Hi, Please note that you are not obliged to rebundle the clamp jar, the trustore / keystore can be provided externally, and you can specify the location by overriding the values of the application.properties (like server.ssl.trust-store=file:/mylocation/clds/aaf/truststoreONAPall.jks https://gerrit.onap.org/r/gitweb?p=clamp.git;a=blob;f=src/main/resources/application.properties;h=534dc4818655eb69607d40fc9e4acb7483ea4b17;hb=refs/heads/dublin This can be done in the OOM config by editing the SPRING_APPLICATION_JSON env var in the values.yaml of the backend.
Seb From: Vivekanandan Muthukrishnan <[email protected]> Sent: 15 March 2021 07:24 To: [email protected]; HERNANDEZ-HERRERO, JORGE <[email protected]>; Determe, Sebastien <[email protected]> Cc: Sai Lakshmi Cheedella <[email protected]> Subject: Re: [onap-discuss] CLAMP org.onap.clamp.p12 certifcate expired Hi Sebastien/Jorge, Thanks for your support. We had to do the following to resolve the SSL PKI exception in Dublin CLAMP. This is due to the trust-store file (truststoreONAPall.jks) bundled within the CLAMP aap.jar. 1. Patched Policy PAP & PDP pods with latest SSL certificates 2. Included the Policy PAP SSL certificate into CLAMP trust-store file ~/clamp/src/main/resources/clds/aaf/truststoreONAPall.jks 3. Rebuild the CLAMP docker image 4. Patched the Dublin CLAMP helm charts to ~/oom/kubernetes/clamp/values.yaml use the new version of the image We really appreciate your help. Thanks & Regards Vivek On Thu, Mar 11, 2021 at 8:05 PM Jorge Hernandez <[email protected]<mailto:[email protected]>> wrote: Sai, This error is more than likely being related to the expired dmaap certificates. Unfortunately, I don't have a good procedure to replace them. Being in Dublin, I think you're going to be running into a cascade of certificate expiration issues for multiple components. Good luck, Jorge -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#23000): https://lists.onap.org/g/onap-discuss/message/23000 Mute This Topic: https://lists.onap.org/mt/80727245/21656 Group Owner: [email protected] Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
