ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2025-04-07 19:34:41 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Move CRL to Corda Network

Browse Source 
- not sure if that the best place. CRL is is Corda Network specific, but
  current text sound the Corda Network specific.
This commit is contained in:
Wawrzyniec Niewodniczański 2019-01-14 09:56:13 +00:00
parent d4178eecca
commit b4b1d7d020
2 changed files with 21 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
docs/source/corda-network/index.md
View File

@ -57,3 +57,24 @@ Support
-------
The Support Service is provided to Participants and Business Network Operators to manage / resolve inquiries and incidents
relating to the Doorman, Network Map Service and Notary Service, and any other relevant services.
CRL configuration
-----------------
The Corda Network provides an endpoint serving an empty certificate revocation list for the TLS-level certificates.
This is intended for deployments that do not provide a CRL infrastructure but still require a strict CRL mode checking.
In such a case use the following URL in `tlsCertCrlDistPoint` option configuration:
.. sourcecode:: kotlin
"https://crl.cordaconnect.org/cordatls.crl"
Together with the above configuration `tlsCertCrlIssuer` option needs to be set to the following value:
.. sourcecode:: kotlin
"C=US, L=New York, O=R3 HoldCo LLC, OU=Corda, CN=Corda Root CA"
This set-up ensures that the TLS-level certificates are embedded with the CRL distribution point referencing the CRL issued by R3.
In cases where a proprietary CRL infrastructure is provided those values need to be changed accordingly.

19
docs/source/node-administration.rst
View File

@ -1,25 +1,6 @@
Node administration
===================
CRL configuration
-----------------
The Corda Network provides an endpoint serving an empty certificate revocation list for the TLS-level certificates.
This is intended for deployments that do not provide a CRL infrastructure but still require a strict CRL mode checking.
In such a case use the following URL in `tlsCertCrlDistPoint` option configuration:
.. sourcecode:: kotlin
"https://crl.cordaconnect.org/cordatls.crl"
Together with the above configuration `tlsCertCrlIssuer` option needs to be set to the following value:
.. sourcecode:: kotlin
"C=US, L=New York, O=R3 HoldCo LLC, OU=Corda, CN=Corda Root CA"
This set-up ensures that the TLS-level certificates are embedded with the CRL distribution point referencing the CRL issued by R3.
In cases where a proprietary CRL infrastructure is provided those values need to be changed accordingly.
.. _hiding-sensitive-data:
Hiding sensitive data