Installation and usage of the platform
Precise platform configuration: TLS¶
To work with smart contracts, the node uses two connection types, for each of which you can configure TLS: docker-TLS and API connection.
Note
The TLS protocol is not available in the opensource version of the platform.
You can configure TLS for gRPC and REST API for each node using the gRPC and REST API operation parameters in the api
section of the node configuration file. To configure TLS, use the TLS
parameter in the rest block and in the grpc block.
To work with TLS for API:
enable TLS in the node.api.grpc section of the node configuration file;
obtain TLS artefacts:
obtain keystore file named
we.jks
;issue
we.cert
client certificate;import the client certificate into the trusted certificates storage.
An example of the preparation of these artifacts is given in the following section:
specify the relative path to the
we.jks
keystore file in thetls
section of the node configuration file.
You will need the keytool utility included in the Java SDK or JRE to configure TLS.
tls
section of the node configuration file¶
The tls
section contains the following parameters:
tls {
type = EMBEDDED
keystore-path = ${node.directory}"/we_tls.jks"
keystore-password = ${TLS_KEYSTORE_PASSWORD}
private-key-password = ${TLS_PRIVATE_KEY_PASSWORD}
}
type
– TLS mode. Possible options:DISABLED
– disabled, in this case other options should be excluded or commented out andEMBEDDED
– enabled, the certificate is signed by a node provider and packed within a JKS file (keystore); the certificate directory and keystore access parameters should be stated by a user in the fields below.
keystore-path
– keystore relative path within the node directory:${node.directory}"/we_tls.jks"
.keystore-password
– password for the node keystore. Specify the password you set earlier with thestorepass
flag for the keytool utility.private-key-password
– password for the private key. Specify the password you set earlier with thekeypass
flag for the keytool utility.