Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

DESCRIPTION

Certificate Management Protocol version 2 (CMPv2) is an Internet protocol used for obtaining X.509 digital certificates

  • Defined in RFC 4210
  • Updated by RFC 6712 (CMP over HTTP)

CMPv2 specifies following features:

  • Certificate enrollment
  • Certificate update
  • Own certificate revocation
  • Cross certification request
  • Key pair recovery

CMPv2 support in ONAP consists of 2 components:

  • CertService (server)
  • CertService client

A single CertService (server) instance is expected to be deployed, and CertService client(s) are expected to be used as init containers within Pods of certain ONAP Bordering components

For testing/validation purpose open source CMPv2 server (EJBCA) is provided. Cert-Manager is a native Kubernetes certificate management controller. It can help with issuing certificates from a variety of sources, such as Let’s Encrypt, HashiCorp Vault, Venafi, a simple signing key pair or self signed. It ensures certificates are valid and up to date, and attempt to renew certificates at a configured time before expiry.

Together with ONAP Honolulu, plugin for Cert-Manager (officially called CMPv2 external issuer) is deployed which extends Cert-Manager with the ability to enroll certificates using CMPv2 protocol

DCAE collectors (VES, HV-VES (RTPM use case) && DFC (BulkPM use case) and SDNC (NetConf over TLS use case) are able to acquire certificate from CMPv2 server. The same CMPv2 message (Initialization Request (IR)) is used currently in ONAP to get and update certificate. This is not inline with RFC and will be addressed in Istanbul release


ROADMAP - Use Case Evolution per Release

The following table links to the development for this use case in a particular release:

RELEASELink to Use Case
R1 AmsterdamUse Case did not Exist

R2 Beijing

Use Case did not Exist
R3 CasablancaUse Case did not Exist
R4 DublinUse Case did not Exist
R5 El AltoMaintenance Release
R6 FrankfurtUse Case did not Exist
R7 GuilinR7 Certificate Management Protocol (CMPv2)
R8 HonoluluR8 Certificate Management Protocol
R9 IstanbulR9 CMP v2
R10 JakartaNo New Development

PRIOR BASE PAGE

If a Prior "Base page" exists for this Use Case you can use it instead of this page or link to it.

KEY LINKS & KEY INFORMATION

The following table shows some Key Links and Key Information for this Use Case:

TopicDescription
Key Use Case Leads
Pawel Baniewski
Key Use Case Contacts
Meetings Register & RecordingsN/A


OVERVIEW SLIDES & PRESENTATIONS/DEMOS:

This table has overview slides of the Use Case and presentations or demos

TopicDescription
Overview Slides

Overview Presentation

Demo
  • No labels