Update CertService Introduction Documentation

Issue-ID: AAF-1091
Signed-off-by: Aleksandra Maciaga <aleksandra.maciaga@nokia.com>
Change-Id: Ica4596e08648b49782316be48769395223a15397

1 files changed, 19 insertions, 9 deletions

diff --git a/docs/sections/architecture.rst b/docs/sections/architecture.rst
index c70dd56d..1a5b3687 100644
--- a/docs/sections/architecture.rst
+++ b/docs/sections/architecture.rst
@@ -6,14 +6,24 @@
 Architecture
 ============
 
-The micro-service called CertService is designed for requesting certificates
-signed by external Certificate Authority (CA) using CMP over HTTP protocol. It uses CMPv2 client to send and receive CMPv2 messages.
-CertService's client will be also provided so other ONAP components (aka end components) can easily get certificate from CertService.
-End component is an ONAP component (e.g. DCAE collector or controller) which requires certificate from CMPv2 server
-to protect external traffic and uses CertService's client to get it.
-CertService's client communicates with CertService via REST API over HTTPS, while CertService with CMPv2 server via CMP over HTTP.
-
-.. image:: resources/certservice_high_level.jpg
+Interaction between components
+------------------------------
+
+.. image:: resources/certservice_high_level.png
    :width: 855px
-   :height: 178px
+   :height: 223px
    :alt: Interaction between components
+
+
+Simplified certificate enrollment flow
+--------------------------------------
+
+.. image:: resources/certService_cert_enrollment_flow.png
+   :width: 1191px
+   :height: 893px
+   :alt: Simplified certificate enrollment flow
+
+Security considerations
+-----------------------
+
+CertService's REST API is protected by mutual HTTPS, meaning server requests client's certificate and **authenticate** only requests with trusted certificate. After ONAP default installation only certificate from CertService's client is trusted. **Authorization** isn't supported in Frankfurt release.
\ No newline at end of file