Certificate Validation Long Term Proposal
Portal user interface can include an Application Authorization user interface with a box similar to that for VID, SDC etc. There can be another another box like the boxes in picture below. This can be quite basic, initially it may only allow a user to upload a certificate file in some specified format eg. DER, PEM.
The Portal application may be the only user authorized to use the AAF interface https://aaf.onap.org/issuer-certificate. There may be many suitable protocols for the AAF endpoints discussed here. HTTP is just an option. AAF stores certificates it receives from Portal on this authenticated and authorized interface.
AAF also provides an interface to components to validate certificates. The initial use case is SDC validating a certificate delivered with a PNF package from a PNF vendor. SDC would send a request to https://aaf.onap.org/valid-certificate-check with the certificate to check in the request body. AAF would validate this certificate. The certificate contains a signature from an issuer which can be verified if AAF has the issuer certificate.