Installation and usage of the platform
Precise platform configuration: TLS¶
To work with smart contracts, the node uses two connection types, for each of which you can configure TLS: docker-TLS and API connection.
Note
The TLS protocol is not available in the opensource version of the platform.
You can configure TLS for gRPC and REST API for each node using the gRPC and REST API operation parameters in the api section of the node configuration file. To configure TLS, use the TLS parameter in the rest block and in the grpc block.
To work with TLS for API:
enable TLS in the node.api.grpc section of the node configuration file;
obtain TLS artefacts:
obtain keystore file named
we.jks;issue
we.certclient certificate;import the client certificate into the trusted certificates storage.
An example of the preparation of these artifacts is given in the following section:
specify the relative path to the
we.jkskeystore file in thetlssection of the node configuration file.
You will need the keytool utility included in the Java SDK or JRE to configure TLS.
tls section of the node configuration file¶
The tls section contains the following parameters:
tls {
type = EMBEDDED
keystore-path = ${node.directory}"/we_tls.jks"
keystore-password = ${TLS_KEYSTORE_PASSWORD}
private-key-password = ${TLS_PRIVATE_KEY_PASSWORD}
}
type– TLS mode. Possible options:DISABLED– disabled, in this case other options should be excluded or commented out andEMBEDDED– enabled, the certificate is signed by a node provider and packed within a JKS file (keystore); the certificate directory and keystore access parameters should be stated by a user in the fields below.
keystore-path– keystore relative path within the node directory:${node.directory}"/we_tls.jks".keystore-password– password for the node keystore. Specify the password you set earlier with thestorepassflag for the keytool utility.private-key-password– password for the private key. Specify the password you set earlier with thekeypassflag for the keytool utility.