RESTConf collector configuration is  defaulting to HTTP. All ONAP components exposing external interfaces are required to enable TLS.

https://git.onap.org/dcaegen2/platform/blueprints/tree/blueprints/k8s-restconf.yaml

Blueprint must be updated (enable authentication/use_tls for dynamic AAF cert) 

Updated 08/25:

There are two parts for https://jira.onap.org/browse/DCAEGEN2-2279

• Enable TLS support as configuration for RESTConf collector
• Update blueprint to set the default configuration to TLS enabled and include configuration for DCAE platform to distribute AAF cert 

#1 is more specific to RESTConf collector. I do see collector.header.auth flag in configuration (https://git.onap.org/dcaegen2/collectors/restconf/tree/etc/collector.properties#n82); you would need to verify if collector can interface/function when TLS is enabled.  You may look into VESCollector code for reference on how this configuration is supported.

#2 –  Components supporting HTTPS as server would require AAF certificates. As DCAE components are deployed via TOSCA/blueprint – this has to be specified in blueprint via configuration. In general DCAE platform mechanism of AAF cert is documented here - https://docs.onap.org/projects/onap-dcaegen2/en/frankfurt/sections/tls_enablement.html.

When a component requires AAF cert to be distributed during instantiation – blueprint must include tls_info object (and specify the path where the certificates should be mounted into the container).  The presence of this config will be used as trigger for DCAE platform to invoke DCAE-tlsinitcontainer (which retrieves the certifcates dynamically)

 
      tls_info:
        cert_directory: '/opt/app/dcae-certificate/'
        use_tls:
          get_input: enable_tls