Montreal - Configuration of Certs
This page contains information about the default security certs in A1 Policy Management Service, as well as how to update/replace them using docker.
Policy Management Service
The A1 Policy Management Service uses the default keystore and truststore that are built into the container. The paths and passwords for these stores are located in a yaml
file as shown in Montreal - Component configuration
There is also Policy Management Service's own cert in the default truststore for mocking purposes and unit-testing (ApplicationTest.java).
The default keystore
, truststore
, and application.yaml
files can be overridden by mounting new files using the the docker "volumes" command for docker-compose
or when using the docker run
command. (The target paths in the container should not be modified.)
For docker-compose
assuming that the keystore
, truststore
, and application.yaml
files are located in the same directory as the docker-compose file, the volumes field should have these entries:
Docker Volume configuration to change certs /static configuration
volumes:
- ./new_keystore.jks:/opt/app/policy-agent/etc/cert/keystore.jks:ro
- ./new_truststore.jks:/opt/app/policy-agent/etc/cert/truststore.jks:ro
- ./new_application.yaml:/opt/app/policy-agent/config/application.yaml:ro
Example docker run
command for mounting new files (assuming they are located in the current directory):
Sample Docker command
docker run -p 8081:8081 -p 8433:8433 --name=a1policymanagmentservice --network=nonrtric-docker-net --volume "$PWD/new_keystore.jks:/opt/app/policy-agent/etc/cert/keystore.jks" --volume "$PWD/new_truststore.jks:/opt/app/policy-agent/etc/cert/truststore.jks" --volume "$PWD/new_application.yaml:/opt/app/policy-agent/config/application.yaml" onap/ccsdk-oran-a1policymanagementservice:1.6.1