diff options
-rw-r--r-- | Makefile | 2 | ||||
-rw-r--r-- | README.md | 6 | ||||
-rw-r--r-- | certServiceClient/README.md | 6 | ||||
-rwxr-xr-x | compose-resources/ejbca-configuration.sh | 6 | ||||
-rw-r--r-- | pom.xml | 1 |
5 files changed, 14 insertions, 7 deletions
@@ -26,7 +26,7 @@ run-client: --mount type=bind,src=`pwd`/compose-resources/client-volume/,dst=/var/certs \ --volume `pwd`/certs/truststore.jks:/etc/onap/oom/certservice/certs/truststore.jks \ --volume `pwd`/certs/certServiceClient-keystore.jks:/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks \ - onap/org.onap.oom.platform.cert-service.oom-certservice-client:latest + nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3 stop-backend: @echo "##### Stop Cert Service #####" @@ -9,7 +9,7 @@ More information about the project and all its functionalities you can find unde Project consists of four submodules: 1. oom-certservice-api -2. oom-certservice-client +2. *deprecated (no longer built)* oom-certservice-client 3. oom-certservice-post-processor 4. oom-certservice-k8s-external-provider @@ -41,8 +41,8 @@ Then execute following command from certs(!) directory: ``` ### Running Docker containers from docker-compose with EJBCA -Docker-compose uses a local image of certservice-api and make run-client uses a local image of certservice-client -Build docker images locally before running docker compose command. +Docker-compose uses a local image of certservice-api and make run-client uses a released image of certservice-client +Build certservice-api docker image locally before running docker compose command. ``` 1. Build local images make build diff --git a/certServiceClient/README.md b/certServiceClient/README.md index 63d9780b..98dcfb9b 100644 --- a/certServiceClient/README.md +++ b/certServiceClient/README.md @@ -1,4 +1,8 @@ -# Cert service client +# Cert service client *(deprecated)* + +> Deprecated since Istanbul release in favor of Cert Manager certificates +> (for more details see certServiceK8sExternalProvider submodule). + ### Project building ``` diff --git a/compose-resources/ejbca-configuration.sh b/compose-resources/ejbca-configuration.sh index 3eb146db..8e6bd038 100755 --- a/compose-resources/ejbca-configuration.sh +++ b/compose-resources/ejbca-configuration.sh @@ -4,12 +4,16 @@ configureEjbca() { ejbca.sh config cmp addalias --alias cmpRA ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value mypassword - ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value pbe + ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value signature + ejbca.sh config cmp updatealias --alias cmpRA --key authenticationmodule --value 'HMAC;EndEntityCertificate' + ejbca.sh config cmp updatealias --alias cmpRA --key allowautomatickeyupdate --value true ejbca.sh ca importprofiles -d /opt/primekey/custom_profiles #Profile name taken from certprofile filename (certprofile_<profile-name>-<id>.xml) ejbca.sh config cmp updatealias --alias cmpRA --key ra.certificateprofile --value CUSTOM_ENDUSER #ID taken from entityprofile filename (entityprofile_<profile-name>-<id>.xml) ejbca.sh config cmp updatealias --alias cmpRA --key ra.endentityprofileid --value 1356531849 + caSubject=$(ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout | grep 'Subject' | sed -e "s/^Subject: //" | sed -n '1p') + ejbca.sh config cmp updatealias --alias cmpRA --key defaultca --value "$caSubject" ejbca.sh config cmp dumpalias --alias cmpRA ejbca.sh config cmp addalias --alias cmp ejbca.sh config cmp updatealias --alias cmp --key allowautomatickeyupdate --value true @@ -75,7 +75,6 @@ <modules> <module>certService</module> - <module>certServiceClient</module> <module>certServicePostProcessor</module> <module>certServiceK8sExternalProvider</module> </modules> |