Re: [onap-discuss] [El-Alto]-Certificate expired for AAF-SMS-Preload in Elalto Release

Tue, 16 Jun 2020 06:07:16 -0700 

Hi Manjunath,

We will deliver a maintenance patch for El Alto to renew some certificates that 
have expired.
It is known that these certificates are only valid for ~9+ months because it is 
expected that a company will replace them by their own certificates.

Best regards
Catherine

From: [email protected] <[email protected]> On Behalf Of 
Devangam Manjunatha
Sent: Sunday, June 14, 2020 5:17 AM
To: [email protected]; Ranganathaiah, Manjunath 
<[email protected]>; Vivekanandan Muthukrishnan 
<[email protected]>; [email protected]
Cc: JOMY JOSE <[email protected]>; Velugubantla Praveen 
<[email protected]>; Naveen S. Sankad <[email protected]>; 
Sudarshan K.S <[email protected]>
Subject: Re: [onap-discuss] [El-Alto]-Certificate expired for AAF-SMS-Preload 
in Elalto Release

Looping Jonathan from AAF team.

Please provide fix for below certificate expiry issue.

Regards,
Manjunath.

________________________________
From: Devangam Manjunatha
Sent: Saturday, June 13, 2020 10:02 PM
To: FORSYTH, JAMES <[email protected]<mailto:[email protected]>>; 
[email protected]<mailto:[email protected]> 
<[email protected]<mailto:[email protected]>>; 
Ranganathaiah, Manjunath 
<[email protected]<mailto:[email protected]>>; 
Vivekanandan Muthukrishnan 
<[email protected]<mailto:[email protected]>>
Cc: JOMY JOSE <[email protected]<mailto:[email protected]>>; Velugubantla 
Praveen <[email protected]<mailto:[email protected]>>; 
Naveen S. Sankad <[email protected]<mailto:[email protected]>>; 
Sudarshan K.S <[email protected]<mailto:[email protected]>>
Subject: [onap-discuss] [El-Alto]-Certificate expired for AAF-SMS-Preload in 
Elalto Release

Hi Jimmy,

When we deploy ONAP Elalto release,  We noticed that 'aaf-sms-preload' 
certificate is expired.
I raised Jira for this issue(i.e. 
https://jira.onap.org/browse/AAF-1160<https://urldefense.proofpoint.com/v2/url?u=https-3A__jira.onap.org_browse_AAF-2D1160&d=DwQFAw&c=LFYZ-o9_HUMeMTSQicvjIg&r=ZglJ8LOeAfevY7wWaSximhFMAzXaMdza5QYCg-DW6SU&m=m0tZg53AVdSpgeeR7XdEbzOY71AkaJMUbebOHuWaNcs&s=C_qsWvBCX5H9rMxT_dogKlzPqtsF9COwEAF-_ArVavk&e=>).

There is fix for similar issue in Frankfurt release(i.e. 
https://jira.onap.org/browse/AAF-1159<https://urldefense.proofpoint.com/v2/url?u=https-3A__jira.onap.org_browse_AAF-2D1159&d=DwQFAw&c=LFYZ-o9_HUMeMTSQicvjIg&r=ZglJ8LOeAfevY7wWaSximhFMAzXaMdza5QYCg-DW6SU&m=m0tZg53AVdSpgeeR7XdEbzOY71AkaJMUbebOHuWaNcs&s=zqMNc7gqkbXPzp1iCHr1m-UeHpu1oDf0wbebLyMYnXk&e=>).

But we need fix in Elalto release. So, Will you please provide fix or steps for 
re-generate certificates in Elalto release.

Please find below steps to check certificate details of 'aaf-sms-preload'.

ubuntu@rndelalto-nfs:~$
ubuntu@rndelalto-nfs:~$ kubectl get pods -o wide|grep rnd-aaf-aaf-sms-preload
rnd-aaf-aaf-sms-preload-l2rtf                                 1/1     Running   
   0          9h      10.42.7.45    rndelalto-k8s-04   <none>           <none>
ubuntu@rndelalto-nfs:~$
ubuntu@rndelalto-nfs:~$ kubectl get services -o wide|grep aaf-sms
aaf-sms                            ClusterIP      10.43.1.91      <none>        
                         10443/TCP                                              
       9h      app=aaf-sms,release=rnd-aaf
aaf-sms-db                         ClusterIP      10.43.13.6      <none>        
                         8200/TCP                                               
       9h      app=aaf-sms-vault,release=rnd-aaf
ubuntu@rndelalto-nfs:~$
ubuntu@rndelalto-nfs:~$ kubectl get jobs|grep aaf
rnd-aaf-aaf-sms-preload                    0/1           9h         9h
rnd-aaf-aaf-sshsm-distcenter               1/1           76s        9h
rnd-aaf-aaf-sshsm-testca                   1/1           88s        9h
ubuntu@rndelalto-nfs:~$
ubuntu@rndelalto-nfs:~$ kubectl -it exec rnd-aaf-aaf-sms-preload-l2rtf bash
bash-4.4#
bash-4.4#
bash-4.4# openssl s_client -showcerts -connect 10.43.1.91:10443  |openssl x509 
-inform pem -noout -text  | grep -E "Not After|Not Before|Issuer:|Subject:"
depth=1 C = US, O = ONAP, OU = OSAAF, CN = intermediateCA_9
verify error:num=20:unable to get local issuer certificate
        Issuer: C=US, O=ONAP, OU=OSAAF, CN=intermediateCA_9
            Not Before: Jun  3 20:08:21 2019 GMT
            Not After : Jun  3 20:08:21 2020 GMT
        Subject: CN=aaf-sms/emailAddress=, 
[email protected]<mailto:[email protected]>, OU=OSAAF, 
O=ONAP, C=US
^C
bash-4.4#
bash-4.4#
bash-4.4# exit
exit
ubuntu@rndelalto-nfs:~$


Regards,
Manjunath.

L&T Technology Services Ltd

www.LTTS.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.LTTS.com&d=DwQFAw&c=LFYZ-o9_HUMeMTSQicvjIg&r=ZglJ8LOeAfevY7wWaSximhFMAzXaMdza5QYCg-DW6SU&m=m0tZg53AVdSpgeeR7XdEbzOY71AkaJMUbebOHuWaNcs&s=ITDoVBEDZdBzmLWr1DU4PObnfIpHbzFcF0OpUPzM1Iw&e=>

L&T Technology Services Limited (LTTS) is committed to safeguard your data 
privacy. For more information to view our commitment towards data privacy under 
GDPR, please visit the privacy policy on our website 
www.Ltts.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.Ltts.com&d=DwQFAw&c=LFYZ-o9_HUMeMTSQicvjIg&r=ZglJ8LOeAfevY7wWaSximhFMAzXaMdza5QYCg-DW6SU&m=m0tZg53AVdSpgeeR7XdEbzOY71AkaJMUbebOHuWaNcs&s=7-lPq7YhOC6MQDSNYOlW5HH8T5mL7-yDv8ig8-zWjkk&e=>.
 This Email may contain confidential or privileged information for the intended 
recipient (s). If you are not the intended recipient, please do not use or 
disseminate the information, notify the sender and delete it from your system.


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#21360): https://lists.onap.org/g/onap-discuss/message/21360
Mute This Topic: https://lists.onap.org/mt/74860581/21656
Group Owner: [email protected]
Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub  
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to