From b8fff00b8fde6e95a2eaf9efe6a118d49dc35ebd Mon Sep 17 00:00:00 2001 From: TamasBakai Date: Thu, 27 Jun 2019 13:32:41 +0200 Subject: DfC certificate handling clarifications Issue-ID: DCAEGEN2-1603 Change-Id: I5199e867ae27e2565b5cae99a5b75924d9b489a1 Signed-off-by: TamasBakai --- docs/sections/services/dfc/certificates.rst | 40 ++++++++++++++++++++++++++--- 1 file changed, 36 insertions(+), 4 deletions(-) diff --git a/docs/sections/services/dfc/certificates.rst b/docs/sections/services/dfc/certificates.rst index 17bfb2f3..05728235 100644 --- a/docs/sections/services/dfc/certificates.rst +++ b/docs/sections/services/dfc/certificates.rst @@ -71,9 +71,40 @@ We have two keystore files, one for TrustManager, one for KeyManager. keytool -importkeystore -deststorepass [changeit] -destkeypass [changeit] -destkeystore dfc.jks -srckeystore dfc.p12 -srcstoretype PKCS12 -srcstorepass [some-password] -alias [some-alias] -3. Finished +4. Update existing jks.b64 files +--------------------------------- -4. Configure vsftpd: +Copy the existing jks from the DFC container to a local environment. + + .. code:: bash + + docker cp :/opt/app/datafile/config/ftp.jks . + docker cp :/opt/app/datafile/config/dfc.jks . + + .. code:: bash + + openssl base64 -in ftp.jks -out ftp.jks.b64 + openssl base64 -in dfc.jks -out dfc.jks.b64 + + .. code:: bash + + chmod 755 ftp.jks.b64 + chmod 755 dfc.jks.b64 + +Copy the new jks.64 files from local environment to the DFC container. + + .. code:: bash + + docker cp ftp.jks.b64 :/opt/app/datafile/config/ + docker cp dfc.jks.b64 :/opt/app/datafile/config/ + +Finally + + .. code:: bash + + docker restart + +5. Configure vsftpd: -------------------- update /etc/vsftpd/vsftpd.conf: @@ -97,7 +128,7 @@ We have two keystore files, one for TrustManager, one for KeyManager. ssl_request_cert=YES ca_certs_file=/home/vsftpd/myuser/dfc.crt -5. Configure config/datafile_endpoints.json: +6. Configure config/datafile_endpoints.json: -------------------------------------------- Update the file accordingly: @@ -110,6 +141,7 @@ We have two keystore files, one for TrustManager, one for KeyManager. "trustedCAPassword": "[yourpassword]" } -6. This has been tested with vsftpd and dfc, with self-signed certificates. +7. Other conditions --------------------------------------------------------------------------- + This has been tested with vsftpd and dfc, with self-signed certificates. In real deployment, we should use ONAP-CA signed certificate for DFC, and vendor-CA signed certificate for xNF -- cgit 1.2.3-korg