Versions Compared

Old Version 9

changes.mady.by.user Jonathan Gathman

Saved on

compared with

New Version Current

changes.mady.by.user Jonathan Gathman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents
exclude""
printablefalse

Access

You must be connected to the WindRiver "pod-onap-01" VPN to gain access to AAF Beijing

...

This Root Certificate is also available in "truststore" form, ready to be used by Java or other processes in pkcs12 format:

...

      •   -  This Truststore has ONLY the ONAP AAF_RootCA in it.
      • truststoreONAPall.jks - This Truststore has the ONAP AAF_RootCA in it PLUS all the Public CA Certs that are in Java 1.8.131 (note: this is in jks format, because the original JAVA truststore was in jks format)

Note: as of Java 8, pkcs12 format is recommended, rather than jks.  Java's "keytool" utility provides a conversion for .jks for Java 7 and previous.

...

  Applications

# 0 - unique ID - Let's go with this naming convention:  a[0-9]{4}[a-z,0-9], meaning the letter "a", followed by 4 digits and a final letter or digit. For ONAP Test, this will be the same a the App Acronym.
# 1 - full name of the App
# 2 - App Acronym
# 3 - App Description, or just "Application"
# 5 - official email - a Distribution list for the Application, or the Email of the Owner
# 6 - type - application
# 7 - reports to: give the Application Owner's Unique ID.  Note, this should also be the Owner in AAF Namespace

...

Application Client-only certificates are not tied to a specific machine.  They function just like people, only it is expected that they are used within "keystores" as identity when talking to AAF enabled components.

PLEASE USE your APP NAME IN CI/CD (OOM, etc) in your request.  That makes the most sense for identity.

Automation and tracking of Application Certificates will be proposed for Casablanca. 

In the meantime, for testing purposes, you may request a certificate from AAF team, see process.

Application Service 

This kind of Certificate must have the Machine Name in the "CN=" position.  

AAF supports Automated Certificate Deployment, but this has not been integrated with OOM at this time (April 12, 2018).  

    • Please request Manual Certificate, but specify the Machine as well.  Machine should be a name, so you might need to provide your Clients with instructions on adding to /etc/hosts until ONAP address Name Services for ONAP Environments (i.e. DNS)

GUI

https://aaf-onap-beijing-test.osaaf.org

...