aboutsummaryrefslogtreecommitdiffstats
path: root/packages/base/src/files/install
diff options
context:
space:
mode:
authorJorge Hernandez <jh1730@att.com>2018-08-17 16:23:07 -0500
committerJorge Hernandez <jh1730@att.com>2018-08-17 16:31:12 -0500
commita7ad88d23b2a59a16c098b156c430a2fe3558023 (patch)
tree8056ad9763c6c34b30fe0a8dc0412d597e2c3d6f /packages/base/src/files/install
parent84df4a428ded309f750f52ac1c104ac84e426fc0 (diff)
https certs with aaf+pe containers compatibility
Change-Id: I21ed7a0fea5ea7d62857a077fa2568da4af99d26 Issue-ID: POLICY-1057 Signed-off-by: Jorge Hernandez <jh1730@att.com>
Diffstat (limited to 'packages/base/src/files/install')
-rw-r--r--packages/base/src/files/install/servers/brmsgw/init.d/brmsgw4
-rw-r--r--packages/base/src/files/install/servers/common/tomcat/bin/setenv.sh5
-rw-r--r--packages/base/src/files/install/servers/common/tomcat/conf/server.xml6
-rw-r--r--packages/base/src/files/install/servers/configs/conf/server.xml10
-rw-r--r--packages/base/src/files/install/servers/console/conf/server.xml9
5 files changed, 24 insertions, 10 deletions
diff --git a/packages/base/src/files/install/servers/brmsgw/init.d/brmsgw b/packages/base/src/files/install/servers/brmsgw/init.d/brmsgw
index c951b12a4..837b7b96e 100644
--- a/packages/base/src/files/install/servers/brmsgw/init.d/brmsgw
+++ b/packages/base/src/files/install/servers/brmsgw/init.d/brmsgw
@@ -42,8 +42,8 @@ function um_start() {
JVM_JAVA_OPTS=("-Xms${COMPONENT_X_MS_MB}M" "-Xmx${COMPONENT_X_MX_MB}M")
JVM_SECURITY+=("-Djavax.net.ssl.keyStore=${POLICY_HOME}/etc/ssl/policy-keystore")
JVM_SECURITY+=("-Djavax.net.ssl.keyStorePassword=${KEYSTORE_PASSWD}")
- JVM_SECURITY+=("-Djavax.net.ssl.trustStore=${POLICY_HOME}/etc/ssl/policy-keystore")
- JVM_SECURITY+=("-Djavax.net.ssl.trustStorePassword=${KEYSTORE_PASSWD}")
+ JVM_SECURITY+=("-Djavax.net.ssl.trustStore=${POLICY_HOME}/etc/ssl/policy-truststore")
+ JVM_SECURITY+=("-Djavax.net.ssl.trustStorePassword=${TRUSTSTORE_PASSWD}")
CMD_JAVA_OPTS+=("-DPOLICY_LOGS=${POLICY_LOGS}")
JAVA_OPTS=("${JVM_JAVA_OPTS[@]}" "${JMX_JAVA_OPTS[@]}" "${JVM_SECURITY[@]}" "${CMD_JAVA_OPTS[@]}")
diff --git a/packages/base/src/files/install/servers/common/tomcat/bin/setenv.sh b/packages/base/src/files/install/servers/common/tomcat/bin/setenv.sh
index dc9bfbc36..d86f737f2 100644
--- a/packages/base/src/files/install/servers/common/tomcat/bin/setenv.sh
+++ b/packages/base/src/files/install/servers/common/tomcat/bin/setenv.sh
@@ -1,3 +1,4 @@
+#!/usr/bin/env bash
###
# ============LICENSE_START=======================================================
# ONAP Policy Engine
@@ -24,8 +25,8 @@ CATALINA_OPTS="${CATALINA_OPTS} -Dcom.sun.management.jmxremote.ssl=false"
CATALINA_OPTS="${CATALINA_OPTS} -Dcom.sun.management.jmxremote.authenticate=false"
CATALINA_OPTS="${CATALINA_OPTS} -Djavax.net.ssl.keyStore=${POLICY_HOME}/etc/ssl/policy-keystore"
CATALINA_OPTS="${CATALINA_OPTS} -Djavax.net.ssl.keyStorePassword=${KEYSTORE_PASSWD}"
-CATALINA_OPTS="${CATALINA_OPTS} -Djavax.net.ssl.trustStore=${POLICY_HOME}/etc/ssl/policy-keystore"
-CATALINA_OPTS="${CATALINA_OPTS} -Djavax.net.ssl.trustStorePassword=${KEYSTORE_PASSWD}"
+CATALINA_OPTS="${CATALINA_OPTS} -Djavax.net.ssl.trustStore=${POLICY_HOME}/etc/ssl/policy-truststore"
+CATALINA_OPTS="${CATALINA_OPTS} -Djavax.net.ssl.trustStorePassword=${TRUSTSTORE_PASSWD}"
CATALINA_OPTS="${CATALINA_OPTS} -DPOLICY_LOGS=${POLICY_LOGS}"
CATALINA_OPTS="${CATALINA_OPTS} -Xms${{TOMCAT_X_MS_MB}}M"
CATALINA_OPTS="${CATALINA_OPTS} -Xmx${{TOMCAT_X_MX_MB}}M"
diff --git a/packages/base/src/files/install/servers/common/tomcat/conf/server.xml b/packages/base/src/files/install/servers/common/tomcat/conf/server.xml
index a78dfc82e..02c548c80 100644
--- a/packages/base/src/files/install/servers/common/tomcat/conf/server.xml
+++ b/packages/base/src/files/install/servers/common/tomcat/conf/server.xml
@@ -104,10 +104,14 @@
documentation -->
<!-- Use http instead of https
+ Setting the keystore and truststore in the connector, overrides the javax.net.ssl system properties
+ passed in to the tomcat JVM:
+
<Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2"
- keystoreFile="${{POLICY_HOME}}/etc/ssl/policy-keystore" keystorePass="${{KEYSTORE_PASSWD}}"/>
+ keystoreFile="${{POLICY_HOME}}/etc/ssl/policy-keystore" keystorePass="${{KEYSTORE_PASSWD}}"
+ truststoreFile="${{POLICY_HOME}}/etc/ssl/policy-truststore" truststorePass="${{TRUSTSTORE_PASSWD}}"/>
-->
<Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" />
diff --git a/packages/base/src/files/install/servers/configs/conf/server.xml b/packages/base/src/files/install/servers/configs/conf/server.xml
index ecbeb6e4d..3bccc6ffb 100644
--- a/packages/base/src/files/install/servers/configs/conf/server.xml
+++ b/packages/base/src/files/install/servers/configs/conf/server.xml
@@ -104,12 +104,16 @@
OpenSSL style configuration is required as described in the APR/native
documentation -->
- <!--
+ <!--
+ Setting the keystore and truststore in the connector, overrides the javax.net.ssl system properties
+ passed in to the tomcat JVM:
+
<Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
- keystoreFile="${{POLICY_HOME}}/etc/ssl/policy-keystore" keystorePass="${{KEYSTORE_PASSWD}}"/>
- -->
+ keystoreFile="${{POLICY_HOME}}/etc/ssl/policy-keystore" keystorePass="${{KEYSTORE_PASSWD}}"
+ truststoreFile="${{POLICY_HOME}}/etc/ssl/policy-truststore" truststorePass="${{TRUSTSTORE_PASSWD}}"/>
+ -->
<!-- Define an AJP 1.3 Connector on port 8009 -->
diff --git a/packages/base/src/files/install/servers/console/conf/server.xml b/packages/base/src/files/install/servers/console/conf/server.xml
index 618a6a99a..5e6226742 100644
--- a/packages/base/src/files/install/servers/console/conf/server.xml
+++ b/packages/base/src/files/install/servers/console/conf/server.xml
@@ -106,11 +106,16 @@
documentation
-->
- <!-- ONAP portal currently using http instead of https
+ <!-- ONAP portal currently using http instead of https
+
+ Setting the keystore and truststore in the connector, overrides the javax.net.ssl system properties
+ passed in to the tomcat JVM:
+
<Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2"
- keystoreFile="${{POLICY_HOME}}/etc/ssl/policy-keystore" keystorePass="${{KEYSTORE_PASSWD}}"/>
+ keystoreFile="${{POLICY_HOME}}/etc/ssl/policy-keystore" keystorePass="${{KEYSTORE_PASSWD}}"
+ truststoreFile="${{POLICY_HOME}}/etc/ssl/policy-truststore" truststorePass="${{TRUSTSTORE_PASSWD}}"/>
-->
<Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" />