Hi, All, Jonathan from the AAF team has imported the existing old-style openecomp CA root and intermediate certificates into the keystores linked here:
https://wiki.onap.org/display/DW/AAF+Environment+-+Beijing<https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.onap.org_display_DW_AAF-2BEnvironment-2B-2D-2BBeijing&d=DwMGaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=Oej6QUk5p2KdqNEWySpOHA&m=bdID2Mv-g83xUHSg_Msf-BfOMYc6nKqbu9diqmYsMlY&s=ETD0mXcHLCg9TDDE6r7pB-NwJSm_cvd7JtIxW5kaSrk&e=> This will allow you to use the old-style AAI certificates that are currently in use, as well as the new AAF-signed certificates. To give you a little extra time to update your trustStores, we will not merge the new certificates today in AAI, but will wait until first thing tomorrow morning. Thanks, Jimmy From: <[email protected]> on behalf of "FORSYTH, JAMES" <[email protected]> Date: Wednesday, April 18, 2018 at 1:04 PM To: "[email protected]" <[email protected]> Cc: HARISH V KAJUR <[email protected]>, "GATHMAN, JONATHAN C" <[email protected]> Subject: Re: [onap-discuss] AAI using new certificate in Beijing ***Security Advisory: This Message Originated Outside of AT&T *** Reference http://cso.att.com/EmailSecurity/IDSP.html for more information. AAI clients: Just a reminder that AAI will be changing its server certificate tomorrow at the end of the day – you will need to take action to include the AAF root certificate in your trust store. Instructions are here, including keystore files that have been modified to include the AAF root: https://wiki.onap.org/display/DW/AAF+Environment+-+Beijing<https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.onap.org_display_DW_AAF-2BEnvironment-2B-2D-2BBeijing&d=DwMGaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=Oej6QUk5p2KdqNEWySpOHA&m=bdID2Mv-g83xUHSg_Msf-BfOMYc6nKqbu9diqmYsMlY&s=ETD0mXcHLCg9TDDE6r7pB-NwJSm_cvd7JtIxW5kaSrk&e=> The integration team is aware of this change and will hopefully be able to patch applications that do not update their trustStores, but if you care at all about Brian and Marco’s sanity, please update your artifacts in advance 😊 Thanks, jimmy From: "FORSYTH, JAMES" <[email protected]> Date: Monday, April 16, 2018 at 4:43 PM To: "[email protected]" <[email protected]> Subject: AAI using new certificate in Beijing Hi, Everyone, AAI will be replacing its openecomp signed certificate with a new one signed by AAF. https://wiki.onap.org/display/DW/AAF+Environment+-+Beijing#AAFEnvironment-Beijing-RootCertificate.1<https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.onap.org_display_DW_AAF-2BEnvironment-2B-2D-2BBeijing-23AAFEnvironment-2DBeijing-2DRootCertificate.1&d=DwMGaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=Oej6QUk5p2KdqNEWySpOHA&m=bdID2Mv-g83xUHSg_Msf-BfOMYc6nKqbu9diqmYsMlY&s=o0_CvI8JcM0QZgjRre_nyTRzT4PVUI3L0HGzjp-xqDc&e=> has a link to the AAF root certificate which signed the AAI cert. AAI’s certificate is issued by: CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US, which is issued by: C=US, O=ONAP, OU=OSAAF AAI clients – please let me know if you will have issues importing the AAF root certificate into your trustStore. The current plan is to switch the AAI server certificates to the new ones signed by AAF at RC0 (this Thursday) Thanks, jimmy
_______________________________________________ onap-discuss mailing list [email protected] https://lists.onap.org/mailman/listinfo/onap-discuss
