Chapter 1. General Design

Table of Contents

1. Basic Hierarchy
2. Interfaces
2.1. Node
2.2. CA
2.3. RA
2.4. LDAP
2.5. Pub
3. Configuration
4. Database
5. Interface
6. Lifecycle of the objects
7. Sub-Ca
7.1. Example 1
7.2. Example 2

We start here from scratch to give everybody a chance to understand how OpenCA works. So if you think about these boring guys who write this please take in mind that also OpenCA novices must have a chance to understand the software.

1. Basic Hierarchy

The basic idea of every X.509 PKI (Public Key Infrastructure) is a strong hierarchical organization. This results in a tree of databases if we try to create a distributed PKI architecture.

Figure 1.1. Database oriented view

This is a storage oriented view of a PKI.
The dataexchange between such isolated databases can be handled automatically if you use a distributed databasesystem but in the sense of OpenCA such a distributed databasesystem is only on database in our tree. If you have really isolated database (e.g. for an Offline CA) then you must have a technology for the dataexchange and the management of the complete node in the hierarchy. This management functionalities are bundled in an interface called node or node management. So the design of OpenCA looks like follows

Figure 1.2. Logical data view

This is a storage oriented view of the informationflow in a PKI.

Normally every server in the infrastructure of the trustcenter has it's own database for security reasons. This hierarchy is the backbone of the trustcenter. \