--mount type=bind,src=`pwd`/compose-resources/client-volume/,dst=/var/certs \
--volume `pwd`/certs/truststore.jks:/etc/onap/oom/certservice/certs/truststore.jks \
--volume `pwd`/certs/certServiceClient-keystore.jks:/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks \
- onap/org.onap.oom.platform.cert-service.oom-certservice-client:latest
+ nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3
stop-backend:
@echo "##### Stop Cert Service #####"
Project consists of four submodules:
1. oom-certservice-api
-2. oom-certservice-client
+2. *deprecated (no longer built)* oom-certservice-client
3. oom-certservice-post-processor
4. oom-certservice-k8s-external-provider
```
### Running Docker containers from docker-compose with EJBCA
-Docker-compose uses a local image of certservice-api and make run-client uses a local image of certservice-client
-Build docker images locally before running docker compose command.
+Docker-compose uses a local image of certservice-api and make run-client uses a released image of certservice-client
+Build certservice-api docker image locally before running docker compose command.
```
1. Build local images
make build
-# Cert service client
+# Cert service client *(deprecated)*
+
+> Deprecated since Istanbul release in favor of Cert Manager certificates
+> (for more details see certServiceK8sExternalProvider submodule).
+
### Project building
```
ejbca.sh config cmp addalias --alias cmpRA
ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra
ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value mypassword
- ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value pbe
+ ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value signature
+ ejbca.sh config cmp updatealias --alias cmpRA --key authenticationmodule --value 'HMAC;EndEntityCertificate'
+ ejbca.sh config cmp updatealias --alias cmpRA --key allowautomatickeyupdate --value true
ejbca.sh ca importprofiles -d /opt/primekey/custom_profiles
#Profile name taken from certprofile filename (certprofile_<profile-name>-<id>.xml)
ejbca.sh config cmp updatealias --alias cmpRA --key ra.certificateprofile --value CUSTOM_ENDUSER
#ID taken from entityprofile filename (entityprofile_<profile-name>-<id>.xml)
ejbca.sh config cmp updatealias --alias cmpRA --key ra.endentityprofileid --value 1356531849
+ caSubject=$(ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout | grep 'Subject' | sed -e "s/^Subject: //" | sed -n '1p')
+ ejbca.sh config cmp updatealias --alias cmpRA --key defaultca --value "$caSubject"
ejbca.sh config cmp dumpalias --alias cmpRA
ejbca.sh config cmp addalias --alias cmp
ejbca.sh config cmp updatealias --alias cmp --key allowautomatickeyupdate --value true
<modules>
<module>certService</module>
- <module>certServiceClient</module>
<module>certServicePostProcessor</module>
<module>certServiceK8sExternalProvider</module>
</modules>