:crlCheckSoftFail:This is a boolean flag that when enabled (i.e. `true` value is set) the certificate revocation list (CRL) checking will use the soft fail mode.
The soft fail mode allows the revocation check to succeed if the revocation status cannot be determined because of a network error.
If this parameter is set to `false` the rigorous CRL checking takes place, meaning that each certificate in the
certificate path being checked needs to have the CRL distribution point extension set and pointing to a URL serving a valid CRL.
:rpcAddress:The address of the RPC system on which RPC requests can be made to the node. If not provided then the node will run without RPC. This is now deprecated in favour of the ``rpcSettings`` block.
:rpcSettings:Options for the RPC server.
:useSsl:(optional) boolean, indicates whether the node should require clients to use SSL for RPC connections, defaulted to ``false``.
:standAloneBroker:(optional) boolean, indicates whether the node will connect to a standalone broker for RPC, defaulted to ``false``.
:address:(optional) host and port for the RPC server binding, if any.
:adminAddress:(optional) host and port for the RPC admin binding (only required when ``useSsl`` is ``false``, because the node connects to Artemis using SSL to ensure admin privileges are not accessible outside the node).
:ssl:(optional) SSL settings for the RPC server.
:keyStorePassword:password for the key store.
:trustStorePassword:password for the trust store.
:certificatesDirectory:directory in which the stores will be searched, unless absolute paths are provided.
:sslKeystore:absolute path to the ssl key store, defaulted to ``certificatesDirectory / "sslkeystore.jks"``.
:trustStoreFile:absolute path to the trust store, defaulted to ``certificatesDirectory / "truststore.jks"``.
Also, if ``devMode`` is true, Hibernate will try to automatically create the schema required by Corda
or update an existing schema in the SQL database; if ``devMode`` is false, Hibernate will simply validate the existing schema,
failing on node start if the schema is either not present or not compatible.
If no value is specified in the node config file, the node will attempt to detect if it's running on a developer machine and set ``devMode=true`` in that case.
This value can be overridden from the command line using the ``--dev-mode`` option.
:compatibilityZoneURL:The root address of Corda compatibility zone network management services, it is used by the Corda node to register with the network and
obtain Corda node certificate, (See :doc:`permissioning` for more information.) and also used by the node to obtain network map information.
:sshd:If provided, node will start internal SSH server which will provide a management shell. It uses the same credentials and permissions as RPC subsystem. It has one required parameter.
:tlsCertCrlDistPoint:CRL distribution point (i.e. URL) for the TLS certificate. Default value is NULL, which indicates no CRL availability for the TLS certificate.
Note: If crlCheckSoftFail is FALSE (meaning that there is the strict CRL checking mode) this value needs to be set.
:tlsCertCrlIssuer:CRL issuer (given in the X500 name format) for the TLS certificate. Default value is NULL,
which indicates that the issuer of the TLS certificate is also the issuer of the CRL.
Note: If this parameter is set then the tlsCertCrlDistPoint needs to be set as well.
:trustStorePassword:The password to unlock the Trust store file (``<workspace>/certificates/truststore.jks``) containing
the Corda network root certificate. This is the non-secret value for the development certificates automatically
generated during the first node run.
..note:: Longer term these keys will be managed in secure hardware devices.
:rpcSettings:Options for the RPC server.
:useSsl:(optional) boolean, indicates whether the node should require clients to use SSL for RPC connections, defaulted to ``false``.
:standAloneBroker:(optional) boolean, indicates whether the node will connect to a standalone broker for RPC, defaulted to ``false``.
:address:(optional) host and port for the RPC server binding, if any.
:adminAddress:(optional) host and port for the RPC admin binding (only required when ``useSsl`` is ``false``, because the node connects to Artemis using SSL to ensure admin privileges are not accessible outside the node).
:ssl:(optional) SSL settings for the RPC client.
:keyStorePassword:password for the key store.
:trustStorePassword:password for the trust store.
:certificatesDirectory:directory in which the stores will be searched, unless absolute paths are provided.
:sslKeystore:absolute path to the ssl key store, defaulted to ``certificatesDirectory / "sslkeystore.jks"``.
:trustStoreFile:absolute path to the trust store, defaulted to ``certificatesDirectory / "truststore.jks"``.
:trustStoreFile:absolute path to the trust store, defaulted to ``certificatesDirectory / "truststore.jks"``.
:webAddress:The host and port on which the webserver will listen if it is started. This is not used by the node itself.
:rpcUsers:A list of users who are authorised to access the RPC system. Each user in the list is a config object with the
following fields:
:username:Username consisting only of word characters (a-z, A-Z, 0-9 and _)
:password:The password
:permissions:A list of permissions for starting flows via RPC. To give the user the permission to start the flow
``foo.bar.FlowClass``, add the string ``StartFlow.foo.bar.FlowClass`` to the list. If the list