ETSI
ETSI TS 133 310 V16.5.0 (2020
3GPP TS 33.310 version 16.5.0 Release 16
5.2.17 NE CA certificate renewal .......................................................................................................................... 22
6 Profiling .................................................................................................................................................. 22
6.1 Certificate profiles ............................................................................................................................................ 22
6.1.1 Common rules to all certificates ................................................................................................................. 22
6.1.2 Interconnection CA Certificate profile ....................................................................................................... 23
6.1.3 SEG Certificate profile ............................................................................................................................... 24
6.1.3a TLS entity certificate profile ....................................................................................................................... 24
6.1.3b NE Certificate profile.................................................................................................................................. 25
6.1.3c SBA Certificate profile ............................................................................................................................... 25
6.1.3c.1 Introduction ........................................................................................................................................... 25
6.1.3c.2 General SBA Certificate profile ............................................................................................................ 25
6.1.3c.3 NF Certificate profile ............................................................................................................................ 25
6.1.4 SEG CA certificate profile .......................................................................................................................... 27
6.1.4a TLS client/server CA certificate profile ...................................................................................................... 27
6.1.4b NE CA certificate profile ............................................................................................................................ 28
6.1a CRL profile ...................................................................................................................................................... 28
6.2 IKE negotiation and profiling ........................................................................................................................... 28
6.2.1 Void ............................................................................................................................................................ 29
6.2.1b IKEv2 profile .............................................................................................................................................. 29
6.2.2 Potential interoperability issues .................................................................................................................. 29
6.2a TLS profiling .................................................................................................................................................... 29
6.2a.1 TLS profile.................................................................................................................................................. 30
6.2a.2 Potential interoperability issues .................................................................................................................. 30
6.3 Path validation .................................................................................................................................................. 30
6.3.1 Path validation profiling ............................................................................................................................. 30
7 Detailed description of architecture and mechanisms ............................................................................ 30
7.1 Repositories ...................................................................................................................................................... 30
7.2 Life cycle management .................................................................................................................................... 33
7.3 Cross-certification ............................................................................................................................................ 34
7.4 Revoking a SEG/TLS CA cross-certificate ...................................................................................................... 34
7.5 Establishing secure connections between NDS/IP end entities using IKE on the Za interface ........................ 34
7.5a Establishing secure connections using TLS ..................................................................................................... 35
7.5b Establishing secure connections between NDS/IP entities on the Zb interface ................................................ 35
7.6 CRL management ............................................................................................................................................. 35
8 Backward compatibility for NDS/IP NE's and SEGs ............................................................................. 36
9 Certificate enrolment for base stations ................................................................................................... 37
9.1 General ............................................................................................................................................................. 37
9.2 Architecture ...................................................................................................................................................... 37
9.3 Security Mechanisms ....................................................................................................................................... 38
9.4 Certificate Profiles ............................................................................................................................................ 38
9.4.1 General ........................................................................................................................................................ 38
9.4.2 Vendor Root CA Certificate ....................................................................................................................... 38
9.4.3 Vendor CA Certificate ................................................................................................................................ 38
9.4.4 Vendor Base Station Certificate .................................................................................................................. 38
9.4.5 Operator Root CA Certificate ..................................................................................................................... 39
9.4.6 Operator RA/CA Certificate ....................................................................................................................... 39
9.4.7 Intermediate Operator CA Certificate ......................................................................................................... 39
9.4.8 Operator Base Station Certificate ............................................................................................................... 39
9.5 CMPv2 Profiling .............................................................................................................................................. 40
9.5.1 General Requirements ................................................................................................................................. 40
9.5.2 Profile for the PKIMessage ......................................................................................................................... 41
9.5.3 Profile for the PKIHeader Field .................................................................................................................. 41
9.5.4 Profile for the PKIBody Field ..................................................................................................................... 41
9.5.4.1 General .................................................................................................................................................. 41
9.5.4.2 Initialization Request ............................................................................................................................ 42
9.5.4.3 Initialization Response .......................................................................................................................... 42
9.5.4.4 Key Update Request and Key Update Response ................................................................................... 42
9.5.4.5 Certificate Confirm Request and Confirmation Response .................................................................... 43
9.6 CMPv2 Transport ............................................................................................................................................. 43