diff options
Diffstat (limited to 'docs/sections/architecture.rst')
-rw-r--r-- | docs/sections/architecture.rst | 28 |
1 files changed, 19 insertions, 9 deletions
diff --git a/docs/sections/architecture.rst b/docs/sections/architecture.rst index c70dd56d..1a5b3687 100644 --- a/docs/sections/architecture.rst +++ b/docs/sections/architecture.rst @@ -6,14 +6,24 @@ Architecture ============ -The micro-service called CertService is designed for requesting certificates -signed by external Certificate Authority (CA) using CMP over HTTP protocol. It uses CMPv2 client to send and receive CMPv2 messages. -CertService's client will be also provided so other ONAP components (aka end components) can easily get certificate from CertService. -End component is an ONAP component (e.g. DCAE collector or controller) which requires certificate from CMPv2 server -to protect external traffic and uses CertService's client to get it. -CertService's client communicates with CertService via REST API over HTTPS, while CertService with CMPv2 server via CMP over HTTP. - -.. image:: resources/certservice_high_level.jpg +Interaction between components +------------------------------ + +.. image:: resources/certservice_high_level.png :width: 855px - :height: 178px + :height: 223px :alt: Interaction between components + + +Simplified certificate enrollment flow +-------------------------------------- + +.. image:: resources/certService_cert_enrollment_flow.png + :width: 1191px + :height: 893px + :alt: Simplified certificate enrollment flow + +Security considerations +----------------------- + +CertService's REST API is protected by mutual HTTPS, meaning server requests client's certificate and **authenticate** only requests with trusted certificate. After ONAP default installation only certificate from CertService's client is trusted. **Authorization** isn't supported in Frankfurt release.
\ No newline at end of file |