...
| Gliffy | ||||||
|---|---|---|---|---|---|---|
|
Architecture sketch
| Gliffy | ||||||
|---|---|---|---|---|---|---|
|
Simplified certificate enrollment flow
...
| Parameter name | Required | Syntax | Description | Validation rules |
|---|---|---|---|---|
| CA Name | Yes | String (1-128) | The CA name should include the name of the external CA server and the issuerDN, which is the distinguished name of the CA on the external CA server that will sign our certificate. | String (1-128) Should be URL safe as it is used by clients as path parameter in REST calls |
| URL | Yes | Schema + IPv4/FQDN + port + path | Url to CMPv2 server; includes mandatory parts: scheme (http://) and IPv4/FQDN and optional parts: port and path (alias); e.g. http://127.0.0.1:8080/pkix or http://127.0.0.1/ejbca/publicweb/cmp/cmp NOTE: If FQDN is given ONAP must be able to resolve it without extra manual configuration | Must be correct URL Must start with http:// scheme If port given, port from 1-65535 range |
| Issuer DN | Yes | String (4-256) | Distinguished Name of the CA that will sign the certificate on the CMPv2 server side. When creating an end entity on the external CA server for client mode this IssuerDN will be passed through as the ca to sign for that user. | String (4-256) Correct DN |
| CA Mode | Yes | Enum (CLIENT|RA) | Issuer mode (either Registration Authority (RA) or client mode) | Value from predefined set |
| Authentication data::IAK | Yes | String (1-256) | Initial authentication key, used, together with RV, to authenticate request in CMPv2 server | String (1-256) |
| Authentication data::RV | Yes | String (1-256) | Reference value, used, together with IAK, to authenticate request in CMPv2 server | String (1-256) |
...