PKI TechNote Server Arch
For the Java-based servers such as CA, TKS, DRM, and OCSP. We use tomcat as the web engine.
The following diagram shows:
- tomcat process secure http request using jss via tomcatjss
- tomcat passes the requests to the PKI servlets that are part of cms.jar
- PKI servlets submits the request into the CMS engine for processing
The server uses JSS to perform cryptographic operations such as signing and encryption.
Non Java-based Servers
- TPS and RA are using Apache as the web engine. mod_nss (aka fortitude) handles the SSL communication, with the help of the NSS library, in Apache.
- Apache passes the clear HTTP request to mod_tps for processing.
The server uses NSS to perform cryptographic operations such as signing and encryption.