...
Components description
CertService
REST API
Method | Endpoint | Parameter | Returned values | ||||||
---|---|---|---|---|---|---|---|---|---|
Name | Is required? | Transfer method | Description | Name | Always returned? | Transfer method | Description | ||
GET | /certificate/{caName} | CA name | Yes | Path parameter | Name of Certificate Authority which should sign sent CSR. Must match CertService's CMPv2 servers configuration. | Certificate chain | Yes | Body (JSON) | Base64 decoded signed certificate with whole certificate chain (intermediate CA certificates). |
Base64 encoded CSR (Certificate Signing Request) | Yes | Header | Certificate Signing Request for given component | Trusted certificates | Yes | Body (JSON) | Base64 decoded list of trusted certificates. In other words list of root CAs which should be treated as trust anchors. Must contain root CA which was used to sign certificate and may contain other root CAs. | ||
Base64 encoded private key | Yes | Header | Private key. Needed to create proof of possession (PoP) |
OpenAPI
Swagger will be added here
...
Code Block |
---|
CertService's client
CertService's client input properties
Group | Parameter name | ENV variable name | Required | Default | Syntax | Description | Origin |
---|---|---|---|---|---|---|---|
Url | REQUEST_URL | No | http(s)://cert-service:8080/certificate/ | URL | URL to Cert Service. Default value will be aligned with ONAP K8s deployment (Cert Service's K8s service name and port). Needs to be changed for plain docker deployment. | Application helm chart | |
Timeout | REQUEST_TIMEOUT | No | 30000 | 0-120000 | Timeout for REST API calls. In miliseconds. A timeout value of zero is interpreted as an infinite timeout. | Application helm chart | |
Path | OUTPUT_PATH | Yes | Path where client will output generated keystore and truststore. Normally this path should be on a volume which is used to transfer keystore and truststore between CertService's client and end component | Application helm chart | |||
CA name | CA_NAME | Yes | Name of CA which will enroll certificate. Must be same as configured on server side. Used in REST API calls | OOM global value | |||
CSR details | Common Name | COMMON_NAME | Yes | Common name for which certificate from CMPv2 server should be issued | Application helm chart | ||
Organization | ORGANIZATION | Yes | Organization for which certificate from CMPv2 server should be issued | OOM global value | |||
Organization Unit | ORGANIZATION_UNIT | No | Not available in generated certificate | Organization unit for which certificate from CMPv2 server should be issued | OOM global value | ||
Location | LOCATION | No | Not available in generated certificate | Location for which certificate from CMPv2 server should be issued | OOM global value | ||
State | STATE | Yes | State for which certificate from CMPv2 server should be issued | OOM global value | |||
Country | COUNTRY | Yes | Country for which certificate from CMPv2 server should be issued | OOM global value | |||
SANs | SANS | No | Not available in generated certificate | SAN1[:SAN2] | Subject Alternative Names (SANs) for which certificate from CMPv2 server should be issued. Colon is used as delimiter | Application helm chart |
Results
As the successful result of running CertService's client (exitCode = 0) following artifacts are created:
Other exitCodes:
File interface (names, passwords) should be defined
...