diff --git a/docs/source/running-hsm-cert-generator.rst b/docs/source/running-hsm-cert-generator.rst
index f5fd9f8bef..329f9cd235 100644
--- a/docs/source/running-hsm-cert-generator.rst
+++ b/docs/source/running-hsm-cert-generator.rst
@@ -28,10 +28,10 @@ Allowed parameters are:
 :certConfig: Certificate specific configuration. See below section on Certificate Configuration.
 
 :trustStoreDirectory: Path to the directory where the generated trust store should be placed.
-                 The name of the generated file is "truststore.jks".
+                 The name of the generated file is "network-root-truststore.jks".
                  If the trust store file does not exist, it will be created.
                  IMPORTANT - This trust store is intended to be distributed across the nodes.
-                 Nodes are hardcoded to use "truststore.jks" file as the trust store name.
+                 Nodes are hardcoded to use "network-root-truststore.jks" file as the trust store name.
                  As such, it is required that the file name is as the one expected by nodes.
 
 :trustStorePassword: Password for the generated trust store.
diff --git a/network-management/src/main/kotlin/com/r3/corda/networkmanage/common/utils/Utils.kt b/network-management/src/main/kotlin/com/r3/corda/networkmanage/common/utils/Utils.kt
index 5a41d980fd..35faf66066 100644
--- a/network-management/src/main/kotlin/com/r3/corda/networkmanage/common/utils/Utils.kt
+++ b/network-management/src/main/kotlin/com/r3/corda/networkmanage/common/utils/Utils.kt
@@ -36,6 +36,7 @@ import java.security.cert.CertPath
 import java.security.cert.X509Certificate
 
 const val CORDA_NETWORK_MAP = "cordanetworkmap"
+const val NETWORK_ROOT_TRUSTSTORE_FILENAME = "network-root-truststore.jks"
 
 val logger: Logger = LoggerFactory.getLogger("com.r3.corda.networkmanage.common.utils")
 
diff --git a/network-management/src/main/kotlin/com/r3/corda/networkmanage/doorman/NetworkManagementUtilities.kt b/network-management/src/main/kotlin/com/r3/corda/networkmanage/doorman/NetworkManagementUtilities.kt
index 51c996c53b..33b4467fef 100644
--- a/network-management/src/main/kotlin/com/r3/corda/networkmanage/doorman/NetworkManagementUtilities.kt
+++ b/network-management/src/main/kotlin/com/r3/corda/networkmanage/doorman/NetworkManagementUtilities.kt
@@ -11,6 +11,7 @@
 package com.r3.corda.networkmanage.doorman
 
 import com.r3.corda.networkmanage.common.utils.CORDA_NETWORK_MAP
+import com.r3.corda.networkmanage.common.utils.NETWORK_ROOT_TRUSTSTORE_FILENAME
 import com.r3.corda.networkmanage.common.utils.createSignedCrl
 import com.r3.corda.networkmanage.doorman.signer.LocalSigner
 import net.corda.core.crypto.Crypto
@@ -34,7 +35,6 @@ import kotlin.system.exitProcess
 
 // TODO The cert subjects need to be configurable
 const val CORDA_X500_BASE = "O=R3 HoldCo LLC,OU=Corda,L=New York,C=US"
-const val NETWORK_ROOT_TRUSTSTORE_FILENAME = "network-root-truststore.jks"
 
 /** Read password from console, do a readLine instead if console is null (e.g. when debugging in IDE). */
 internal fun readPassword(fmt: String): String {
diff --git a/network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/generator/KeyCertificateGenerator.kt b/network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/generator/KeyCertificateGenerator.kt
index 6fd256fed8..f0e392ac8c 100644
--- a/network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/generator/KeyCertificateGenerator.kt
+++ b/network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/generator/KeyCertificateGenerator.kt
@@ -14,6 +14,7 @@ import CryptoServerCXI.CryptoServerCXI.KEY_ALGO_ECDSA
 import CryptoServerCXI.CryptoServerCXI.KeyAttributes
 import CryptoServerJCE.CryptoServerProvider
 import com.r3.corda.networkmanage.common.utils.CORDA_NETWORK_MAP
+import com.r3.corda.networkmanage.common.utils.NETWORK_ROOT_TRUSTSTORE_FILENAME
 import com.r3.corda.networkmanage.hsm.utils.HsmX509Utilities.cleanEcdsaPublicKey
 import com.r3.corda.networkmanage.hsm.utils.HsmX509Utilities.createIntermediateCert
 import com.r3.corda.networkmanage.hsm.utils.HsmX509Utilities.createSelfSignedCert
@@ -89,7 +90,7 @@ class KeyCertificateGenerator(private val parameters: GeneratorParameters) {
                 crlDistributionUrl,
                 crlIssuer?.let { X500Name(it) })
         logger.info("Created root cert:\n$rootCert")
-        val trustStorePath = networkRootTrustStoreDirectory / "truststore.jks"
+        val trustStorePath = networkRootTrustStoreDirectory / NETWORK_ROOT_TRUSTSTORE_FILENAME
         X509KeyStore.fromFile(trustStorePath, networkRootTrustStorePassword, createNew = true).update {
             setCertificate(CORDA_ROOT_CA, rootCert)
         }
diff --git a/network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/generator/Main.kt b/network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/generator/Main.kt
index e8ee62ebae..81dcc6f158 100644
--- a/network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/generator/Main.kt
+++ b/network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/generator/Main.kt
@@ -40,7 +40,7 @@ fun run(parameters: GeneratorParameters) {
                     val rootProviderConfig = CryptoServerProviderConfig(
                             Device = "$hsmPort@$hsmHost",
                             KeySpecifier = certConfig.keySpecifier,
-                            KeyGroup = certConfig.rootKeyGroup!!,
+                            KeyGroup = requireNotNull(certConfig.rootKeyGroup) { "rootKeyGroup needs to be specified." },
                             StoreKeysExternal = certConfig.storeKeysExternal)
                     AutoAuthenticator(rootProviderConfig, userConfigs).connectAndAuthenticate { rootProvider ->
                         generator.generate(provider, rootProvider)