summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTony Hansen <tony@att.com>2020-09-01 17:52:12 +0000
committerGerrit Code Review <gerrit@onap.org>2020-09-01 17:52:12 +0000
commit278ba358ba8d22f81a1a5b1b644229bcb21b9147 (patch)
treefe75d76923d7b55f055365527fe6159b52d3e2b2
parent9a7a9312a80e3e074a27c29b573d01fc4ea1c5d1 (diff)
parent0cbaa4e1bb42b19f33356f3e07ee47befe5ce785 (diff)
Merge "Add description related to truststore merger."
-rw-r--r--.gitignore4
-rw-r--r--docs/sections/tls_enablement.rst7
2 files changed, 9 insertions, 2 deletions
diff --git a/.gitignore b/.gitignore
index d72f2138..3bbd4962 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,7 @@
docs/.DS_Store
*.DS_Store
site
+
+# IDEA intellij project files
+.idea/
+*.iml
diff --git a/docs/sections/tls_enablement.rst b/docs/sections/tls_enablement.rst
index ec23f65b..3eb23007 100644
--- a/docs/sections/tls_enablement.rst
+++ b/docs/sections/tls_enablement.rst
@@ -176,6 +176,8 @@ This external TLS support doesn't influence ONAP internal traffic which is prote
* A string (``common_name``) that indicates common name which should be present in certificate. Specific for every blueprint (e.g. dcae-ves-collector for VES).
* A string (``sans``) that indicates list of Subject Alternative Names (SANs) which should be present in certificate. Delimiter - : Should contain common_name value and other FQDNs under which given component is accessible.
+ As a final step of the plugin the generated CMPv2 truststore entries will be appended to AAF CA truststore (see certificate artifacts below).
+
Example
.. code-block:: yaml
@@ -207,6 +209,7 @@ This external TLS support doesn't influence ONAP internal traffic which is prote
* ``keystore.pass``: A text file with a single line that contains the password for the ``keystore.p12`` keystore.
* ``truststore.p12``: A truststore containing the operator certificate. (Needed by clients that access TLS-protected servers in external traffic.)
* ``truststore.pass``: A text file with a single line that contains the password for the ``truststore.p12`` keystore.
- * ``trust.jks``: The AAF CA certificate and private key packaged in Java form.
- * ``trust.pass``: A text file with a single line that contains the password for ``trust.jks`` file.
+ * ``trust.jks``: A file with the AAF CA certificate and CMPv2 certificate with private key packaged in Java form.
+ * ``trust.jks.bak``: The (original) file with the AAF CA certificate only.
+ * ``trust.pass``: A text file with a single line that contains the password for ``trust.jks`` and ``trust.jks.bak`` file.
* ``cacert.pem``: The AAF CA certificate, in PEM form.