To get started with the development of the issuing process workflow, we recommend developing a diagram over the interaction, defining the exchange of messages between the IdAM and the device in the production line. Such an interaction diagram or sequence diagram will allow you to identify the necessary rule-chains and determine their functions.
IdAM Installation Overview
The following overview illustrates a typical installation of the IdAM and its connection to the CA Service in the PKI Trust Center.
The overview includes the following steps:
- The device initiates the certificate request with the onboard key generation or external key generation.
- IdAM performs the CSR using standard formats. CMP is built-in and custom formats can be added.
- IdAM pulls device information from the database, the Manufacturing Execution System (MES), or another server.
- The CSR is sent to the CA for certificate signing via a standard protocol, for example, CMP.
- The certificates are then sent back to the production line. Responses are validated and certificates are optionally distributed to other locations.
- Certificates are stored on the device.
Developing a sequence diagram helps you to use the specified communication and methods, passed between the production device and the IdAM and will allow you to identify the necessary rule chains and determine their functions. For the communication between the product in production and the IdAM, use the interface specification described in Device Adapter HTTP Interface with External Key Generation.
Based on the steps illustrated above, the following sequence diagram can be drawn.
Next Step - Configure IdAM
Next, review information on configuring the connection to the Trust Service, see Configure IdAM.