ONAP MUST support the automated certificate management protocol CMPv2. Also Simple Certificate Enrollment Protocol (SCEP) or Automated Certificate Management Environment (ACME) SHOULD be supported.

--------
Proposed new requirement: ONAP SHOULD support installing certificates into each of its components, for example as a PKCS #12 file.
--> to be revisited, including feedback from Orange.

------------
Proposed new requirement, for AAF: AAF MUST support installation of certificates using CMPv2, for ONAP external mTLS communication.

-------------
Note: there is new requirement proposed in the comments!