diff options
| author |   RehanRaza <muhammad.rehan.raza@est.tech> | 2020-08-03 15:56:03 +0200 |
|---|---|---|
| committer | RehanRaza <muhammad.rehan.raza@est.tech> | 2020-08-04 11:35:30 +0200 |
| commit | 0e3740a9011f59e18b0e65230d1ba61ec6ab8ba6 (patch) | |
| tree | 5cb4cccc06d0295a47044c9fba94f5f85e74fef6 /a1-policy-management/config/README | |
| parent | 5a2cc540766299ac4fabcdf29aecabf9df71bc9d (diff) | |
Add seed code for A1 policy management service
Change-Id: I4925a613a85b182aab6d78dafd55ec333acba49d
Issue-ID: CCSDK-2617
Signed-off-by: RehanRaza <muhammad.rehan.raza@est.tech>
Diffstat (limited to 'a1-policy-management/config/README')
| -rw-r--r-- | a1-policy-management/config/README | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/a1-policy-management/config/README b/a1-policy-management/config/README new file mode 100644 index 00000000..b54a6751 --- /dev/null +++ b/a1-policy-management/config/README @@ -0,0 +1,42 @@ +The keystore.jks and truststore.jks files are created by using the following commands (note that this is an example): + +1) Create a CA certificate and a private key: + +openssl genrsa -des3 -out CA-key.pem 2048 +openssl req -new -key CA-key.pem -x509 -days 1000 -out CA-cert.pem + +2) Create a keystore with a private key entry that is signed by the CA: + +keytool -genkeypair -alias policy_agent -keyalg RSA -keysize 2048 -keystore keystore.jks -validity 3650 -storepass policy_agent +keytool -certreq -alias policy_agent -file request.csr -keystore keystore.jks -ext san=dns:your.domain.com -storepass policy_agent +openssl x509 -req -days 365 -in request.csr -CA CA-cert.pem -CAkey CA-key.pem -CAcreateserial -out ca_signed-cert.pem +keytool -importcert -alias ca_cert -file CA-cert.pem -keystore keystore.jks -trustcacerts -storepass policy_agent +keytool -importcert -alias policy_agent -file ca_signed-cert.pem -keystore keystore.jks -trustcacerts -storepass policy_agent + + +3) Create a trust store containing the CA cert (to trust all certs signed by the CA): + +keytool -genkeypair -alias not_used -keyalg RSA -keysize 2048 -keystore truststore.jks -validity 3650 -storepass policy_agent +keytool -importcert -alias ca_cert -file CA-cert.pem -keystore truststore.jks -trustcacerts -storepass policy_agent + + +4) Command for listing of the contents of jks files, examples: +keytool -list -v -keystore keystore.jks -storepass policy_agent +keytool -list -v -keystore truststore.jks -storepass policy_agent + +## License + +ONAP : ccsdk oran +Copyright (C) 2020 Nordix Foundation. All rights reserved. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + |