From b4b1d7d020c494bbac3a54921ca7dfe51349c979 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wawrzyniec=20Niewodnicza=C5=84ski?= Date: Mon, 14 Jan 2019 09:56:13 +0000 Subject: [PATCH] Move CRL to Corda Network - not sure if that the best place. CRL is is Corda Network specific, but current text sound the Corda Network specific. --- docs/source/corda-network/index.md | 21 +++++++++++++++++++++ docs/source/node-administration.rst | 19 ------------------- 2 files changed, 21 insertions(+), 19 deletions(-) diff --git a/docs/source/corda-network/index.md b/docs/source/corda-network/index.md index beee40efd5..e8621d03c7 100644 --- a/docs/source/corda-network/index.md +++ b/docs/source/corda-network/index.md @@ -57,3 +57,24 @@ Support ------- The Support Service is provided to Participants and Business Network Operators to manage / resolve inquiries and incidents relating to the Doorman, Network Map Service and Notary Service, and any other relevant services. + +CRL configuration +----------------- +The Corda Network provides an endpoint serving an empty certificate revocation list for the TLS-level certificates. +This is intended for deployments that do not provide a CRL infrastructure but still require a strict CRL mode checking. +In such a case use the following URL in `tlsCertCrlDistPoint` option configuration: + + .. sourcecode:: kotlin + + "https://crl.cordaconnect.org/cordatls.crl" + +Together with the above configuration `tlsCertCrlIssuer` option needs to be set to the following value: + + .. sourcecode:: kotlin + + "C=US, L=New York, O=R3 HoldCo LLC, OU=Corda, CN=Corda Root CA" + +This set-up ensures that the TLS-level certificates are embedded with the CRL distribution point referencing the CRL issued by R3. +In cases where a proprietary CRL infrastructure is provided those values need to be changed accordingly. + + diff --git a/docs/source/node-administration.rst b/docs/source/node-administration.rst index 36aebd4615..2bcf295dce 100644 --- a/docs/source/node-administration.rst +++ b/docs/source/node-administration.rst @@ -1,25 +1,6 @@ Node administration =================== -CRL configuration ------------------ -The Corda Network provides an endpoint serving an empty certificate revocation list for the TLS-level certificates. -This is intended for deployments that do not provide a CRL infrastructure but still require a strict CRL mode checking. -In such a case use the following URL in `tlsCertCrlDistPoint` option configuration: - - .. sourcecode:: kotlin - - "https://crl.cordaconnect.org/cordatls.crl" - -Together with the above configuration `tlsCertCrlIssuer` option needs to be set to the following value: - - .. sourcecode:: kotlin - - "C=US, L=New York, O=R3 HoldCo LLC, OU=Corda, CN=Corda Root CA" - -This set-up ensures that the TLS-level certificates are embedded with the CRL distribution point referencing the CRL issued by R3. -In cases where a proprietary CRL infrastructure is provided those values need to be changed accordingly. - .. _hiding-sensitive-data: Hiding sensitive data