aboutsummaryrefslogtreecommitdiffstats
path: root/docs/sections/architecture.rst
diff options
context:
space:
mode:
Diffstat (limited to 'docs/sections/architecture.rst')
-rw-r--r--docs/sections/architecture.rst28
1 files changed, 19 insertions, 9 deletions
diff --git a/docs/sections/architecture.rst b/docs/sections/architecture.rst
index c70dd56d..1a5b3687 100644
--- a/docs/sections/architecture.rst
+++ b/docs/sections/architecture.rst
@@ -6,14 +6,24 @@
Architecture
============
-The micro-service called CertService is designed for requesting certificates
-signed by external Certificate Authority (CA) using CMP over HTTP protocol. It uses CMPv2 client to send and receive CMPv2 messages.
-CertService's client will be also provided so other ONAP components (aka end components) can easily get certificate from CertService.
-End component is an ONAP component (e.g. DCAE collector or controller) which requires certificate from CMPv2 server
-to protect external traffic and uses CertService's client to get it.
-CertService's client communicates with CertService via REST API over HTTPS, while CertService with CMPv2 server via CMP over HTTP.
-
-.. image:: resources/certservice_high_level.jpg
+Interaction between components
+------------------------------
+
+.. image:: resources/certservice_high_level.png
:width: 855px
- :height: 178px
+ :height: 223px
:alt: Interaction between components
+
+
+Simplified certificate enrollment flow
+--------------------------------------
+
+.. image:: resources/certService_cert_enrollment_flow.png
+ :width: 1191px
+ :height: 893px
+ :alt: Simplified certificate enrollment flow
+
+Security considerations
+-----------------------
+
+CertService's REST API is protected by mutual HTTPS, meaning server requests client's certificate and **authenticate** only requests with trusted certificate. After ONAP default installation only certificate from CertService's client is trusted. **Authorization** isn't supported in Frankfurt release. \ No newline at end of file