From 56f09f3f64b6f8f214fafdbfb1e6ca44ace2962c Mon Sep 17 00:00:00 2001 From: egernug Date: Tue, 31 Mar 2020 11:28:11 +0100 Subject: [PATCH] Adding EJBCA configuration to Documentation Issue-ID: AAF-1091 Signed-off-by: EmmettCox Change-Id: I5ac156d908aabfc5171737b95e2bfcbf0941c9a0 Signed-off-by: egernug --- docs/sections/configuration.rst | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/docs/sections/configuration.rst b/docs/sections/configuration.rst index d49c86bd..1c9c62b5 100644 --- a/docs/sections/configuration.rst +++ b/docs/sections/configuration.rst @@ -46,6 +46,36 @@ Certification Service Client image: docker run --env-file $DOCKER_ENV_FILE --network $NETWORK_CERT_SERVICE --volume $DOCKER_VOLUME $AAFCERT_CLIENT_IMAGE +Configuring EJBCA server for testing +------------------------------------ + +To instantiate an EJBCA server for testing purposes with an OOM deployment, cmpv2Enabled and cmpv2Testing have to be changed to true in oom/kubernetes/aaf/values.yaml. + +cmpv2Enabled has to be true to enable aaf-cert-service to be instantiated and used with an external Certificate Authority to get certificates for secure communication. + +If cmpv2Testing is enabled then an EJBCA test server will be instantiated in the OOM deployment as well, and will come pre-configured with a test CA to request a certificate from. + +Currently the recommended mode is single-layer RA mode. + + +Default Values: + ++---------------------+---------------------------------------------------------------------------------------------------------------------------------+ +| Name | Value | ++=====================+=================================================================================================================================+ +| Request URL | http://aaf-ejbca:8080/ejbca/publicweb/cmp/cmpRA | ++---------------------+---------------------------------------------------------------------------------------------------------------------------------+ +| Response Type | PKI Response | ++---------------------+---------------------------------------------------------------------------------------------------------------------------------+ +| caMode | RA | ++---------------------+---------------------------------------------------------------------------------------------------------------------------------+ +| alias | cmpRA | ++---------------------+---------------------------------------------------------------------------------------------------------------------------------+ + + +If you wish to configure the EJBCA server, you can find Documentation for EJBCA here: https://doc.primekey.com/ejbca/ + +If you want to understand how CMP works on EJBCA in more detail, you can find Details here: https://download.primekey.com/docs/EJBCA-Enterprise/6_14_0/CMP.html Init Container for K8s ---------------------- -- 2.16.6