Hi Dom/ Sunil, Thank you for your response and recommendations. At present we need to maintain our Dublin deployment and it will take us some time to migrate to Elalto or Frankfurt.
I guess in Dublin we store the following keystore files and password. We will try to workaround the DMAAP certificate issues to see if it resolves our issue. I will update you once we have a workaround for Dublin DMAAP. Regards Vivek *dev-dmaap-message-router* cadi.properties:cadi_truststore_password=enc:gvXm0E9p-_SRNw5_feOUE7wqXBxgxV3S_bdAyB08Sq9F35cCUZHWgQyKIDtTAbEw cadi.properties:cadi_keyfile=/appl/dmaapMR1/etc/org.onap.dmaap.mr.keyfile cadi.properties:cadi_keystore=/appl/dmaapMR1/etc/org.onap.dmaap.mr.p12 cadi.properties:cadi_keystore_password=enc:pLMCzQzk-OP7IpYNi0TPtQSkNcraFAdarZG8HbdOKq4BycW6g_7mfhphLhOZo6ht /appl/dmaapMR1/etc/org.onap.dmaap.mr.keyfile /appl/dmaapMR1/etc/org.onap.dmaap.mr.p12 *dmaap-dmaap-bc* org.onap.dmaap-bc.cred.props:cadi_key_password=enc:xzyD6s2QtG6dnrpgXFd3cJvzQQP8cO-XuSYugfJsKiGeUjNla6Ty6LeiuAn6sD2o org.onap.dmaap-bc.cred.props:cadi_keyfile=/opt/app/osaaf/local/org.onap.dmaap-bc.keyfile org.onap.dmaap-bc.cred.props:cadi_keystore=/opt/app/osaaf/local/org.onap.dmaap-bc.p12 org.onap.dmaap-bc.cred.props:cadi_keystore_password=enc:3rLfxd-_WPUHEzYIbt2Cb9PwWOFkIQWBf_2DuHUOGJ4h_-gQjtTsx-h7H8qfkxC9 org.onap.dmaap-bc.cred.props:cadi_keystore_password_jks=enc:VWdS8tbPO6JcL0gwj9mbV0fKSzWIP6NXLWaz9L1O309Dho9qo7wyJxeF8wR-8_wi org.onap.dmaap-bc.cred.props:cadi_keystore_password_p12=enc:3rLfxd-_WPUHEzYIbt2Cb9PwWOFkIQWBf_2DuHUOGJ4h_-gQjtTsx-h7H8qfkxC9 org.onap.dmaap-bc.cred.props:cadi_truststore_password=enc:pVXSw1tBNOOFYnovbI1tHlS_d4dvY0eQyWkhBsRavMRv6DiI9i8WMN5wVrM4KnUY org.onap.dmaap-bc.showpass:cadi_truststore_password=8b&R5%l$l:@jSWz@FCs;rhY* org.onap.dmaap-bc.showpass:cadi_keystore_password_jks=Y@Y5f &gm?PAz,CVQL,lk[VAF org.onap.dmaap-bc.showpass:cadi_key_password=2U[iOZzMHI:.#tdCwlBqc;}S org.onap.dmaap-bc.showpass:cadi_keystore_password=2U[iOZzMHI:.#tdCwlBqc;}S org.onap.dmaap-bc.showpass:cadi_keystore_password_p12=2U[iOZzMHI:.#tdCwlBqc;}S On Tue, May 19, 2020 at 5:43 AM LUNANUOVA, DOMINIC (DOMINIC) < [email protected]> wrote: > I concur with Sunil’s recommendation to use a recent release, which > downloads new certs at deploy time! > > > > For Bus Controller, the certs have expired in Dublin and El Alto. I > provided a workaround for El Alto: > https://gerrit.onap.org/r/c/oom/+/105567 > > Which the reviewers don’t care for, but others have found it useful. > Apologies for such an approach. > > > > -Dom > > > > *From:* UNNAVA, SUNIL [mailto:[email protected]] > *Sent:* Monday, May 18, 2020 2:53 PM > *To:* Vivekanandan Muthukrishnan <[email protected]>; > [email protected]; LUNANUOVA, DOMINIC (DOMINIC) < > [email protected]> > *Cc:* [email protected]; GUDIMETLA, RAJYALAKSHMI <[email protected]>; > SARKAR, NIRUPAM <[email protected]> > *Subject:* RE: [onap-discuss] Regarding DMAAP SSL Certificate import steps > > > > Vivekanandan, > > > > Those instructions are only for the Message Router. Dublin is a very old > release. My recommendation is to use the latest release. > > > > Fiachra/Dominic, > > > > Can you share your thoughts on DataRouter and BusController. > > > > Thanks, > > Sunil > > > > *From:* Vivekanandan Muthukrishnan <[email protected]> > *Sent:* Monday, May 18, 2020 10:24 AM > *To:* UNNAVA, SUNIL <[email protected]> > *Cc:* [email protected]; GUDIMETLA, RAJYALAKSHMI <[email protected]>; > SARKAR, NIRUPAM <[email protected]> > *Subject:* Re: [onap-discuss] Regarding DMAAP SSL Certificate import steps > > > > Hi Sunil, > > > > Yes, we want to apply for DMaaP components(MessageRouter, DataRouter and > BusController). > > > > We will try the above Elalto patch and let you know if we need any > further help. > > > > Thanks for your quick response. > > > > Regards > Vivek > > > > > > On Mon, May 18, 2020 at 7:48 PM UNNAVA, SUNIL <[email protected]> wrote: > > I used the AAF documentation > <https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.onap.org_en_elalto_submodules_aaf_authz.git_docs_sections_configuration_AAF-5F4.1-5Fconfig.html-3Fhighlight-3Daaf-2520certificate-2520generation&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=t27CRRmn7U12dnOvcSPfcQ&m=QBL2BS75jEuso_9PfFghZWQnVVABdGAHIUtBFLAuF4g&s=a0ckOcuLPlHUTu6uymF0KWoBcFvEF3d9K9HrXvRrSUk&e=> > to generate the DMaaP MessageRouter certificates. You can apply the changes > in the following elalto patches. > > > > https://gerrit.onap.org/r/c/oom/+/107263 > <https://urldefense.proofpoint.com/v2/url?u=https-3A__gerrit.onap.org_r_c_oom_-2B_107263&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=t27CRRmn7U12dnOvcSPfcQ&m=QBL2BS75jEuso_9PfFghZWQnVVABdGAHIUtBFLAuF4g&s=Xih8WMFP0k-6ShXFDpY4nvNlTmgF6B34XfZFdjZ2fhQ&e=> > > https://gerrit.onap.org/r/c/oom/+/105035 > <https://urldefense.proofpoint.com/v2/url?u=https-3A__gerrit.onap.org_r_c_oom_-2B_105035&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=t27CRRmn7U12dnOvcSPfcQ&m=QBL2BS75jEuso_9PfFghZWQnVVABdGAHIUtBFLAuF4g&s=hoestjFWRGeWjjSwFtYmDW-cP1X7mhcK7wfDOzgct5Q&e=> > > > > What are the DMaaP components(MessageRouter, DataRouter and BusController) > you want to deploy. > > > > Thanks, > > Sunil > > > > *From:* Vivekanandan Muthukrishnan <[email protected]> > *Sent:* Monday, May 18, 2020 9:38 AM > *To:* UNNAVA, SUNIL <[email protected]> > *Cc:* [email protected]; GUDIMETLA, RAJYALAKSHMI <[email protected] > > > *Subject:* Re: [onap-discuss] Regarding DMAAP SSL Certificate import steps > > > > Hi Sunil, > > > > I am working with Dublin and was searching for the steps to generate and > update DMAAP self-signed certificates in the keystore file > * /opt/app/datartr/aaf_certs/org.onap.dmaap-dr.jks*. > > > > Could you please share the steps to generate and update the same in the > DMAAP container file /dmaapMR1/bundleconfig/etc/org.onap.dmaap.mr.jks. I > assume the steps are the same for other JKS files > under /dmaapMR1/bundleconfig/etc/ folder. > > > > I did follow openssl and was able to update it for the portal component > and would like to try the same for DMAAP in Dublin. > > > > Regards > Vivek > > > > > > > > > > > > On Mon, May 18, 2020 at 6:46 PM UNNAVA, SUNIL <[email protected]> wrote: > > Hi Vivekandan, > > > > Can you elaborate the issues you are facing. As I know there are no issues > with the DMaaP MR certificates in ElAlto . > > > > Thanks, > > Sunil > > > > *From:* Vivekanandan Muthukrishnan <[email protected]> > *Sent:* Saturday, May 16, 2020 12:29 PM > *To:* UNNAVA, SUNIL <[email protected]>; [email protected] > *Subject:* [onap-discuss] Regarding DMAAP SSL Certificate import steps > > > > Hi Sunil / Dmaap Team, > > > > Could you please point us to any documented steps to generate a DMAAP SSL > certificate java keystore file. > > > > I see that you recently delivered the ElAlto patch ( > https://gerrit.onap.org/r/c/oom/+/107263 > <https://urldefense.proofpoint.com/v2/url?u=https-3A__gerrit.onap.org_r_c_oom_-2B_107263&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=t27CRRmn7U12dnOvcSPfcQ&m=_7_LB3bfJulAPS_rgW03yjXgweKgPRDa8orb8QmcivE&s=N0gqOL1FBPuTNiQNqgql3MQyRfPgANTScr9QZhGcEyU&e=> > ). > > > > It would be of great help if you can point us to Wiki documents OR steps > to generate a new certificate and import it into the java keystore file > */opt/app/dmaapbc/etc/org.onap.dmaap.mr.jks.* > > > > > > Thanks & Regards > > Vivek > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#21123): https://lists.onap.org/g/onap-discuss/message/21123 Mute This Topic: https://lists.onap.org/mt/74252481/21656 Group Owner: [email protected] Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
