9a0a9567f3
* Make the network registration process more verbose * removed gradle task for building standalone jar for the certificate signing request utility * Added a flag "--initial-registration" to the corda jar to start the registration
3.2 KiB
Network permissioning
The keystore located in <workspace>/certificates/sslkeystore.jks is required to connect to the Corda network securely. In development mode (when devMode = true, see corda-configuration-file for more information) a pre-configured keystore will be used if the keystore does not exist. This is to ensure developers can get the nodes working as quickly as possible.
However this is not secure for the real network. This documentation will explain the procedure of obtaining a signed certificate for TestNet.
Warning
The TestNet has not been setup yet as of Milestone 8 release. You will not be able to connect to the certificate signing server.
Initial Registration
The certificate signing request will be created based on node information obtained from the node configuration. The following information from the node configuration file is needed to generate the request.
- myLegalName
Your company's legal name. e.g. "Mega Corp LLC". This needs to be unique on the network. If another node has already been permissioned with this name then the permissioning server will automatically reject the request. The request will also be rejected if the name contains a
=or,.Note
In a future version the uniqueness requirement will be relaxed to a X.500 name. This will allow differentiation between entities with the same name.
- nearestCity
e.g. "London"
- emailAddress
e.g. "admin@company.com"
- certificateSigningService
Certificate signing server URL. A certificate signing server will be hosted by R3 in the near future. e.g."https://testnet.certificate.corda.net"
A new pair of private and public keys generated by the Corda node will be used to create the request.
The utility will submit the request to the network permissioning server and poll for a result periodically to retrieve the certificates. Once the request has been approved and the certificates downloaded from the server, the node will create the keystore and trust store using the certificates and the generated private key.
Note
You can exit the utility at any time if the approval process is taking longer than expected. The request process will resume on restart.
This process only is needed when the node connects to the network for the first time, or when the certificate expires.
Starting the Registration
You will need to specify the working directory of your Corda node using --base-dir flag. This is defaulted to current directory if left blank. You can also specify the location of node.conf with --config-file flag if it's not in the working directory.
To start the registration:
java -jar corda.jar --initial-registration --base-dir <<optional>> --config-file <<optional>>A certificates folder containing the keystore and trust store will be created in the base directory when the process is completed.
Warning
The keystore is protected by the keystore password from the node configuration file. The password should kept safe to protect the private key and certificate.
Note
Password encryption in node configuration will be supported in subsequent release.