...
- Legacy AAF CertMan which uses SCEP protocol or own internal Certificate Authority - mostly used by AT&T and integrated with several ONAP components
- New CertService which uses CMPv2 to enroll certificates - integrated with ONAP bordering components to protect external traffic
- K8s Cert-Manager which is OOM way forward to enroll certificates for ONAP components and de-facto industry standard for K8s based clouds
It is time to unify them and use forward just one of them.
...
| Gliffy | |||||||
|---|---|---|---|---|---|---|---|
|
Limitations
After detailed check found out that K8s Cert-Manager doesn't correctly handle issuer's response which contains multiple trusted certificates, aka root CAs. For that following community bugs were reported:
Future
CertService API enhancements
...