<liclass="toctree-l1"><aclass="reference internal"href="tutorial-cordapp.html#running-the-cordapp-template">Running the CorDapp template</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="tutorial-cordapp.html#interacting-with-the-cordapp-template">Interacting with the CorDapp template</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="tutorial-cordapp.html#extending-the-cordapp-template">Extending the CorDapp template</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="oracles.html#implementing-an-oracle-with-continuously-varying-data">Implementing an oracle with continuously varying data</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="oracles.html#using-an-oracle">Using an oracle</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="setting-up-a-corda-network.html">Introduction - What is a corda network?</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="setting-up-a-corda-network.html#setting-up-your-own-network">Setting up your own network</a></li>
<h1>Network permissioning<aclass="headerlink"href="#network-permissioning"title="Permalink to this headline">¶</a></h1>
<p>The keystore located in <codeclass="docutils literal"><spanclass="pre"><workspace>/certificates/sslkeystore.jks</span></code> is required to connect to the Corda network securely.
In development mode (when <codeclass="docutils literal"><spanclass="pre">devMode</span><spanclass="pre">=</span><spanclass="pre">true</span></code>, see <aclass="reference internal"href="corda-configuration-file.html"><spanclass="doc">Node configuration</span></a> for more information) a pre-configured
keystore will be used if the keystore does not exist. This is to ensure developers can get the nodes working as quickly
as possible.</p>
<p>However this is not secure for the real network. This documentation will explain the procedure of obtaining a signed
<trclass="field-odd field"><thclass="field-name">myLegalName:</th><tdclass="field-body"><pclass="first">Your company’s legal name. e.g. “Mega Corp LLC”. This needs to be unique on the network. If another node
has already been permissioned with this name then the permissioning server will automatically reject the request. The
request will also be rejected if the name contains a <codeclass="docutils literal"><spanclass="pre">=</span></code> or <codeclass="docutils literal"><spanclass="pre">,</span></code>.</p>
<divclass="admonition note">
<pclass="first admonition-title">Note</p>
<pclass="last">In a future version the uniquess requirement will be relaxed to a X.500 name. This will allow differentiation
<trclass="field-even field"><td> </td><tdclass="field-body"><pclass="first last">Certificate signing server URL. A certificate signing server will be hosted by R3 in the near
<p>A new pair of private and public keys will be generated by the utility and will be used to create the request.</p>
<p>The utility will submit the request to the network permissioning server and poll for a result periodically to retrieve the certificates.
Once the request has been approved and the certificates downloaded from the server, the utility will create the key store and trust store using the certificates and the generated private key.</p>
<divclass="admonition note">
<pclass="first admonition-title">Note</p>
<pclass="last">You can exit the utility at anytime if the approval process is taking longer then expected. The request process will resume on restart.</p>
</div>
<p>This process only needs to be done once when the node connects to the network for the first time, or when the certificate expires.</p>
</div>
<divclass="section"id="building-the-utility">
<h2>Building the utility<aclass="headerlink"href="#building-the-utility"title="Permalink to this headline">¶</a></h2>
<p>The utility will be created as part of the gradle <codeclass="docutils literal"><spanclass="pre">:node</span></code> module <codeclass="docutils literal"><spanclass="pre">buildCordaJAR</span></code> task.
<p>The utility JAR will be created in <codeclass="docutils literal"><spanclass="pre"><Project</span><spanclass="pre">Root</span><spanclass="pre">Dir>/node/build/libs/certSigningRequestUtility.jar</span></code></p>
<h2>Running the utility<aclass="headerlink"href="#running-the-utility"title="Permalink to this headline">¶</a></h2>
<p>You will need to specify the working directory of your Corda node using <codeclass="docutils literal"><spanclass="pre">--base-dir</span></code> flag. This is defaulted to current directory if left blank.
You can also specify the location of <codeclass="docutils literal"><spanclass="pre">node.conf</span></code> with <codeclass="docutils literal"><spanclass="pre">--config-file</span></code> flag if it’s not in the working directory.</p>
<p>A <codeclass="docutils literal"><spanclass="pre">certificates</span></code> folder containing the keystore and trust store will be created in the base directory when the process is completed.</p>
<divclass="admonition warning">
<pclass="first admonition-title">Warning</p>
<pclass="last">The keystore is protected by the keystore password from the node configuration file. The password should kept safe to protect the private key and certificate.</p>
</div>
<divclass="admonition note">
<pclass="first admonition-title">Note</p>
<pclass="last">Password encryption in node configuration will be supported in subsequent release.</p>
Built with <ahref="http://sphinx-doc.org/">Sphinx</a> using a <ahref="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <ahref="https://readthedocs.org">Read the Docs</a>.