We start here from scratch to give everybody a chance to understand how OpenCA
works. So if you think about these boring guys who write this please take in
mind that also OpenCA novices must have a chance to understand the software.
The basic idea of every X.509 PKI (Public Key Infrastructure) is a strong
hierarchical organization. This results in a tree of databases if we try to
create a distributed PKI architecture.
The dataexchange between such isolated databases can be handled
automatically if you use a distributed databasesystem but in the sense of
OpenCA such a distributed databasesystem is only on database in our tree.
If you have really isolated database (e.g. for an Offline CA) then you must
have a technology for the dataexchange and the management of the complete
node in the hierarchy. This management functionalities are bundled in an
interface called node or node management. So the design of
OpenCA looks like follows
Normally every server in the infrastructure of the trustcenter has it's own
database for security reasons. This hierarchy is the backbone of the
trustcenter. \