OpenCA is comprised by three type of components, the Certification Authority, the Registration Authority and the RA Operator. We shall discuss in detail these components in this chapter.
We shall describe the CA structure as used currently in OpenCA.
The Certification Authority, for security reasons and with accordance with the current layout, is recommended not to be networked. It can communicate with the Registration Authority in a manual fashion, such as using removable media.
The Registration Authority is recommended not to have direct access to the Internet but be accessed through the RA Operator.
The RA Operator constitutes the interface of OpenCA to the users and the Internet.