:crlCheckSoftFail:This is a boolean flag that when enabled (i.e. `true` value is set) the certificate revocation list (CRL) checking will use the soft fail mode.
The soft fail mode allows the revocation check to succeed if the revocation status cannot be determined because of a network error.
If this parameter is set to `false` the rigorous CRL checking takes place, meaning that each certificate in the
certificate path being checked needs to have the CRL distribution point extension set and pointing to a URL serving a valid CRL.
:rpcAddress:The address of the RPC system on which RPC requests can be made to the node. If not provided then the node will run without RPC. This is now deprecated in favour of the ``rpcSettings`` block.
:rpcSettings:Options for the RPC server.
:useSsl:(optional) boolean, indicates whether the node should require clients to use SSL for RPC connections, defaulted to ``false``.
:standAloneBroker:(optional) boolean, indicates whether the node will connect to a standalone broker for RPC, defaulted to ``false``.
:address:(optional) host and port for the RPC server binding, if any.
:adminAddress:(optional) host and port for the RPC admin binding (only required when ``useSsl`` is ``false``, because the node connects to Artemis using SSL to ensure admin privileges are not accessible outside the node).
:ssl:(optional) SSL settings for the RPC server.
:keyStorePassword:password for the key store.
:trustStorePassword:password for the trust store.
:certificatesDirectory:directory in which the stores will be searched, unless absolute paths are provided.
:sslKeystore:absolute path to the ssl key store, defaulted to ``certificatesDirectory / "sslkeystore.jks"``.
:trustStoreFile:absolute path to the trust store, defaulted to ``certificatesDirectory / "truststore.jks"``.
:compatibilityZoneURL:The root address of Corda compatibility zone network management services, it is used by the Corda node to register with the network and
obtain Corda node certificate, (See :doc:`permissioning` for more information.) and also used by the node to obtain network map information.
:sshd:If provided, node will start internal SSH server which will provide a management shell. It uses the same credentials and permissions as RPC subsystem. It has one required parameter.
The available config fields are listed below. ``baseDirectory`` is available as a substitution value, containing the absolute
path to the node's base directory.
:myLegalName:The legal identity of the node acts as a human readable alias to the node's public key and several demos use
this to lookup the NodeInfo.
:keyStorePassword:The password to unlock the KeyStore file (``<workspace>/certificates/sslkeystore.jks``) containing the
node certificate and private key.
..note:: This is the non-secret value for the development certificates automatically generated during the first node run.
Longer term these keys will be managed in secure hardware devices.
:trustStorePassword:The password to unlock the Trust store file (``<workspace>/certificates/truststore.jks``) containing
the Corda network root certificate. This is the non-secret value for the development certificates automatically
generated during the first node run.
..note:: Longer term these keys will be managed in secure hardware devices.
:rpcSettings:Options for the RPC server.
:useSsl:(optional) boolean, indicates whether the node should require clients to use SSL for RPC connections, defaulted to ``false``.
:standAloneBroker:(optional) boolean, indicates whether the node will connect to a standalone broker for RPC, defaulted to ``false``.
:address:(optional) host and port for the RPC server binding, if any.
:adminAddress:(optional) host and port for the RPC admin binding (only required when ``useSsl`` is ``false``, because the node connects to Artemis using SSL to ensure admin privileges are not accessible outside the node).
:ssl:(optional) SSL settings for the RPC client.
:keyStorePassword:password for the key store.
:trustStorePassword:password for the trust store.
:certificatesDirectory:directory in which the stores will be searched, unless absolute paths are provided.
:sslKeystore:absolute path to the ssl key store, defaulted to ``certificatesDirectory / "sslkeystore.jks"``.
:trustStoreFile:absolute path to the trust store, defaulted to ``certificatesDirectory / "truststore.jks"``.
:trustStoreFile:absolute path to the trust store, defaulted to ``certificatesDirectory / "truststore.jks"``.
:webAddress:The host and port on which the webserver will listen if it is started. This is not used by the node itself.
:rpcUsers:A list of users who are authorised to access the RPC system. Each user in the list is a config object with the
following fields:
:username:Username consisting only of word characters (a-z, A-Z, 0-9 and _)
:password:The password
:permissions:A list of permissions for starting flows via RPC. To give the user the permission to start the flow
``foo.bar.FlowClass``, add the string ``StartFlow.foo.bar.FlowClass`` to the list. If the list
contains the string ``ALL``, the user can start any flow via RPC. This value is intended for administrator