1 .. This work is licensed under a Creative Commons Attribution 4.0 International License.
2 .. http://creativecommons.org/licenses/by/4.0
3 .. Copyright 2020-2021 NOKIA
6 ***************************************
7 OOM Certification Service Release Notes
8 ***************************************
13 This document provides the release notes for the Honolulu release.
18 Certification Service provides certificates signed by external CMPv2 server - such certificates are further called operators certificates. Operators certificates are meant to secure external ONAP traffic - traffic between network functions (xNFs) and ONAP.
20 This project was moved from Application Authorization Framework (AAF), to check previous release notes see, `AAF CertService release notes <https://docs.onap.org/projects/onap-aaf-certservice/en/frankfurt/sections/release-notes.html>`_ .
26 +--------------------------------------+---------------------------------------------------------------------------------------+
29 +--------------------------------------+---------------------------------------------------------------------------------------+
30 | **Docker images** | * onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.3.3 |
31 | | * onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3 |
32 | | * onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.3 |
33 | | * onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.3.3|
35 +--------------------------------------+---------------------------------------------------------------------------------------+
36 | **Release designation** | Honolulu |
38 +--------------------------------------+---------------------------------------------------------------------------------------+
44 - `OOM-2560 <https://jira.onap.org/browse/OOM-2560>`_ Integrated CMPv2 certificate provider with Cert-Manager
46 An CMPv2 certificate provider is a part of PKI infrastructure. It consumes CertificateRequest custom resource from Cert-Manager and calls CertService API to enroll certificate from CMPv2 server.
47 During ONAP deployment, the CMPv2 certificate provider is enabled when flags cmpv2Enabled, CMPv2CertManagerIntegration and platform.enabled equals true.
49 More information can be found on dedicated `wiki page <https://wiki.onap.org/display/DW/CertService+and+K8s+Cert-Manager+integration>`_
51 - `OOM-2632 <https://jira.onap.org/browse/OOM-2632>`_ Extended CertService API and clients to correctly support SANs parameters such as: e-mails, URIs and IP addresses.
55 - `OOM-2656 <https://jira.onap.org/browse/OOM-2656>`_ Adjusted CertService API to RFC4210 - changed MAC protection algorithm and number of iteration for such algorithm.
57 - `OOM-2657 <https://jira.onap.org/browse/OOM-2657>`_ Enhanced CertServiceAPI response in order to include CMP server error messages.
59 - `OOM-2658 <https://jira.onap.org/browse/OOM-2658>`_ Fixed KeyUsage extension sent to CMPv2 server
70 Docker images mentioned in Release Date section.
72 Documentation Deliverables
73 ~~~~~~~~~~~~~~~~~~~~~~~~~~
75 - :doc:`CMPv2 certificate provider description <cmpv2-cert-provider>`
77 Known Limitations, Issues and Workarounds
78 =========================================
83 Any known system limitations.
89 Any known vulnerabilities.
95 Any known workarounds.
101 **Fixed Security Issues**
105 **Known Security Issues**
118 For more information on the ONAP Honolulu release, please see:
121 #. `ONAP Documentation`_
122 #. `ONAP Release Downloads`_
126 .. _`ONAP Home Page`: https://www.onap.org
127 .. _`ONAP Wiki Page`: https://wiki.onap.org
128 .. _`ONAP Documentation`: https://docs.onap.org
129 .. _`ONAP Release Downloads`: https://git.onap.org