-# Cert service client
+# Cert service client *(deprecated)*
+
+> Deprecated since Istanbul release in favor of Cert Manager certificates
+> (for more details see certServiceK8sExternalProvider submodule).
+
### Project building
```
### Nexus container image
```
-nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-client:latest
+nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3
```
### Running local client application as standalone docker container
+CertService API and client must be running in same network.
+
+You need certificate and trust anchors (in JKS format) to connect to CertService API via HTTPS. Information how to generate truststore and keystore files you can find in CertService main README.
+
+To run CertService client as standalone docker container execute following steps:
+
+1. Create file ‘$PWD/client.env’ with environment variables as in example below:
```
-AAFCERT_CLIENT_IMAGE=onap/org.onap.aaf.certservice.aaf-certservice-client
-DOCKER_ENV_FILE= <path to envfile>
-NETWORK_CERT_SERVICE= <docker network of cert service>
-
-docker run --name aaf-certservice-client --env-file $DOCKER_ENV_FILE --network $NETWORK_CERT_SERVICE $AAFCERT_CLIENT_IMAGE
-```
-Sample Environment file:
-```aidl
#Client envs
-REQUEST_TIMEOUT=1000
-OUTPUT_PATH=/var/log
+REQUEST_URL=<URL to CertService API>
+REQUEST_TIMEOUT=10000
+OUTPUT_PATH=/var/certs
CA_NAME=RA
-#Csr config envs
+OUTPUT_TYPE=P12
+
+#CSR config envs
COMMON_NAME=onap.org
ORGANIZATION=Linux-Foundation
ORGANIZATION_UNIT=ONAP
LOCATION=San-Francisco
STATE=California
COUNTRY=US
-SANS=example.com:example2.com
-KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks
-KEYSTORE_PASSWORD=secret
-TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks
-TRUSTSTORE_PASSWORD=secret
+SANS=test.onap.org,onap.com,onap@onap.org,127.0.0.1,onap://cluster.local/
+
+#TLS config envs
+KEYSTORE_PATH=/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks
+KEYSTORE_PASSWORD=<password to certServiceClient-keystore.jks>
+TRUSTSTORE_PATH=/etc/onap/oom/certservice/certs/certServiceClient-truststore.jks
+TRUSTSTORE_PASSWORD=<password to certServiceClient-truststore.jks>
+```
+2. Run docker container as in following example (API and client must be running in same network):
+```
+docker run \
+--rm \
+--name oomcert-client \
+--env-file <$PWD/client.env (same as in step1)> \
+--network <docker network of cert service> \
+--mount type=bind,src=<path to local host directory where certificate and trust anchor will be created>,dst=<OUTPUT_PATH (same as in step 1)> \
+--volume <local path to keystore in JKS format>:<KEYSTORE_PATH> \
+--volume <local path to truststore in JKS format>:<TRUSTSTORE_PATH> \
+nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3
```
+After successful creation of certifications, container exits with exit code 0.
### Logs locally
path:
```
-var/log/onap/aaf/certservice-client/certservice-client.log
+var/log/onap/oom/certservice-client/certservice-client.log
```
### Logs in Docker container
```
-docker logs aaf-certservice-client
+docker logs oom-certservice-client
```
###Exit codes
```
4 Fail in CSR generation
5 CertService HTTP unsuccessful response
6 Internal HTTP Client connection problem
-7 Fail in PKCS12 conversion
+7 Fail in PEM conversion
8 Fail in Private Key to PEM Encoding
9 Wrong TLS configuration
-10 Invalid value of the OUTPUT_TYPE parameter
-11 Certificate creation type is not supported
+10 File could not be created
+99 Application exited abnormally
Code Review / oom / platform / cert-service.git / blobdiff