summaryrefslogtreecommitdiffstats
path: root/docs/sections/services
diff options
context:
space:
mode:
authorandrzejszukuc <andrzej.szukuc@nokia.com>2018-11-28 18:09:37 +0100
committerandrzejszukuc <andrzej.szukuc@nokia.com>2018-11-28 18:39:37 +0100
commit96e029e6796dd96324d8abd9a5dfc569d0976fc5 (patch)
treeff1198d97ddace2f3fe8ffaee2758a5f2fde535f /docs/sections/services
parentab471f670461483cf8f8aeaa12064afd00fbabfd (diff)
Adding docs for TLS mutual authentication in VES.
Issue-ID: DCAEGEN2-959 Change-Id: Iad5c4c02635579d0e4310d2e92bd3b56fa81d547 Signed-off-by: ANDRZEJ SZUKUC <andrzej.szukuc@nokia.com>
Diffstat (limited to 'docs/sections/services')
-rw-r--r--docs/sections/services/ves-http/index.rst2
-rw-r--r--docs/sections/services/ves-http/tls-authentication.rst20
2 files changed, 21 insertions, 1 deletions
diff --git a/docs/sections/services/ves-http/index.rst b/docs/sections/services/ves-http/index.rst
index 48b91d8c..e1edb4b6 100644
--- a/docs/sections/services/ves-http/index.rst
+++ b/docs/sections/services/ves-http/index.rst
@@ -23,7 +23,7 @@ VES Collector (HTTP) overview and functions
./configuration.rst
./delivery.rst
./installation.rst
-
+ ./tls-authentication.rst
API reference
^^^^^^^^^^^^^
diff --git a/docs/sections/services/ves-http/tls-authentication.rst b/docs/sections/services/ves-http/tls-authentication.rst
new file mode 100644
index 00000000..b3cbafdf
--- /dev/null
+++ b/docs/sections/services/ves-http/tls-authentication.rst
@@ -0,0 +1,20 @@
+.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. http://creativecommons.org/licenses/by/4.0
+
+Certificates as authentication method for PNFs/VNFs
+===================================================
+
+VES supports mutual TLS authentication via X.509 certificates. If VES is deployed via docker image then VES configuration can be modified by editing */opt/app/VESCollector/etc/collector.properties* which is present on the docker container. VES detects changes made to the mentioned file automatically and restarts the application.
+
+The authentication can be enabled by *collector.service.secure.clientauth* property. When *collector.service.secure.clientauth=1* VES uses additional properties:
+
+ * *collector.truststore.file.location* - a path to jks trust store containing certificates of clients or certificate authorities
+ * *collector.truststore.passwordfile* - a path to file containing password for the trust store
+
+Of course, mutual TLS authentication requires also server certificates, so following properties have to be set to valid values:
+
+ * *collector.keystore.file.location* - a path to jks key store containing certificates which can be used for TLS handshake
+ * *collector.keystore.passwordfile* - a path to file containing a password for the key store
+ * *collector.keystore.alias* - a name of a certificate from a key store which VES will use during TLS handshake
+
+Property *header.authflag=1* may by used along *collector.service.secure.clientauth=1* in order to enable mutual TLS authentication and basic HTTP authentication.