...
Value | Description | Information Included |
---|---|---|
PKIHeader | Contains information common to many PKI messages. |
|
PKIBody | contains message-specific information ie. certificate request message |
|
PKIProtection | contains bits that protect PKImessage (Specifically the iak/rv) |
CertService's client
...
Test code for running cmpv2 client against EJBCA server through unit test
CertService's client
CertService's client properties
Group | Parameter name | ENV parameter name | Required | Default | Syntax | Description | Origin |
---|---|---|---|---|---|---|---|
Timeout | No | 30s | Timeout for REST API calls | Application helm chart | |||
Path | Yes | Path where client will output generated keystore and truststore. Normally this path should be on a volume which is used to transfer keystore and truststore between CertService's client and end component | Application helm chart | ||||
CA name | Yes | Name of CA which will enroll certificate. Must be same as configured on server side. Used in REST API calls | OOM global value | ||||
CSR details | Common Name | Yes | Common name for which certificate from CMPv2 server should be issued | Application helm chart | |||
Organization | Yes | Organization for which certificate from CMPv2 server should be issued | OOM global value | ||||
Organization Unit | No | Organization unit for which certificate from CMPv2 server should be issued | OOM global value | ||||
Location | No | Location for which certificate from CMPv2 server should be issued | OOM global value | ||||
State | Yes | State for which certificate from CMPv2 server should be issued | OOM global value | ||||
Country | Yes | Country for which certificate from CMPv2 server should be issued | OOM global value | ||||
SANs | No | Subject Alternative Names (SANs) for which certificate from CMPv2 server should be issued | Application helm chart |
Usage
Cause ONAP is deployed in K8s, CertService's client will be delivered as independent container and should run as init container for end component. Both init container and end component must mount the same volume (persistent or ephemeral) to transfer generated artifacts.
Within you K8s workload add CertService's client as init container.
Make sure you pass as ENV variables all required parameters.
Mount to init container and your application container the same volume.