Chapter 1. General Design

Table of Contents

1. Basic Hierarchy
2. Interfaces
2.1. Node
2.2. CA
2.3. RA
2.4. LDAP
2.5. Pub
3. Configuration
4. Database
5. Interface
6. Life cycle of the objects
7. Sub-Ca
7.1. Example 1
7.2. Example 2

We start here from scratch to give everybody a chance to understand how OpenCA works. So if you think about these boring guys who write this, please take in mind that OpenCA novices must also have a chance to understand the software.

1. Basic Hierarchy

The basic idea of every X.509 PKI (Public Key Infrastructure) is a strong hierarchical organization. This results in a tree of databases if we try to create a distributed PKI architecture.

Figure 1.1. Database oriented view

This is a storage oriented view of a PKI.
The data exchange between such isolated databases can be handled automatically if you use a distributed database system but in the sense of OpenCA such a distributed database system is only one database in our tree. If you really have an isolated database (e.g. for an Offline CA) then you must have the technology for the data exchange and the management of the complete node in the hierarchy. This management functionality is bundled in an interface called node or node management. Hence the design of OpenCA looks like follows

Figure 1.2. Logical data view

This is a storage oriented view of the information flow in a PKI.

Normally every server in the infrastructure of the trustcenter has it's own database for security reasons. This hierarchy is the backbone of the trustcenter.