From c57b58ddca8fa19fad93b3aea70e556ad6f045d8 Mon Sep 17 00:00:00 2001 From: Sylvain Desbureaux Date: Tue, 23 Feb 2021 18:07:34 +0100 Subject: [AAI][SCHEMA] Remove Hardcoded certificates Use Certinitializer in order to retrieve needed certificates. It'll also do the retrieval for graphadmin as both microservices are working together. Issue-ID: OOM-2691 Signed-off-by: Sylvain Desbureaux Change-Id: Iad790cc14361cf15d5a6bf4fcad6fd9f4048a1a7 --- .../aai-schema-service/config/application.properties | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'kubernetes/aai/components/aai-schema-service/config/application.properties') diff --git a/kubernetes/aai/components/aai-schema-service/config/application.properties b/kubernetes/aai/components/aai-schema-service/config/application.properties index ad700dce6e..a3f7998a8f 100644 --- a/kubernetes/aai/components/aai-schema-service/config/application.properties +++ b/kubernetes/aai/components/aai-schema-service/config/application.properties @@ -39,12 +39,12 @@ server.basic.auth.location=${server.local.startpath}/etc/auth/realm.properties server.port=8452 {{ if ( include "common.needTLS" .) }} server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 -server.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }} -server.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) -server.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }} -server.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) +server.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 +server.ssl.key-store-password=${KEYSTORE_PASSWORD} +server.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks +server.ssl.trust-store-password=${TRUSTSTORE_PASSWORD} server.ssl.client-auth=want -server.ssl.key-store-type=JKS +server.ssl.key-store-type=PKCS12 {{ else }} security.require-ssl=false server.ssl.enabled=false -- cgit 1.2.3-korg