From 56f09f3f64b6f8f214fafdbfb1e6ca44ace2962c Mon Sep 17 00:00:00 2001
From: egernug <gerard.nugent@est.tech>
Date: Tue, 31 Mar 2020 11:28:11 +0100
Subject: [PATCH] Adding EJBCA configuration to Documentation

Issue-ID: AAF-1091
Signed-off-by: EmmettCox <emmett.cox@est.tech>
Change-Id: I5ac156d908aabfc5171737b95e2bfcbf0941c9a0
Signed-off-by: egernug <gerard.nugent@est.tech>
---
 docs/sections/configuration.rst | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/docs/sections/configuration.rst b/docs/sections/configuration.rst
index d49c86bd..1c9c62b5 100644
--- a/docs/sections/configuration.rst
+++ b/docs/sections/configuration.rst
@@ -46,6 +46,36 @@ Certification Service Client image:
   docker run --env-file $DOCKER_ENV_FILE --network $NETWORK_CERT_SERVICE --volume $DOCKER_VOLUME $AAFCERT_CLIENT_IMAGE
 
 
+Configuring EJBCA server for testing
+------------------------------------
+
+To instantiate an EJBCA server for testing purposes with an OOM deployment, cmpv2Enabled and cmpv2Testing have to be changed to true in oom/kubernetes/aaf/values.yaml.
+
+cmpv2Enabled has to be true to enable aaf-cert-service to be instantiated and used with an external Certificate Authority to get certificates for secure communication.
+
+If cmpv2Testing is enabled then an EJBCA test server will be instantiated in the OOM deployment as well, and will come pre-configured with a test CA to request a certificate from.
+
+Currently the recommended mode is single-layer RA mode.
+
+
+Default Values:
+
++---------------------+---------------------------------------------------------------------------------------------------------------------------------+
+|  Name               | Value                                                                                                                           |
++=====================+=================================================================================================================================+
+| Request URL         | http://aaf-ejbca:8080/ejbca/publicweb/cmp/cmpRA                                                                              |
++---------------------+---------------------------------------------------------------------------------------------------------------------------------+
+| Response Type       | PKI Response                                                                                                                    |
++---------------------+---------------------------------------------------------------------------------------------------------------------------------+
+| caMode              | RA                                                                                                                              |
++---------------------+---------------------------------------------------------------------------------------------------------------------------------+
+| alias               | cmpRA                                                                                                                           |
++---------------------+---------------------------------------------------------------------------------------------------------------------------------+
+
+
+If you wish to configure the EJBCA server, you can find Documentation for EJBCA here: https://doc.primekey.com/ejbca/
+
+If you want to understand how CMP works on EJBCA in more detail, you can find Details here: https://download.primekey.com/docs/EJBCA-Enterprise/6_14_0/CMP.html
 
 Init Container for K8s
 ----------------------
-- 
2.16.6