...
- Initial VNF Certificate Enrollment
- Follows ETSI standards: SOL002, SOL003, SOL005, IFA006, IFA007.
- Two options are supported.
Option 1: PKCS#12 container can be installed on the VNF at instantiation time.
Out-of-band pre-provisioning with the CA is necessary to generate the PKCS#12 bundle before the VNF is instantiated.
- Option 2: VNF can perform certificate enrollment with a One Time Password (OTP).
The OTP, which is a Pre-Shared Key (PSK), is generated by the CA, along with a Reference Number (REFNUM) and provisioned on the VNF at instantiation.
- After instantiation, VNF performs certificate enrollment via CMPv2; VNF includes the REFNUM in the Certificate Signing Request (CSR); PSK is used to sign the CSR. See RFC4210 Appendix D.4
- Out-of-band pre-provisioning with the CA is necessary to generate the PSK and REFNUM before the VNF is instantiated. This is just one part of the larger network planning exercise that must be completed before a gNB is deployed.
Oct 5: VNF Activation with updates to remove roles/permissions and perform cert enroll after instantiation - version 20
View file | ||||
---|---|---|---|---|
|
Aug 29: VNF Activation with updates to instantiation scenario - version 18
...