Currently if AAI url endpoint is configured with https (and it needs to be as http request are not forwarded by the API service on AAI), the certificate verification fails on the NBI side.

Currently AAI certificates are not signed by a publiclly trusted certificate authority, so there are 2 options :

• disable certificate checking (See example of this implementation attached); this would require adding this in the pom.xml :

                 <dependency>

                        <groupId>org.apache.httpcomponents</groupId>

                        <artifactId>httpclient</artifactId>

                        <version>4.5.5</version>

                 </dependency>

• pass a customized truststore, only requires minor tuning of the implementation attached; this should be the recommended approach.

I am able to now run queries from NBI to ONAP AAI using the 1st approach as a quick way to unblock testing.

Another quick option would be to use MSB as a proxy to AAI in which case http can be used; this requires proper registration of AAI endpoint. I also validated this approach which requires no code change on NBI.

To allow for both options (direct to AAI or through MSB), https using of the 2 options above (certification checking disabled / custom truststore) should still be implemented. Otherwise the release note should enforce the use of MSB and provide the registration API.