...

• Legacy AAF CertMan which uses SCEP protocol or own internal Certificate Authority - mostly used by AT&T and integrated with several ONAP components
• New CertService which uses CMPv2 to enroll certificates - integrated with ONAP bordering components to protect external traffic
• K8s Cert-Manager which is OOM way forward to enroll certificates for ONAP components and de-facto industry standard for K8s based clouds

It is time to unify them and use forward just one of them.

...

Limitations

After detailed check found out that K8s Cert-Manager doesn't correctly handle issuer's response which contains multiple trusted certificates, aka root CAs. For that following community bugs were reported:

1. Add multiple trustedCertEntries to truststores
2. JKS and PKCS12 Keystores are inconsistent

Future

CertService API enhancements

...