summaryrefslogtreecommitdiffstats
path: root/a1-policy-management/config/README
diff options
context:
space:
mode:
authorRehanRaza <muhammad.rehan.raza@est.tech>2020-08-03 15:56:03 +0200
committerRehanRaza <muhammad.rehan.raza@est.tech>2020-08-04 11:35:30 +0200
commit0e3740a9011f59e18b0e65230d1ba61ec6ab8ba6 (patch)
tree5cb4cccc06d0295a47044c9fba94f5f85e74fef6 /a1-policy-management/config/README
parent5a2cc540766299ac4fabcdf29aecabf9df71bc9d (diff)
Add seed code for A1 policy management service
Change-Id: I4925a613a85b182aab6d78dafd55ec333acba49d Issue-ID: CCSDK-2617 Signed-off-by: RehanRaza <muhammad.rehan.raza@est.tech>
Diffstat (limited to 'a1-policy-management/config/README')
-rw-r--r--a1-policy-management/config/README42
1 files changed, 42 insertions, 0 deletions
diff --git a/a1-policy-management/config/README b/a1-policy-management/config/README
new file mode 100644
index 00000000..b54a6751
--- /dev/null
+++ b/a1-policy-management/config/README
@@ -0,0 +1,42 @@
+The keystore.jks and truststore.jks files are created by using the following commands (note that this is an example):
+
+1) Create a CA certificate and a private key:
+
+openssl genrsa -des3 -out CA-key.pem 2048
+openssl req -new -key CA-key.pem -x509 -days 1000 -out CA-cert.pem
+
+2) Create a keystore with a private key entry that is signed by the CA:
+
+keytool -genkeypair -alias policy_agent -keyalg RSA -keysize 2048 -keystore keystore.jks -validity 3650 -storepass policy_agent
+keytool -certreq -alias policy_agent -file request.csr -keystore keystore.jks -ext san=dns:your.domain.com -storepass policy_agent
+openssl x509 -req -days 365 -in request.csr -CA CA-cert.pem -CAkey CA-key.pem -CAcreateserial -out ca_signed-cert.pem
+keytool -importcert -alias ca_cert -file CA-cert.pem -keystore keystore.jks -trustcacerts -storepass policy_agent
+keytool -importcert -alias policy_agent -file ca_signed-cert.pem -keystore keystore.jks -trustcacerts -storepass policy_agent
+
+
+3) Create a trust store containing the CA cert (to trust all certs signed by the CA):
+
+keytool -genkeypair -alias not_used -keyalg RSA -keysize 2048 -keystore truststore.jks -validity 3650 -storepass policy_agent
+keytool -importcert -alias ca_cert -file CA-cert.pem -keystore truststore.jks -trustcacerts -storepass policy_agent
+
+
+4) Command for listing of the contents of jks files, examples:
+keytool -list -v -keystore keystore.jks -storepass policy_agent
+keytool -list -v -keystore truststore.jks -storepass policy_agent
+
+## License
+
+ONAP : ccsdk oran
+Copyright (C) 2020 Nordix Foundation. All rights reserved.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+