Versions Compared

Old Version 5

changes.mady.by.user David Farrelly

Saved on

compared with

New Version 6

changes.mady.by.user Vijay Kumar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...

DCAE has generalized process of certificate distribution as documented here - https://docs.onap.org/en/latest/submodules/dcaegen2.git/docs/sections/tls_enablement.html


Generation of AAF based certificate

Note: Check validity of cert is at least 1 year from date of generation

Request Access to AAF test instance:

  • Create a task ticket with components name “Multi-geo LAB” on ONAP OPENLABS JIRA requesting access to POD-ONAP-01 and OpenVPN credentials. 
  • Assign the ticket to Stephen Gooch (stephen.gooch@windriver.com)

...

Now you are finished with the AAF gui.

Translation of the generated certificate into TLS container artifacts

Once you have updated the certificate on the AAF gui, you can create the required artifacts. 

...

These artifacts must be uploaded to the TLS Container repo https://git.onap.org/dcaegen2/deployments/tree/tls-init-container/tls

Blueprint updates

Once the updated artifacts have been placed in the TLS Container repo, you will need to update your components blueprint by adding a new node_template, the cert_directory parameter is the location on your container in which you expect to find the certificates

Code Block
languageyml
tls_info:
  cert_directory: '/opt/app/component-name/etc/cert/'
  use_tls: true


Current SAN Listing

 

config-binding-service, config-binding-service.onap, config-binding-service.onap.svc.cluster.local, dcae-cloudify-manager, dcae-cloudify-manager.onap, dcae-cloudify-manager.onap.svc.cluster.local, dcae-tca-analytics, dcae-tca-analytics.onap, dcae-tca-analytics.onap.svc.cluster.local, dcae-ves-collector, dcae-ves-collector.onap, dcae-ves-collector.onap.svc.cluster.local, deployment-handler, deployment-handler.onap, deployment-handler.onap.svc.cluster.local, holmes-engine-mgmt, holmes-engine-mgmt.onap, holmes-engine-mgmt.onap.svc.cluster.local, holmes-rule-mgmt, holmes-rules-mgmt.onap, holmes-rules-mgmt.onap.svc.cluster.local, inventory, inventory.onap, inventory.onap.svc.cluster.local, policy-handler, policy-handler.onap, policy-handler.onap.svc.cluster.local,dcae-hv-ves-collector, dcae-hv-ves-collector.onap, dcae-hv-ves-collector.onap.svc.cluster.local, dcae-prh, dcae-prh.onap, dcae-prh.onap.svc.cluster.local, dcae-datafile-collector, dcae-datafile-collector.onap, dcae-datafile-collector.onap.svc.cluster.local, dcae-pm-mapper, dcae-pm-mapper.onap, dcae-pm-mapper.onap.svc.cluster.local