From a4aeefb08d2ed5fb10a94fe3df63910db7827d33 Mon Sep 17 00:00:00 2001 From: dglFromAtt Date: Wed, 3 Apr 2019 23:16:06 +0000 Subject: Add client cert PEM files for authenticated requests Note also relocated AAF cert artifacts since they are used by both docker images created in this repo. Change-Id: I539c0062ab9bc573e610bc7669d78e9528e2aace Signed-off-by: dglFromAtt Issue-ID: DMAAP-1142 --- certs/README | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 certs/README (limited to 'certs/README') diff --git a/certs/README b/certs/README new file mode 100644 index 0000000..2f7f410 --- /dev/null +++ b/certs/README @@ -0,0 +1,55 @@ +Procedure to create pem files for curl use within dbc-client container. + +1. Download certificate artifacts from AAF +1b. Remember to run the showpass step to capture the cleartext passwords. Assume this will be in a file with suffix .showpass. +1c. Add AAF artifacts to buscontroller project under buscontroller/certs + +2. Display passwords in showpass file + + ubuntu@dgl-rancher:~/dublin/buscontroller/certs$ cat *showpass + cadi_truststore_password=8b&R5%l$l:@jSWz@FCs;rhY* + cadi_keystore_password_jks=Y@Y5f&gm?PAz,CVQL,lk[VAF + cadi_key_password=2U[iOZzMHI:.#tdCwlBqc;}S + cadi_keystore_password=2U[iOZzMHI:.#tdCwlBqc;}S + cadi_keystore_password_p12=2U[iOZzMHI:.#tdCwlBqc;}S + Challenge=9H83TErBrN!u?;]1iCK@&69? + 2019-03-22T17:38:32.447+0000: Trans Info + REMOTE Show Password 2214.6292ms + +3. copy the value for cadi_keystore_password_p12 into clipboard + +4. Use openssl to create pem files. NOTE: paste pwd from step 3 to all answers. + + ubuntu@dgl-rancher:~/dublin/buscontroller/certs$ openssl pkcs12 -in ./org.onap.dmaap-bc.p12 -out ca.pem -cacerts -nokeys + Enter Import Password: + MAC verified OK + + ubuntu@dgl-rancher:~/dublin/buscontroller/certs$ openssl pkcs12 -in ./org.onap.dmaap-bc.p12 -out client.pem -clcerts -nokeys + Enter Import Password: + MAC verified OK + + ubuntu@dgl-rancher:~/dublin/buscontroller/certs$ openssl pkcs12 -in ./org.onap.dmaap-bc.p12 -out key.pem -nocerts + Enter Import Password: + MAC verified OK + Enter PEM pass phrase: + Verifying - Enter PEM pass phrase: + +5. Confirm new pem files are created: + + ubuntu@dgl-rancher:~/dublin/buscontroller/certs$ ls -l + total 52 + -rw-rw-r-- 1 ubuntu ubuntu 1759 Apr 3 14:52 ca.pem + -rw-rw-r-- 1 ubuntu ubuntu 1791 Apr 3 14:53 client.pem + -rw-rw-r-- 1 ubuntu ubuntu 1997 Apr 3 14:55 key.pem + -rw-rw-r-- 1 ubuntu ubuntu 1159 Apr 3 11:59 org.onap.dmaap-bc.cred.props + -rw-rw-r-- 1 ubuntu ubuntu 751 Apr 3 11:59 org.onap.dmaap-bc.crontab.sh + -rw-rw-r-- 1 ubuntu ubuntu 3613 Apr 3 11:59 org.onap.dmaap-bc.jks + -rw-rw-r-- 1 ubuntu ubuntu 2074 Apr 3 11:59 org.onap.dmaap-bc.keyfile + -rw-rw-r-- 1 ubuntu ubuntu 289 Apr 3 11:59 org.onap.dmaap-bc.location.props + -rw-rw-r-- 1 ubuntu ubuntu 4151 Apr 3 11:59 org.onap.dmaap-bc.p12 + -rw-rw-r-- 1 ubuntu ubuntu 629 Apr 3 11:59 org.onap.dmaap-bc.props + -rw-rw-r-- 1 ubuntu ubuntu 365 Apr 3 11:59 org.onap.dmaap-bc.showpass + -rw-rw-r-- 1 ubuntu ubuntu 1413 Apr 3 11:59 org.onap.dmaap-bc.trust.jks + +6. pem files can now be included in docker image + -- cgit 1.2.3-korg