Story #15211: separate client and server certificate

Author: mkhediri

deployment/ansible-vitamui/app_api_gateway.yml

@@ -7,6 +7,7 @@
   vars:
     vitamui_struct: "{{ vitamui.api_gateway }}"
     vitamui_certificate_type: external
-    password_keystore: "{{ keystores_server_api_gateway }}"
+    password_keystore_server: "{{ keystores_server_vitamui_services_api_gateway }}"
+    password_keystore_client: "{{ keystores_client_vitamui_services_api_gateway }}"
     password_truststore: "{{ truststores_client_external }}"
     vitam_cert: "{{ vitam_certs.vitamui }}"

deployment/ansible-vitamui/app_archive_search.yml

@@ -7,6 +7,7 @@
   vars:
     vitamui_struct: "{{ vitamui.archive_search }}"
     vitamui_certificate_type: external
-    password_keystore: "{{ keystores_server_archive_search }}"
+    password_keystore_server: "{{ keystores_server_vitamui_services_archive_search }}"
+    password_keystore_client: "{{ keystores_client_vitamui_services_archive_search }}"
     password_truststore: "{{ truststores_client_external }}"
     vitam_cert: "{{ vitam_certs.vitamui }}"

deployment/ansible-vitamui/app_collect.yml

@@ -7,6 +7,7 @@
   vars:
     vitamui_struct: "{{ vitamui.collect }}"
     vitamui_certificate_type: external
-    password_keystore: "{{ keystores_server_collect }}"
+    password_keystore_server: "{{ keystores_server_vitamui_services_collect }}"
+    password_keystore_client: "{{ keystores_client_vitamui_services_collect }}"
     password_truststore: "{{ truststores_client_external }}"
     vitam_cert: "{{ vitam_certs.vitamui }}"

deployment/ansible-vitamui/app_ingest.yml

@@ -7,6 +7,7 @@
   vars:
     vitamui_struct: "{{ vitamui.ingest }}"
     vitamui_certificate_type: external
-    password_keystore: "{{ keystores_server_ingest }}"
+    password_keystore_server: "{{ keystores_server_vitamui_services_ingest }}"
+    password_keystore_client: "{{ keystores_client_vitamui_services_ingest }}"
     password_truststore: "{{ truststores_client_external }}"
     vitam_cert: "{{ vitam_certs.vitamui }}"

deployment/ansible-vitamui/app_pastis.yml

@@ -7,6 +7,7 @@
   vars:
     vitamui_struct: "{{ vitamui.pastis }}"
     vitamui_certificate_type: external
-    password_keystore: "{{ keystores_server_pastis }}"
+    password_keystore_server: "{{ keystores_server_vitamui_services_pastis }}"
+    password_keystore_client: "{{ keystores_client_vitamui_services_pastis }}"
     password_truststore: "{{ truststores_client_external }}"
     vitam_cert: "{{ vitam_certs.vitamui }}"

deployment/ansible-vitamui/app_referential.yml

@@ -7,6 +7,7 @@
   vars:
     vitamui_struct: "{{ vitamui.referential }}"
     vitamui_certificate_type: external
-    password_keystore: "{{ keystores_server_referential }}"
+    password_keystore_server: "{{ keystores_server_vitamui_services_referential }}"
+    password_keystore_client: "{{ keystores_client_vitamui_services_referential }}"
     password_truststore: "{{ truststores_client_external }}"
     vitam_cert: "{{ vitam_certs.vitamui }}"

deployment/ansible-vitamui/vitamui_apps.yml

@@ -9,8 +9,8 @@
   vars:
     vitamui_struct: "{{ vitamui.security }}"
     vitamui_certificate_type: server
-    password_keystore: "{{ keystores_server_security }}"
-    password_truststore: "{{ truststores_server }}"
+    password_keystore_server: "{{ keystores_server_vitamui_services_security }}"
+    password_truststore: "{{ truststores_vitamui }}"
   tags: security
 
 # External apps
@@ -22,7 +22,8 @@
   vars:
     vitamui_struct: "{{ vitamui.iam }}"
     vitamui_certificate_type: external
-    password_keystore: "{{ keystores_server_iam }}"
+    password_keystore_server: "{{ keystores_server_vitamui_services_iam }}"
+    password_keystore_client: "{{ keystores_client_vitamui_services_iam }}"
     password_truststore: "{{ truststores_client_external }}"
     vitam_cert: "{{ vitam_certs.vitamui }}"
   tags: iam
@@ -36,6 +37,7 @@
   vars:
     vitamui_struct: "{{ vitamui.cas_server }}"
     vitamui_certificate_type: external
-    password_keystore: "{{ keystores_server_cas_server }}"
+    password_keystore_server: "{{ keystores_server_vitamui_services_cas_server }}"
+    password_keystore_client: "{{ keystores_client_vitamui_services_cas_server }}"
     password_truststore: "{{ truststores_client_external }}"
   tags: cas-server

deployment/pki/config/crt-config

@@ -54,8 +54,8 @@ issuerAltName                   = issuer:copy
 subjectAltName                  = ${ENV::OPENSSL_SAN}
 basicConstraints                = critical,CA:FALSE
 keyUsage                        = digitalSignature, keyEncipherment
-nsCertType                      = server, client
-extendedKeyUsage                = serverAuth, clientAuth
+nsCertType                      = server
+extendedKeyUsage                = serverAuth
 
 [ extension_client ]
 nsComment                       = "Certificat Client SSL"

deployment/pki/scripts/generate_ca.sh

@@ -12,7 +12,7 @@ set -e
 ######################################################################
 
 function get_autorities() {
-    echo "server client-external client-vitam"
+    echo "vitamui-services client-external client-vitam"
 }
 
 ######################################################################

deployment/pki/scripts/generate_ca_dev.sh

@@ -14,7 +14,7 @@ set -e
 REPERTOIRE_ROOT="$( cd "$( readlink -f $(dirname ${BASH_SOURCE[0]}) )/../../../dev-deployment" ; pwd )"
 
 function get_autorities() {
-    echo "server client-external client-vitam"
+    echo "vitamui-services client-external client-vitam"
 }
 
 ######################################################################