Guilin - Configuration of Certs

This page contains information about the default certs in Policy Agent, as well as how to update/replace them using docker.

Policy Management Service

The Policy Management Service uses the default keystore and truststore that are built into the container. The paths and passwords for these stores are located in a yaml file:
            oran/a1-policy-management/config/application.yaml



There is also Policy Management Service's own cert in the default truststore for mocking purposes and unit-testing (ApplicationTest.java).

The default keystore, truststore, and application.yaml files can be overridden by mounting new files using the "volumes" field of docker-compose or docker run command.

Assuming that the keystore, truststore, and application.yaml files are located in the same directory as docker-compose, the volumes field should have these entries:

volumes:
        - ./new_keystore.jks:/opt/app/policy-agent/etc/cert/keystore.jks:ro

        - ./new_truststore.jks:/opt/app/policy-agent/etc/cert/truststore.jks:ro

        - ./new_application.yaml:/opt/app/policy-agent/config/application.yaml:ro

The target paths in the container should not be modified.

Example docker run command for mounting new files (assuming they are located in the current directory):

docker run -p 8081:8081 -p 8433:8433 --name=policy-agent-container --network=nonrtric-docker-net --volume "$PWD/new_keystore.jks:/opt/app/policy-agent/etc/cert/keystore.jks" --volume "$PWD/new_truststore.jks:/opt/app/policy-agent/etc/cert/truststore.jks" --volume "$PWD/new_application.yaml:/opt/app/policy-agent/config/application.yaml" onap/ccsdk-oran-a1policymanagementservice:1.0.3-SNAPSHOT