresses.
174 - `OOM-2656 <https://jira.onap.org/browse/OOM-2656>`_ Adjusted CertService API to RFC4210 - changed MAC protection algorithm and number of iteration for such algorithm.
176 - `OOM-2657 <https://jira.onap.org/browse/OOM-2657>`_ Enhanced CertServiceAPI response in order to include CMP server error messages.
178 - `OOM-2658 <https://jira.onap.org/browse/OOM-2658>`_ Fixed KeyUsage extension sent to CMPv2 server
187 Software Deliverables
188 ~~~~~~~~~~~~~~~~~~~~~
189 Docker images mentioned in Release Date section.
191 Documentation Deliverables
192 ~~~~~~~~~~~~~~~~~~~~~~~~~~
194 - :ref:`CMPv2 certificate provider description <cmpv2_cert_provider>`
196 Known Limitations, Issues and Workarounds
197 -----------------------------------------
202 Any known system limitations.
205 Known Vulnerabilities
206 ---------------------
208 Any known vulnerabilities.
214 Any known workarounds.
220 **Fixed Security Issues**
224 **Known Security Issues**
237 For more information on the ONAP Honolulu release, please see:
240 #. `ONAP Documentation`_
241 #. `ONAP Release Downloads`_
245 .. _`ONAP Home Page`: https://www.onap.org
246 .. _`ONAP Wiki Page`: https://wiki.onap.org
247 .. _`ONAP Documentation`: https://docs.onap.org
248 .. _`ONAP Release Downloads`: https://git.onap.org