From e59bd6b738d22192d8dd56755f80e41ac4d5eef5 Mon Sep 17 00:00:00 2001 From: Adam Wudzinski Date: Wed, 22 Apr 2020 11:24:24 +0200 Subject: [PATCH] Add mTLS certificates generation documentation Signed-off-by: Adam Wudzinski Issue-ID: AAF-1091 Change-Id: I69199e98a50c2e18be7b45bf6097842459247d6e --- docs/sections/configuration.rst | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/docs/sections/configuration.rst b/docs/sections/configuration.rst index baf2d4ac..c71d28ce 100644 --- a/docs/sections/configuration.rst +++ b/docs/sections/configuration.rst @@ -175,6 +175,34 @@ Dynamic: curl -I https://localhost:$HTTPS_PORT/reload --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD +Generating certificates for CertService and CertService Client +-------------------------------------------------------------- +CertService and CertService client use mutual TLS for communication. Certificates are generated using Makefile. + +Local: +^^^^^^ + +Certificates are mounted to containers by docker volumes: + + - CertService volumes are defined in certservice/docker-compose.yaml + - CertClient volumes are defined in certservice/Makefile + +All certificates are stored in *certservice/certs* directory. To recreate certificates go to *certservice/certs* directory and execute:: + + make clear all + +This will clear existing certs and generate new ones. + +OOM: +^^^^ + +Certificates are stored in secrets, which are mounted to pods as volumes. Both secrets are stored in *kubernetes/aaf/charts/aaf-cert-service/templates/secret.yaml*. +Secrets take certificates from *kubernetes/aaf/charts/aaf-cert-service/resources* directory. Certificates are generated automatically during building(using Make) OOM repository. + +*kubernetes/aaf/charts/aaf-cert-service/Makefile* is similar to the one stored in certservice repository. It actually generates certificates. +This Makefile is executed by *kubernetes/aaf/Makefile*, which is automatically executed during OOM build. + + Configuring EJBCA server for testing ------------------------------------ -- 2.16.6