Certificate Management Protocol (CMPv2) Base Use Case Page
- Benjamin Cheung
DESCRIPTION
Certificate Management Protocol version 2 (CMPv2) is an Internet protocol used for obtaining X.509 digital certificates
Defined in RFC 4210
Updated by RFC 6712 (CMP over HTTP)
CMPv2 specifies following features:
Certificate enrollment
Certificate update
Own certificate revocation
Cross certification request
Key pair recovery
CMPv2 support in ONAP consists of 2 components:
CertService (server)
CertService client
A single CertService (server) instance is expected to be deployed, and CertService client(s) are expected to be used as init containers within Pods of certain ONAP Bordering components
For testing/validation purpose open source CMPv2 server (EJBCA) is provided. Cert-Manager is a native Kubernetes certificate management controller. It can help with issuing certificates from a variety of sources, such as Let’s Encrypt, HashiCorp Vault, Venafi, a simple signing key pair or self signed. It ensures certificates are valid and up to date, and attempt to renew certificates at a configured time before expiry.
Together with ONAP Honolulu, plugin for Cert-Manager (officially called CMPv2 external issuer) is deployed which extends Cert-Manager with the ability to enroll certificates using CMPv2 protocol
DCAE collectors (VES, HV-VES (RTPM use case) && DFC (BulkPM use case) and SDNC (NetConf over TLS use case) are able to acquire certificate from CMPv2 server. The same CMPv2 message (Initialization Request (IR)) is used currently in ONAP to get and update certificate. This is not inline with RFC and will be addressed in Istanbul release
ROADMAP - Use Case Evolution per Release
The following table links to the development for this use case in a particular release:
RELEASE | Link to Use Case |
|---|---|
R1 Amsterdam | Use Case did not Exist |
R2 Beijing | Use Case did not Exist |
R3 Casablanca | Use Case did not Exist |
R4 Dublin | Use Case did not Exist |
R5 El Alto | Maintenance Release (no Use Case work) |
R6 Frankfurt | Use Case did not Exist |
R7 Guilin | |
R8 Honolulu | |
R9 Istanbul | |
R10 Jakarta | No New Development |
PRIOR BASE PAGE
If a Prior "Base page" exists for this Use Case you can use it instead of this page or link to it.
KEY LINKS & KEY INFORMATION
The following table shows some Key Links and Key Information for this Use Case:
Topic | Description |
|---|---|
Key Use Case Leads | @Pawel Baniewski |
Key Use Case Contacts | @Pawel Baniewski @damian.nowak |
Meetings Register & Recordings | N/A |
OVERVIEW SLIDES & PRESENTATIONS/DEMOS:
This table has overview slides of the Use Case and presentations or demos
Topic | Description |
|---|---|
Overview Slides | |
Overview Presentation | |
Demo |