CORDA-1181: Add back information on initial registration (#2943)

2025-01-18 02:39:51 +00:00 · 2018-04-07 15:18:05 +01:00 · 2018-04-07 15:18:05 +01:00 · 2792716157
commit 2792716157
parent e48cd808b0
5 changed files with 41 additions and 7 deletions
--- a/docs/source/example-code/src/main/resources/example-network-map-node.conf
+++ b/docs/source/example-code/src/main/resources/example-network-map-node.conf
@ -1,4 +0,0 @@
-myLegalName : "O=Notary Service,OU=corda,L=London,C=GB"
-keyStorePassword : "cordacadevpass"
-trustStorePassword : "trustpass"
-p2pAddress : "my-network-map:10000"
--- a/docs/source/example-code/src/main/resources/example-node.conf
+++ b/docs/source/example-code/src/main/resources/example-node.conf
@ -18,4 +18,3 @@ rpcUsers : [
    { username=user1, password=letmein, permissions=[ StartFlow.net.corda.protocols.CashProtocol ] }
 ]
 devMode : true
-// certificateSigningService : "https://testnet.certificate.corda.net"
--- a/docs/source/example-code/src/test/kotlin/net/corda/docs/ExampleConfigTest.kt
+++ b/docs/source/example-code/src/test/kotlin/net/corda/docs/ExampleConfigTest.kt
@ -29,8 +29,7 @@ class ExampleConfigTest {
    fun `example node_confs parses fine`() {
        readAndCheckConfigurations<NodeConfiguration>(
                "example-node.conf",
-                "example-out-of-process-verifier-node.conf",
-                "example-network-map-node.conf"
+                "example-out-of-process-verifier-node.conf"
        ) {
            val baseDirectory = Paths.get("some-example-base-dir")
            ConfigHelper.loadConfig(
--- a/docs/source/generating-a-node.rst
+++ b/docs/source/generating-a-node.rst
@ -25,6 +25,8 @@ In development mode (i.e. when ``devMode = true``, see :doc:`corda-configuration
 directory is filled with pre-configured keystores if the required keystores do not exist. This ensures that developers
 can get the nodes working as quickly as possible. However, these pre-configured keystores are not secure, to learn more see :doc:`permissioning`.

+.. _node_naming:
+
 Node naming
 -----------
 A node's name must be a valid X.500 distinguished name. In order to be compatible with other implementations
--- a/docs/source/permissioning.rst
+++ b/docs/source/permissioning.rst
@ -15,6 +15,8 @@ Most production deployments will use an existing certificate authority or constr
 made available in the coming months. Until then, the documentation below can be used to create your own certificate
 authority.

+.. note:: If you are looking for information on how to connect to the existing compatibility zone go to the section: `Connecting to a compatibility zone`_
+
 Certificate hierarchy
 ---------------------
 A Corda network has four types of certificate authorities (CAs):
@ -177,3 +179,39 @@ For each node, copy the following files to the node's certificate directory (``<
 1. The node's ``nodekeystore.jks`` keystore
 2. The node's ``sslkeystore.jks`` keystore
 3. The root network CA's ``truststore.jks`` keystore
+
+Connecting to a compatibility zone
+----------------------------------
+To connect to a compatibility zone you need to register with their certificate signing authority (doorman) by submitting
+a certificate signing request (CSR) to obtain a valid identity for the zone.
+
+Before you can register, you must first have received the trust store file containing the root certificate from the zone
+operator. Then run the following command:
+
+``java -jar corda.jar --initial-registration --network-root-truststore-password <trust store password>``
+
+By default it will expect the trust store file to be in the location ``certificates/network-root-truststore.jks``.
+This can be overridden with the additional ``--network-root-truststore`` flag.
+
+The certificate signing request will be created based on node information obtained from the node configuration.
+The following information from the node configuration file is needed to generate the request.
+
+:myLegalName: Your company's legal name as an X.500 string. X.500 allows differentiation between entities with the same
+          name as the legal name needs to be unique on the network. If another node has already been permissioned with this
+          name then the permissioning server will automatically reject the request. The request will also be rejected if it
+          violates legal name rules, see :ref:`node_naming` for more information.
+
+:emailAddress: e.g. "admin@company.com"
+
+:devMode: must be set to false
+
+:compatibilityZoneURL: Corda compatibility zone network management service root URL.
+
+      A new pair of private and public keys generated by the Corda node will be used to create the request.
+
+      The utility will submit the request to the doorman server and poll for a result periodically to retrieve the certificates.
+      Once the request has been approved and the certificates downloaded from the server, the node will create the keystore and trust store using the certificates and the generated private key.
+
+.. note:: You can exit the utility at any time if the approval process is taking longer than expected. The request process will resume on restart.
+
+This process only is needed when the node connects to the network for the first time, or when the certificate expires.