Versions Compared

Old Version 27

changes.mady.by.user Pawel Baniewski

Saved on

compared with

New Version 28

changes.mady.by.user Pawel Baniewski

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Value

Description

Information Included

PKIHeaderContains information common to many PKI messages.
  • SenderDN
  • IssuerDN
  • ProtectionAlgorithm(used for PkiProtection below)
PKIBodycontains message-specific information ie. certificate request message
  • CertificateRequestMessage, which includes:
    • SubjectDN
    • IssuerDN
    • SubjectPublicKey
PKIProtectioncontains bits that protect PKImessage (Specifically the iak/rv)

CertService's client

...


Test code for running cmpv2 client against EJBCA server through unit test




CertService's client

CertService's client properties

GroupParameter nameENV parameter nameRequiredDefaultSyntaxDescriptionOrigin

Timeout
No30s
Timeout for REST API callsApplication helm chart

Path
Yes

Path where client will output generated keystore and truststore. Normally this path should be on a volume which is used to transfer keystore and truststore between CertService's client and end componentApplication helm chart

CA name
Yes

Name of CA which will enroll certificate. Must be same as configured on server side. Used in REST API callsOOM global value





CSR details

Common Name
Yes

Common name for which certificate from CMPv2 server should be issuedApplication helm chart
Organization
Yes

Organization for which certificate from CMPv2 server should be issuedOOM global value
Organization Unit
No

Organization unit for which certificate from CMPv2 server should be issuedOOM global value
Location
No

Location for which certificate from CMPv2 server should be issuedOOM global value
State
Yes

State for which certificate from CMPv2 server should be issuedOOM global value
Country
Yes

Country for which certificate from CMPv2 server should be issuedOOM global value
SANs
No

Subject Alternative Names (SANs) for which certificate from CMPv2 server should be issuedApplication helm chart


Usage

Cause ONAP is deployed in K8s, CertService's client will be delivered as independent container and should run as init container for end component. Both init container and end component must mount the same volume (persistent or ephemeral) to transfer generated artifacts.

Within you K8s workload add CertService's client as init container.

Make sure you pass as ENV variables all required parameters.

Mount to init container and your application container the same volume.