ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2024-12-28 00:38:55 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
296e74aca7
corda/docs/source/running-dev-keystore-generator.rst
Michal Kit 8c5f0ac0ca
Making BasicConstraints a critical extension (#420) 
Path length will be decided in another ticket - https://r3-cev.atlassian.net/browse/ENT-1508
2018-02-08 14:30:20 +00:00

2.2 KiB
Raw Blame History

Running the dev keystore generator

The dev keystore generator is a utility tool designed only for internal use. Sometimes our certificates change (e.g. new extensions are added, some of them are modified...). In order to stay consistent with the rest of the Corda platform and in particular with Corda node (and its DEV execution mode), we need a facility that would allow us to easily create keystore containing both root and doorman certificates together with their keys. Those certificates will reflect the most recent state of the Corda certificates. In addition, a truststore file (containing the root certificate) is also generated. Once generated, those files (i.e. keystore and truststore) can be copied to an appropriate node directory.

Although, the output of the tool is strongly bound to the node execution process (i.e. expected key store file name, trust store file name, passwords are hardcoded), it can be used to generate arbitrary keystore and truststore files with Corda certificates. Therefore, the tool supports a custom configuration.

Configuration file

At startup the dev generator tool reads a configuration file, passed with --config-file on the command line.

This is an example of what a generator configuration file might look like:

../../network-management/dev-generator.conf

Invoke the tool with -? for a full list of supported command-line arguments.

If no configuration file is provided, all the options default to the node expected values.

Configuration parameters

Allowed parameters are:

privateKeyPass

Password for both Root and Doorman private keys. Default value: "cordacadevkeypass".

keyStorePass

Password for the keystore file. Default value: "cordacadevpass".

keyStoreFileName

File name for the keystore file. Default value: "cordadevcakeys.jks".

trustStorePass

Password for the truststore file. Default value: "trustpass".

trustStoreFileName

File name for the truststore file. Default value: "cordatruststore.jks".

directory

Directory in which both keystore and trustore files should be created. Default value: "./certificates"