aboutsummaryrefslogtreecommitdiffstats
path: root/docs/sections
diff options
context:
space:
mode:
authorAdam Wudzinski <adam.wudzinski@nokia.com>2020-04-22 11:24:24 +0200
committerAdam Wudzinski <adam.wudzinski@nokia.com>2020-04-22 11:24:24 +0200
commite59bd6b738d22192d8dd56755f80e41ac4d5eef5 (patch)
tree14d0cab493801b584bfe62ec0fd1d87bc00786da /docs/sections
parent2e83d548467048fe05cf082c1e9743ad9d972cba (diff)
Add mTLS certificates generation documentation
Signed-off-by: Adam Wudzinski <Adam.Wudzinski@nokia.com> Issue-ID: AAF-1091 Change-Id: I69199e98a50c2e18be7b45bf6097842459247d6e
Diffstat (limited to 'docs/sections')
-rw-r--r--docs/sections/configuration.rst28
1 files changed, 28 insertions, 0 deletions
diff --git a/docs/sections/configuration.rst b/docs/sections/configuration.rst
index baf2d4ac..c71d28ce 100644
--- a/docs/sections/configuration.rst
+++ b/docs/sections/configuration.rst
@@ -175,6 +175,34 @@ Dynamic:
curl -I https://localhost:$HTTPS_PORT/reload --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD
+Generating certificates for CertService and CertService Client
+--------------------------------------------------------------
+CertService and CertService client use mutual TLS for communication. Certificates are generated using Makefile.
+
+Local:
+^^^^^^
+
+Certificates are mounted to containers by docker volumes:
+
+ - CertService volumes are defined in certservice/docker-compose.yaml
+ - CertClient volumes are defined in certservice/Makefile
+
+All certificates are stored in *certservice/certs* directory. To recreate certificates go to *certservice/certs* directory and execute::
+
+ make clear all
+
+This will clear existing certs and generate new ones.
+
+OOM:
+^^^^
+
+Certificates are stored in secrets, which are mounted to pods as volumes. Both secrets are stored in *kubernetes/aaf/charts/aaf-cert-service/templates/secret.yaml*.
+Secrets take certificates from *kubernetes/aaf/charts/aaf-cert-service/resources* directory. Certificates are generated automatically during building(using Make) OOM repository.
+
+*kubernetes/aaf/charts/aaf-cert-service/Makefile* is similar to the one stored in certservice repository. It actually generates certificates.
+This Makefile is executed by *kubernetes/aaf/Makefile*, which is automatically executed during OOM build.
+
+
Configuring EJBCA server for testing
------------------------------------