X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=docs%2Fsections%2Farchitecture.rst;h=1a5b368777d465ce65f81caa6df2afe13d1fe7fb;hb=0c3c68ba16c8c1953247776e48072ff7668a7b02;hp=c70dd56d02f5f14b978279e7f0baa465392b6b46;hpb=6ac2ba6380c0dc23623fe3f198613c5f0bd2941a;p=oom%2Fplatform%2Fcert-service.git diff --git a/docs/sections/architecture.rst b/docs/sections/architecture.rst index c70dd56d..1a5b3687 100644 --- a/docs/sections/architecture.rst +++ b/docs/sections/architecture.rst @@ -6,14 +6,24 @@ Architecture ============ -The micro-service called CertService is designed for requesting certificates -signed by external Certificate Authority (CA) using CMP over HTTP protocol. It uses CMPv2 client to send and receive CMPv2 messages. -CertService's client will be also provided so other ONAP components (aka end components) can easily get certificate from CertService. -End component is an ONAP component (e.g. DCAE collector or controller) which requires certificate from CMPv2 server -to protect external traffic and uses CertService's client to get it. -CertService's client communicates with CertService via REST API over HTTPS, while CertService with CMPv2 server via CMP over HTTP. - -.. image:: resources/certservice_high_level.jpg +Interaction between components +------------------------------ + +.. image:: resources/certservice_high_level.png :width: 855px - :height: 178px + :height: 223px :alt: Interaction between components + + +Simplified certificate enrollment flow +-------------------------------------- + +.. image:: resources/certService_cert_enrollment_flow.png + :width: 1191px + :height: 893px + :alt: Simplified certificate enrollment flow + +Security considerations +----------------------- + +CertService's REST API is protected by mutual HTTPS, meaning server requests client's certificate and **authenticate** only requests with trusted certificate. After ONAP default installation only certificate from CertService's client is trusted. **Authorization** isn't supported in Frankfurt release. \ No newline at end of file