From 384b7b14722c5a2e351d61b3779869d680cebf8f Mon Sep 17 00:00:00 2001 From: tkogut Date: Fri, 16 Oct 2020 13:01:29 +0200 Subject: Adjust PNF simulator to use strict hostname checking. Use separate keystore/truststore for ves. Add network for communication between ves and pnfsim. Issue-ID: INT-1744 Signed-off-by: tkogut Change-Id: I6626ac6d6f74e739aeb93879eddfd44f9e9383ea --- pnfsimulator/README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'pnfsimulator/README.md') diff --git a/pnfsimulator/README.md b/pnfsimulator/README.md index 25f84da..81e59fc 100644 --- a/pnfsimulator/README.md +++ b/pnfsimulator/README.md @@ -398,7 +398,7 @@ Warning: according to VES implementation which uses certificate with Common Name 1. Generate a private key for the SSL client: ```openssl genrsa -out client.key 2048``` 2. Use the client’s private key to generate a cert request: ```openssl req -new -key client.key -out client.csr``` 3. Issue the client certificate using the cert request and the CA cert/key: ```openssl x509 -req -in client.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out client.crt -days 500 -sha256``` - 4. Convert the client certificate and private key to pkcs#12 format: openssl pkcs12 -export -inkey client.key -in client.cer -out client.p12 + 4. Convert the client certificate and private key to pkcs#12 format: ```openssl pkcs12 -export -inkey client.key -in client.crt -out client.p12``` 5. Copy pkcs file into pnf simulators folder: ```/app/store/``` #### How to generate correct truststore for pnf-simulator @@ -417,8 +417,9 @@ For this purpose: 2. If you want to replace keystore or truststore put them into the /app/store folder. 3. Edit /app/application.properties file as follow: - ssl.clientCertificateEnabled=true (to disable/enable client authentication) +- ssl.strictHostnameVerification=true (to disable/enable hostname verification) - ssl.clientCertificateDir=/app/store/client.p12 (to replace keystore file) - ssl.clientCertificatePassword=collector (to replace password for keystore) - ssl.trustStoreDir=/app/store/trustStore (to replace truststore file) - ssl.trustStorePassword=collector (to replace password for truststore) -4. Refresh configuration by sending simple POST request to correct actuator endpoint at: ```curl http://localhost:5001/refresh -H 'Content-type: application/json' -X POST --data '{}'``` +4. Refresh configuration by sending simple POST request to correct actuator endpoint at: ```curl http://localhost:5000/refresh -H 'Content-type: application/json' -X POST --data '{}'``` -- cgit 1.2.3-korg