Chapter 1. General Design
We start here from scratch to give everybody a chance to understand how OpenCA
works. So if you think about these boring guys who write this, please take in
mind that OpenCA novices must also have a chance to understand the software.
The basic idea of every X.509 PKI (Public Key Infrastructure) is a
strong hierarchical organization. This results in a tree of databases
if we try to create a distributed PKI architecture.
The data exchange between such isolated databases can be handled
automatically if you use a distributed database system but in the
sense of OpenCA such a distributed database system is only one database
in our tree. If you really have an isolated database (e.g. for an
Offline CA) then you must have the technology for the data exchange and
the management of the complete node in the hierarchy. This management
functionality is bundled in an interface called node or node
management. Hence the design of OpenCA looks like follows
Normally every server in the infrastructure of the trustcenter has it's own
database for security reasons. This hierarchy is the backbone of the
trustcenter.