summaryrefslogtreecommitdiffstats
path: root/docs/sections
diff options
context:
space:
mode:
authorJan Malkiewicz <jan.malkiewicz@nokia.com>2020-08-28 09:35:49 +0200
committerJan Malkiewicz <jan.malkiewicz@nokia.com>2020-08-28 10:17:09 +0200
commit0cbaa4e1bb42b19f33356f3e07ee47befe5ce785 (patch)
tree3756efca5d552a2932aab23655078f17ee1f93c3 /docs/sections
parentd628e674df545e8eb4c632514d3f358f01a95ca3 (diff)
Add description related to truststore merger.
Issue-ID: DCAEGEN2-2253 Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com> Change-Id: I6f244766a7d8480385257fa45a006f416a0aa8e9
Diffstat (limited to 'docs/sections')
-rw-r--r--docs/sections/tls_enablement.rst7
1 files changed, 5 insertions, 2 deletions
diff --git a/docs/sections/tls_enablement.rst b/docs/sections/tls_enablement.rst
index ec23f65b..3eb23007 100644
--- a/docs/sections/tls_enablement.rst
+++ b/docs/sections/tls_enablement.rst
@@ -176,6 +176,8 @@ This external TLS support doesn't influence ONAP internal traffic which is prote
* A string (``common_name``) that indicates common name which should be present in certificate. Specific for every blueprint (e.g. dcae-ves-collector for VES).
* A string (``sans``) that indicates list of Subject Alternative Names (SANs) which should be present in certificate. Delimiter - : Should contain common_name value and other FQDNs under which given component is accessible.
+ As a final step of the plugin the generated CMPv2 truststore entries will be appended to AAF CA truststore (see certificate artifacts below).
+
Example
.. code-block:: yaml
@@ -207,6 +209,7 @@ This external TLS support doesn't influence ONAP internal traffic which is prote
* ``keystore.pass``: A text file with a single line that contains the password for the ``keystore.p12`` keystore.
* ``truststore.p12``: A truststore containing the operator certificate. (Needed by clients that access TLS-protected servers in external traffic.)
* ``truststore.pass``: A text file with a single line that contains the password for the ``truststore.p12`` keystore.
- * ``trust.jks``: The AAF CA certificate and private key packaged in Java form.
- * ``trust.pass``: A text file with a single line that contains the password for ``trust.jks`` file.
+ * ``trust.jks``: A file with the AAF CA certificate and CMPv2 certificate with private key packaged in Java form.
+ * ``trust.jks.bak``: The (original) file with the AAF CA certificate only.
+ * ``trust.pass``: A text file with a single line that contains the password for ``trust.jks`` and ``trust.jks.bak`` file.
* ``cacert.pem``: The AAF CA certificate, in PEM form.