Installation and usage of the platform

Precise platform configuration: TLS

To work with smart contracts, the node uses two connection types, for each of which you can configure TLS: docker-TLS and API connection.

Note

The TLS protocol is not available in the opensource version of the platform.

You can configure TLS for gRPC and REST API for each node using the gRPC and REST API operation parameters in the api section of the node configuration file. To configure TLS, use the TLS parameter in the rest block and in the grpc block.

To work with TLS for API:

  1. enable TLS in the node.api.grpc section of the node configuration file;

  2. obtain TLS artefacts:

  • obtain keystore file named we.jks;

  • issue we.cert client certificate;

  • import the client certificate into the trusted certificates storage.

An example of the preparation of these artifacts is given in the following section:

  1. specify the relative path to the we.jks keystore file in the tls section of the node configuration file.

You will need the keytool utility included in the Java SDK or JRE to configure TLS.

tls section of the node configuration file

The tls section contains the following parameters:

tls {
  type = EMBEDDED
  keystore-path = ${node.directory}"/we_tls.jks"
  keystore-password = ${TLS_KEYSTORE_PASSWORD}
  private-key-password = ${TLS_PRIVATE_KEY_PASSWORD}
}
  • type – TLS mode. Possible options:

    • DISABLED – disabled, in this case other options should be excluded or commented out and

    • EMBEDDED – enabled, the certificate is signed by a node provider and packed within a JKS file (keystore); the certificate directory and keystore access parameters should be stated by a user in the fields below.

  • keystore-path – keystore relative path within the node directory: ${node.directory}"/we_tls.jks".

  • keystore-password – password for the node keystore. Specify the password you set earlier with the storepass flag for the keytool utility.

  • private-key-password – password for the private key. Specify the password you set earlier with the keypass flag for the keytool utility.

See also