OrgGo
/
Mainflux.mainflux
mirror of https://github.com/mainflux/mainflux.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Mainflux.mainflux/certs/README.md

28 lines
1.5 KiB
Markdown
Raw Normal View History

update certs docs (#1227) Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
2020-08-07 23:35:11 +08:00
# Certs Service
NOISSUE - Sync Env Veriables With Docker Deployment (#1841) * Initial Commit: Sync Env Veriables With Docker Deployment Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Sync Env Vars With Master Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Remove Altprefix Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Rename HttpPort to HTTPPort Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix envPrefixDB After Rebase Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Remove Server Parse Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Provision For TLS on CoAP Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Exit After Defer Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Remove Unused Function Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Document Undocumentated Env Variables Signed-off-by: rodneyosodo <blackd0t@protonmail.com> --------- Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Co-authored-by: Drasko DRASKOVIC <drasko.draskovic@gmail.com>
2023-07-31 20:38:35 +08:00
MF-1179 - Add a certificate service and certs endpoint to SDK (#1188) * adding certificate issuing Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * adding cert endpoint Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * update envs Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * update envs Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * move certs creation to sdk Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * move certs creation to sdk Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * move certs creation to sdk Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix env vars Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add comment Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * update sdk Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix vars Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add volumes Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix merge config for int Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove env Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix error handling Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add cert test, change receiver to pointer Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add docs Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix var naming Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * correct error naming Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * adding certs service Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add certs Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add certs Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * change func receiever Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add default cert issue method Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add config Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * small fix Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove some testing code Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add cert issue Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add vault api client Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * additional endpoints Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add swagger for certs Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove certs from provision Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * clean provision from certs Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add list certificates endpoint Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add vault api in vendor Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add certs Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add revoke, fix bugs Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix sdk for certs Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * minor changes, add env, doc Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * minor changes, add env, doc Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * minor changes, add env, doc Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * small changes Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove CA for signing from provision Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add docker file for certs Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix mock sdk Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add line Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix RevokeCert Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * renam ENV Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove tests temporarily Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix naming Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * renam vars Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add cli for issue cert Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add cli for issue cert Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add cli for issue cert Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add cli for issue cert Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove not needed envs Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix linter errors, add cli Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix linter errors, add cli, var rename Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix reviews, add viewcert, fix view all certs Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove view cert, as it will be retrieved from PKI Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * change endpoints Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add default env val Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove some errors Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * refactor, make wrapper lib for vault Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * refactor, make wrapper lib for vault Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * refactor, make wrapper lib for vault Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix revoking Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * refactor, make wrapper lib for vault Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * update vendor Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix comment Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add comments Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove unused Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove unused field Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * update vendor Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * refactor pki Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * refactor pki Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * refactor pki, update vendor Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * refactor pki Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix comment Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * minor fix Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove methods, use fields Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix comments and package desc Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix comments and package desc Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
2020-07-21 18:53:21 +08:00
Issues certificates for things. `Certs` service can create certificates to be used when `Mainflux` is deployed to support mTLS.
NOISSUE - Remove Development Mode on Certs Creation (#1908) * Fix certificate creation in development mode This commit removes certificate creation in development mode. Previously, the `MF_CERTS_VAULT_HOST` environment variable was not being properly checked, resulting in incorrect behavior when issuing certificates. This commit ensures that the correct mode is set based on the value of `MF_CERTS_VAULT_HOST`. Signed-off-by: Rodney Osodo <socials@rodneyosodo.com> * Fix certificate revocation in README.md The README.md file has been updated to clarify the process of revoking certificates. The previous instructions were incorrect, and the correct method is now provided. The certificates can be revoked using the `certs` service by providing the `thing_id` of the thing for which the certificate was issued. ``` curl -s -S -X DELETE http://localhost:9019/certs/revoke -H "Authorization: Bearer $TOK" -H 'Content-Type: application/json' -d '{"thing_id":"c30b8842-507c-4bcd-973c-74008cef3be5"}' ``` Signed-off-by: Rodney Osodo <socials@rodneyosodo.com> --------- Signed-off-by: Rodney Osodo <socials@rodneyosodo.com>
2023-10-18 17:48:47 +08:00
Certificate service can create certificates using PKI mode - where certificates issued by PKI, when you deploy `Vault` as PKI certificate management `cert` service will proxy requests to `Vault` previously checking access rights and saving info on successfully created certificate.
MF-1179 - Add a certificate service and certs endpoint to SDK (#1188) * adding certificate issuing Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * adding cert endpoint Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * update envs Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * update envs Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * move certs creation to sdk Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * move certs creation to sdk Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * move certs creation to sdk Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix env vars Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add comment Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * update sdk Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix vars Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add volumes Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix merge config for int Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove env Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix error handling Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add cert test, change receiver to pointer Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add docs Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix var naming Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * correct error naming Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * adding certs service Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add certs Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add certs Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * change func receiever Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add default cert issue method Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add config Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * small fix Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove some testing code Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add cert issue Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add vault api client Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * additional endpoints Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add swagger for certs Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove certs from provision Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * clean provision from certs Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add list certificates endpoint Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add vault api in vendor Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add certs Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add revoke, fix bugs Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix sdk for certs Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * minor changes, add env, doc Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * minor changes, add env, doc Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * minor changes, add env, doc Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * small changes Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove CA for signing from provision Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add docker file for certs Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix mock sdk Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add line Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix RevokeCert Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * renam ENV Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove tests temporarily Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix naming Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * renam vars Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add cli for issue cert Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add cli for issue cert Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add cli for issue cert Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add cli for issue cert Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove not needed envs Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix linter errors, add cli Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix linter errors, add cli, var rename Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix reviews, add viewcert, fix view all certs Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove view cert, as it will be retrieved from PKI Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * change endpoints Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add default env val Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove some errors Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * refactor, make wrapper lib for vault Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * refactor, make wrapper lib for vault Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * refactor, make wrapper lib for vault Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix revoking Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * refactor, make wrapper lib for vault Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * update vendor Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix comment Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add comments Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove unused Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove unused field Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * update vendor Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * refactor pki Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * refactor pki Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * refactor pki, update vendor Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * refactor pki Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix comment Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * minor fix Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove methods, use fields Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix comments and package desc Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix comments and package desc Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
2020-07-21 18:53:21 +08:00
update certs docs (#1227) Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
2020-08-07 23:35:11 +08:00
## PKI mode
When `MF_CERTS_VAULT_HOST` is set it is presumed that `Vault` is installed and `certs` service will issue certificates using `Vault` API.
NOISSUE - Add view and list serials endpoints in certs service (#1483) * NOISSUE - Add view and list serials endpoints in certs service Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Fix vault-unseal.sh script Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Rename Cert field days_valid into hours_valid Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Fix provision service Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Use ownerID, rename daysValid -> hoursValid Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Add key_type to api Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Fix tabulation Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Add expiration date in view response Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Rename HoursValid -> Expiration and remove unecessary expiration convertion Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Add ListSerials tests and fix mocks Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Fix RetrieveByThing count Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Add ViewCert tests Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Add missing error check Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Simplify API Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Revert Makefile Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Fix typo Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * NOISSUE - Add view and list serials endpoints in certs service Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Fix vault-unseal.sh script Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Rename Cert field days_valid into hours_valid Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Fix provision service Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Use ownerID, rename daysValid -> hoursValid Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Add key_type to api Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Fix tabulation Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Add expiration date in view response Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Rename HoursValid -> Expiration and remove unecessary expiration convertion Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Add ListSerials tests and fix mocks Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Fix RetrieveByThing count Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Add ViewCert tests Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Add missing error check Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Simplify API Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Revert Makefile Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Rm if else Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Rename HoursValid -> TTL Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * revert typo Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * revert typo Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Rename hoursValid -> ttl Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>
2022-01-05 02:42:13 +08:00
First you'll need to set up `Vault`.
update certs docs (#1227) Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
2020-08-07 23:35:11 +08:00
To setup `Vault` follow steps in [Build Your Own Certificate Authority (CA)](https://learn.hashicorp.com/tutorials/vault/pki-engine).
To setup certs service with `Vault` following environment variables must be set:
NOISSUE - Remove Development Mode on Certs Creation (#1908) * Fix certificate creation in development mode This commit removes certificate creation in development mode. Previously, the `MF_CERTS_VAULT_HOST` environment variable was not being properly checked, resulting in incorrect behavior when issuing certificates. This commit ensures that the correct mode is set based on the value of `MF_CERTS_VAULT_HOST`. Signed-off-by: Rodney Osodo <socials@rodneyosodo.com> * Fix certificate revocation in README.md The README.md file has been updated to clarify the process of revoking certificates. The previous instructions were incorrect, and the correct method is now provided. The certificates can be revoked using the `certs` service by providing the `thing_id` of the thing for which the certificate was issued. ``` curl -s -S -X DELETE http://localhost:9019/certs/revoke -H "Authorization: Bearer $TOK" -H 'Content-Type: application/json' -d '{"thing_id":"c30b8842-507c-4bcd-973c-74008cef3be5"}' ``` Signed-off-by: Rodney Osodo <socials@rodneyosodo.com> --------- Signed-off-by: Rodney Osodo <socials@rodneyosodo.com>
2023-10-18 17:48:47 +08:00
```bash
update certs docs (#1227) Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
2020-08-07 23:35:11 +08:00
MF_CERTS_VAULT_HOST=vault-domain.com
MF_CERTS_VAULT_PKI_PATH=<vault_pki_path>
MF_CERTS_VAULT_ROLE=<vault_role>
MF_CERTS_VAULT_TOKEN=<vault_acces_token>
```
For lab purposes you can use docker-compose and script for setting up PKI in [https://github.com/mteodor/vault](https://github.com/mteodor/vault)
NOISSUE - Remove Development Mode on Certs Creation (#1908) * Fix certificate creation in development mode This commit removes certificate creation in development mode. Previously, the `MF_CERTS_VAULT_HOST` environment variable was not being properly checked, resulting in incorrect behavior when issuing certificates. This commit ensures that the correct mode is set based on the value of `MF_CERTS_VAULT_HOST`. Signed-off-by: Rodney Osodo <socials@rodneyosodo.com> * Fix certificate revocation in README.md The README.md file has been updated to clarify the process of revoking certificates. The previous instructions were incorrect, and the correct method is now provided. The certificates can be revoked using the `certs` service by providing the `thing_id` of the thing for which the certificate was issued. ``` curl -s -S -X DELETE http://localhost:9019/certs/revoke -H "Authorization: Bearer $TOK" -H 'Content-Type: application/json' -d '{"thing_id":"c30b8842-507c-4bcd-973c-74008cef3be5"}' ``` Signed-off-by: Rodney Osodo <socials@rodneyosodo.com> --------- Signed-off-by: Rodney Osodo <socials@rodneyosodo.com>
2023-10-18 17:48:47 +08:00
The certificates can also be revoked using `certs` service. To revoke a certificate you need to provide `thing_id` of the thing for which the certificate was issued.
update certs docs (#1227) Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
2020-08-07 23:35:11 +08:00
```bash
MF-512 - Change service default ports (#1737) * Change service Default ports Updated ports: - auth http 9000 - auth grpc 7000 - provision http 9001 - things http 9002 - things auth http 9003 - things auth grpc 7001 - twins http 9004 - users http 9005 - bootstrap http 9006 - cassandra-reader http 9007 - cassandra-writer http 9008 - influxdb-reader http 9009 - influxdb-writer http 9010 - lora http 9011 - mongodb reader http 9012 - mongodb writer http 9013 - postgres-reader http 9014 - postgrs-writer http 9015 - smpp-notifier http 9016 - smtp-notifier http 9017 - timescale-reader http 9018 - timescale-writer http 9019 Signed-off-by: SammyOina <sammyoina@gmail.com> * change default service ports on env and sh Signed-off-by: SammyOina <sammyoina@gmail.com> * change things url default port Signed-off-by: SammyOina <sammyoina@gmail.com> * change default ports order by importance - auth http 9000 - auth grpc 7000 - things http 9001 - things auth http 9002 - things auth grpc 7001 - users http 9003 - cassandra-reader http 9004 - cassandra-writer http 9005 - influxdb-reader http 9006 - influxdb-writer http 9007 - mongodb reader http 9008 - mongodb writer http 9009 - postgres-reader http 9010 - postgres-writer http 9011 - timescale-reader http 9012 - timescale-writer http 9013 - bootstrap http 9014 - smpp-notifier http 9015 - smtp-notifier http 9016 - provision http 9017 - lora http 9018 - twins http 9019 Signed-off-by: SammyOina <sammyoina@gmail.com> * lower port number in auth service Signed-off-by: SammyOina <sammyoina@gmail.com> * change things and users port - things 9000 - things auth 9001 - things auth grpc 7000 - users 9002 Signed-off-by: SammyOina <sammyoina@gmail.com> * update documentaton to new port numbers Signed-off-by: SammyOina <sammyoina@gmail.com> * update test and metrics Signed-off-by: SammyOina <sammyoina@gmail.com> * update host on metrics Signed-off-by: SammyOina <sammyoina@gmail.com> * resolving conflics Signed-off-by: SammyOina <sammyoina@gmail.com> * set http adapter port to :80 Signed-off-by: SammyOina <sammyoina@gmail.com> * reassign http port on metrics to :80 Signed-off-by: SammyOina <sammyoina@gmail.com> * reassign http adapter port Signed-off-by: SammyOina <sammyoina@gmail.com> * set http adapter port to 8008 Signed-off-by: SammyOina <sammyoina@gmail.com> * document http adapter default port Signed-off-by: SammyOina <sammyoina@gmail.com> --------- Signed-off-by: SammyOina <sammyoina@gmail.com>
2023-03-24 04:55:11 +08:00
curl -s -S -X DELETE http://localhost:9019/certs/revoke -H "Authorization: Bearer $TOK" -H 'Content-Type: application/json' -d '{"thing_id":"c30b8842-507c-4bcd-973c-74008cef3be5"}'
NOISSUE - Fix certs and vault deployment, reorganize and remove unnecessary vars (#1368) * remove owner id Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix certs, fix scripts, reorganize env vars Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * set pki path vars Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add certs mock Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove not wanted changes Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * update readme Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * correct rsa_bits to key_bits Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix tabulation Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * hardcode vault version Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add env desc Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * renam variables Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * use Mainflux Labs Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * replace BG with Belgrade Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
2021-03-02 19:20:52 +08:00
```