Installation and usage of the platform
Example of how to prepare artefacts for TLS¶
If you plan to use TLS, you must configure the TLS settings as part of the infrastructure setup.
To work with TLS for API you need to get a keystore file. Here is an example of using the standard keytool utility for this purpose:
keytool \ -keystore we.jks -storepass 123456 -keypass 123456 \ -genkey -alias we -keyalg RSA -validity 9999 \ -dname "CN=Waves Enterprise,OU=security,O=WE,C=RU" \ -ext "SAN=DNS:welocal.dev,DNS:localhost,IP:188.8.131.52,IP:127.0.0.1"
keystore– keystore file name;
storepass– keystore password, which should be stated in the
keystore-passwordsection of the node configuration file;
keypass– private key password, which should be stated in the
private-key-passwordsection of the config file;
alias– an alias name (upon a user decision);
keyalg– keypair generation algorithm;
validity– keypair validity time in days;
dname– distinguished name according to the X.500 standard, connected with the keystore alias;
ext– extensions that are used for key generation, all possible host names and IP addresses should be stated for work in different networks.
As a result of the keytool utility execution, the we.jks keystore file will be obtained. In order to connect to the node operating with the TLS, a user should also generate a client certificate:
keytool -export -keystore we.jks -alias we -file we.cert
The obtained certificate file
we.cert should be imported into the trusted certificate storage. If a node is located in the same network with a user, it will be enough to state a relative path to the
we.jks file in the node config file, as demonstrated above.
In case the node is located in another network, the
we.cert certificate file should be imported into the keystore:
keytool -importcert -alias we -file we.cert -keystore we.jks