aboutsummaryrefslogtreecommitdiffstats
path: root/recipes-connectivity/kuksa-val/kuksa-certificates-agl
AgeCommit message (Collapse)AuthorFilesLines
2023-11-24Ensure KUKSA.val JWT certificate gets installedScott Murray1-0/+14
Recent changes accidentally resulted in the jwt.key.pub certificate file for KUKSA.val server / databroker authorization not getting installed, breaking databroker start up. Explicitly install it from our kuksa-certificates-server-agl package, and tweak the kuksa-val recipe to package it in its kuksa-certificates-server package. Bug-AGL: SPEC-4985 Change-Id: I94703da876718524da753b6b882b331b7f088431 Signed-off-by: Scott Murray <scott.murray@konsulko.com> Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl-demo/+/29469 Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org> ci-image-boot-test: Jenkins Job builder account Tested-by: Jenkins Job builder account ci-image-build: Jenkins Job builder account
2023-08-01Update certificates to include localhost and 127.0.0.1Jan-Simon Moeller6-131/+177
This updates the certificates to have subjectAltName defined as subjectAltName=DNS:$1,DNS:localhost,IP:127.0.0.1 It allows clients from the localhost to connect. We're debating if we need the IP:127.0.0.1 going forward, so this might change in the future. Bug-AGL: SPEC-4868 Change-Id: Ic6bbf5fd55b9f6a14a84512ae8748b3f48dbc3c1 Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
2023-04-27kuksa-certificates-agl: Update certificatesScott Murray4-94/+94
Update the server and client certificates with ones with a 2 year validity period, per the discussion on last week's developer call. Bug-AGL: SPEC-4763 Change-Id: Ib326631243cd267cc6542fdfc769cc5a3d6b67fe Signed-off-by: Scott Murray <scott.murray@konsulko.com>
2023-04-27kuksa-val: Rework to support updated SSL certificatesScott Murray5-0/+137
Changes: - Tweak the kuksa-val recipe to remove installing a newer server certificate (since it will be done elsewhere), and to split the certificates up into finer grained packages to ease installing them piecemeal and replacing them with other packages. - Remove the unused genCerts.sh certificate script patch form the kuksa-val recipe, an updated patch will be added in the near future. - Added a patch in the kuksa-viss-client recipe that enables the library to use certificates installed in /etc/kuksa-certificates or /etc/kuksa-val instead of the default ones that are shipped. - Add kuksa-certificates-agl recipe that installs AGL specific CA, server, and client certificates plus the required server and client keys to act as a replacement for the default ones shipped with KUKSA.val. The kuksa-certificates-agl name is used to avoid needing a rename with a future switch to kuksa-databroker. Note that the RPROVIDES variable is used for the various certificate packages to make them installable alternatives to the kuksa-val-certificates-* ones. The certificates installed are valid for 1 year and have AGL as the providing organization, longer validity ones will be added in follow up commits for Octopus and Pike. - Update the existing users of kuksa-val-*-certificates with the new kuksa-val-certificates-* package names. - Add PREFERRED_RPROVIDER definitions for the kuksa-val-certificates-* packages to quiet the BitBake warnings coming from having multiple providers. Bug-AGL: SPEC-4763 Change-Id: Ic6f1ca8b54f637674cd5ae42df0bed6ca4e729aa Signed-off-by: Scott Murray <scott.murray@konsulko.com>