TLS on SBI Interfaces #131
Comments
|
Hi Luis, We do not actually support setting cacert, key and cert in the helm chart values (check https://github.com/Gradiant/openverso-charts/blob/master/charts/open5gs-ausf/values.yaml). You can try to provide the full ausf configuration in the "customOpen5gsConfig" helm chart value key. Another option is, on runtime, to edit the corresponding open5gs-ausf configmap to add the 'cacert' 'key' and 'cert' and restart the pod. To check with curl you have to add the flag |
|
Oh thanks! There was progress but
i get an error of:
It is weird because when i use cat to read certificates and the key it works just fine. Can you help me on this please? |
|
Hi Luis, As Carlos said, we don't provide support for TLS, so, we don't have expertise resolving these kind of issues. Nevertheless, I think you can comment your issue in the open5gs repo, as I believe this problem is more related with the framework rather than the chart. Best regards, |
|
Ok, i was finally able to do it.
But for some reason, even after restarting all pods, the AMF and SMF are always crashing. There is also this error in every nf. Do you know what it is?
|
|
Sorry Luis, but I don't know what is the cause of your problem. I think you can put your issue in the open5gs repo and try to get better help for this. BR, |
Hi!
I am trying to configure and enable TLS in SBI interfaces. I used your project to deploy Open5GS inside a kubernetes cluster. I started by changing the config files, setting the "no_tls" value to "false".
After that i used openssl to generate the CA and create certificates to the NFs (i only created for the AUSF for now). Then i tried to move the ca.crt, ausf.key and ausf.crt to the pod container of the AUSF with the command:
kubectl cp file-spec-src file-spec-dest -c specific-container
However, i was getting erros due to permissions, and even when i tried to move to the /tmp directory, everytime i restarted the pod, the files just got deleted so it was not a solution. So i tried this, with "no_tls" as "true", so it can create the pod AND to create the certificates in the /tmp/tls directory:
and then run this command
helm upgrade --install -f open5gs.yaml open5gs openverso/open5gs -n open5gs ,
And then run it again, but with value of "false"
and then run this command again
helm upgrade --install -f open5gs.yaml open5gs openverso/open5gs -n open5gs
Now when i go into the /tmp/tls directory i see the certificates. (I checked with cat and the certificates seem all okay):
and when i look into the ausf.yaml file it looks like this
However, isn't the ausf.yaml file supposed to have the path of certificates?
Also, how can i check if tls is actually working with curl? When i executed curl commands with https i get an error:
Can someone help me on this please?
Regards,
Luís Loureiro
The text was updated successfully, but these errors were encountered: