Table of Contents
We start here from scratch to give everybody a chance to understand how OpenCA works. So if you think about these boring guys who write this, please take in mind that OpenCA novices must also have a chance to understand the software.
The basic idea of every X.509 PKI (Public Key Infrastructure) is a strong hierarchical organization. This results in a tree of databases if we try to create a distributed PKI architecture.
The data exchange between such isolated databases can be handled automatically if you use a distributed database system but in the sense of OpenCA such a distributed database system is only one database in our tree. If you really have an isolated database (e.g. for an Offline CA) then you must have the technology for the data exchange and the management of the complete node in the hierarchy. This management functionality is bundled in an interface called node or node management. Hence the design of OpenCA looks like follows
Normally every server in the infrastructure of the trustcenter has it's own database for security reasons. This hierarchy is the backbone of the trustcenter.