1.1 Overview
OCCM integrates with the Certificate Authority(s) using Certificate Management Protocol Version 2 (CMPv2) and RFC4210 to facilitate these certificate management operations:
- Operator-initiated certificate creation
- Operator-initiated certificate recreation
- Automatic certificate monitoring and renewal
Figure 1-1 OCCM Integration with CA
OCCM supports transport of CMPv2 messages using HTTP-based protocol.
OCCM provides the following mechanisms to establish initial trust between OCCM and
CA(s):
- Certificate-based message signing
- Pre-shared key or MAC based authentication
All the subsequent CMPv2 procedures are authenticated using the certificate-based mechanism in compliance with 3GPP TS 33.310.
The keys and X.509 certificates are managed using Kubernetes secrets.