Hi All, I wanted to share some positive developments regarding the AAI SSL issues related to the AAF certificate expiry. We have successfully devised a workaround that has shown promising results, especially during testing over the *Kohn* release and on our own setup.
We removed the AAI cert initializer dependency with the AAF, and we managed to restore full functionality. This workaround was meticulously tested and validated, and it holds potential for addressing similar challenges across other ONAP components. For a comprehensive understanding of the workaround, I encourage you to refer to the attached PDF document detailing the AAI certificate generation process. Additionally, the archive files contain Helm chart changes diff files that offer further insights into the implementation. I'd like to highlight that while this workaround proved effective, it's important to recognize that it's not a permanent solution. As such, these changes were not pushed into the Gerrit at this time. Thanks & Regards Vivek - Aarna Networks Inc On Tue, Aug 29, 2023 at 4:55 PM Andreas Geissler < [email protected]> wrote: > Hi, > I also tried now to renew CA, intermediateCA using instructions from the > AAF page: > https://wiki.onap.org/display/DW/Bootstrapping+AAF+Components > > I exchanged in my labs the cert-wrapper files > https://git.onap.org/oom/tree/kubernetes/common/cert-wrapper/resources?h=kohn > : > truststoreONAP.p12.b64 > <https://git.onap.org/oom/tree/kubernetes/common/cert-wrapper/resources/truststoreONAP.p12.b64?h=kohn> > truststoreONAPall.jks.b64 > <https://git.onap.org/oom/tree/kubernetes/common/cert-wrapper/resources/truststoreONAPall.jks.b64?h=kohn> > > > > - mounted the files in the AAF templates ( > https://git.onap.org/oom/tree/kubernetes/aaf/components/aaf-templates/templates?h=kohn&id=599764901bdf353c358be66fca47a41f3382b56e > ) > - restarted the AAF. > > But nothing changed…still showing the same error > > Best regards > > Andreas > > > > *Von:* [email protected] <[email protected]> *Im > Auftrag von *Paulo Duarte > *Gesendet:* Montag, 28. August 2023 20:19 > *An:* Raghu <[email protected]>; [email protected] > *Betreff:* Re: [onap-discuss] /!\ certificates retrieval failed #aaf #sdc > #x509 > > > > Hello, > > Facing same issue here. Does anybody found an workaround or a way to renew > the certificate? > > Thanks, > Paulo > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#24538): https://lists.onap.org/g/onap-discuss/message/24538 Mute This Topic: https://lists.onap.org/mt/100888379/21656 Mute #aaf:https://lists.onap.org/g/onap-discuss/mutehashtag/aaf Mute #sdc:https://lists.onap.org/g/onap-discuss/mutehashtag/sdc Mute #x509:https://lists.onap.org/g/onap-discuss/mutehashtag/x509 Group Owner: [email protected] Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
aai-commons-helm-chart-diff-files.tgz
Description: application/compressed-tar
ONAP-Kohn-AAI-AAF-Certificate-Workaround-Steps.pdf
Description: Adobe PDF document
aai-keystore-helm-chart-files.tgz
Description: application/compressed-tar
