Certificate-based
"""""""""""""""""
| There is an option to enable certificate-based authentication for PRH towards AAI service calls.
-| To achieve this secure flag needs to be turned on in PRH :ref:`configuration<prh_configuration>` :
+| To achieve this secure flag needs to be turned on in PRH :ref:`configuration <prh_configuration>` :
+
+.. code-block:: bash
-.. code-block:: json
security.enableAaiCertAuth=true
DMaaP BC authentication
Certificate-based
""""""""""""""""""
| There is an option to enable certificate-based authentication for PRH towards DMaaP Bus Controller service calls.
-| To achieve this secure flag needs to be turned on in PRH :ref:`configuration<prh_configuration>` :
+| To achieve this secure flag needs to be turned on in PRH :ref:`configuration <prh_configuration>` :
+
+.. code-block:: bash
-.. code-block:: json
--security.enableDmaapCertAuth=true
PRH identity and certificate data
| It's the DCAEGEN2 responsibility to generate certificate for dcae identity and provide it to the collector.
|
| PRH by default expects that the volume ``tls-info`` is being mounted under path ``/opt/app/prh/etc/cert``.
-| It's the component/collector responsibility to provide necessary inputs in Cloudify blueprint to get the volume mounted.
+| It's the component/collector responsibility to provide necessary inputs in Helm charts to get the volume mounted.
| See :doc:`../../tls_enablement` for detailed information.
|
| PRH is using four files from ``tls-info`` DCAE volume (``cert.jks, jks.pass, trust.jks, trust.pass``).
-| Refer :ref:`configuration<prh_configuration>` for proper security attributes settings.
+| Refer :ref:`configuration
<prh_configuration>` for proper security attributes settings.
|
| **IMPORTANT** Even when certificate-based authentication security features are disabled,
| still all security settings needs to be provided in configuration to make PRH service start smoothly.
Code Review / dcaegen2.git / blobdiff