gatewaykeyStores = { "tls-crl-signer-key-store" = { type = LOCAL file = "./key-stores/corda-tls-crl-signer-keys.jks" password = "password" } "corda-ssl-identity-manager-keys" = { type = LOCAL file = "./key-stores/corda-ssl-identity-manager-keys.jks" password = "password" } "corda-ssl-network-map-keys" = { type = LOCAL file = "./key-stores/corda-ssl-network-map-keys.jks" password = "password" } "corda-ssl-root-keys" = { type = LOCAL file = "./key-stores/corda-ssl-root-keys.jks" password = "password" } "corda-ssl-signer-keys" = { type = LOCAL file = "./key-stores/corda-ssl-signer-keys.jks" password = "password" } "gateway-ssl-key-store" = { type = LOCAL file = "./key-stores/gateway-ssl-keys.jks" password = "password" } "gateway-private-ssl-key-store" = { type = LOCAL file = "./key-stores/gateway-private-ssl-keys.jks" password = "password" } "corda-ssl-auth-keys" = { type = LOCAL file = "./key-stores/corda-ssl-auth-keys.jks" password = "password" } } certificatesStores = { "network-root-trust-store" = { file = "./trust-stores/network-root-truststore.jks" password = "trustpass" } "corda-ssl-trust-store" = { file = "./trust-stores/corda-ssl-trust-store.jks" password = "trustpass" } } certificates = { "cordatlscrlsigner" = { key = { type = LOCAL includeIn = ["tls-crl-signer-key-store"] algorithm = "ECDSA_SECP256R1_SHA256" password = "password" } isSelfSigned = true keyUsages = [CRL_SIGN] keyPurposes = [SERVER_AUTH, CLIENT_AUTH] validDays = 7300 issuesCertificates = true subject = "CN=Test TLS Signer Certificate, OU=HQ, O=HoldCo LLC, L=New York, C=US" includeIn = ["network-root-trust-store"] crl = { crlDistributionUrl = "http://crl.example.org:11000/certificate-revocation-list/tls" indirectIssuer = true issuer = "CN=Corda TLS Signer Certificate, OU=Corda, O=R3 HoldCo LLC, L=New York, C=US" file = "./crl-files/tls.crl" } }, "cordasslrootca" = { key = { type = LOCAL includeIn = ["corda-ssl-root-keys"] algorithm = "ECDSA_SECP256R1_SHA256" password = "password" } isSelfSigned = true keyUsages = [DIGITAL_SIGNATURE, KEY_CERT_SIGN, CRL_SIGN] keyPurposes = [SERVER_AUTH, CLIENT_AUTH] validDays = 7300 issuesCertificates = true subject = "CN=Test SSL Root CA Certificate, OU=HQ, O=HoldCo LLC, L=New York, C=US" includeIn = ["corda-ssl-trust-store"] crl = { crlDistributionUrl = "http://crl.example.org:11000/certificate-revocation-list/sslroot" file = "./crl-files/sslroot.crl" } }, "cordasslidentitymanager" = { key = { type = LOCAL includeIn = ["corda-ssl-identity-manager-keys"] algorithm = "ECDSA_SECP256R1_SHA256" password = "password" } isSelfSigned = false signedBy = "cordasslrootca" keyUsages = [DIGITAL_SIGNATURE, KEY_CERT_SIGN, CRL_SIGN] keyPurposes = [SERVER_AUTH, CLIENT_AUTH] validDays = 7300 issuesCertificates = false subject = "CN=Test Identity Manager SSL Certificate, OU=HQ, O=HoldCo LLC, L=New York, C=US" includeIn = ["corda-ssl-trust-store"] }, "cordasslnetworkmap" = { key = { type = LOCAL includeIn = ["corda-ssl-network-map-keys"] algorithm = "ECDSA_SECP256R1_SHA256" password = "password" } isSelfSigned = false signedBy = "cordasslrootca" keyUsages = [DIGITAL_SIGNATURE, KEY_CERT_SIGN, CRL_SIGN] keyPurposes = [SERVER_AUTH, CLIENT_AUTH] validDays = 7300 issuesCertificates = false subject = "CN=Test Network Map SSL Certificate, OU=HQ, O=HoldCo LLC, L=New York, C=US" includeIn = ["corda-ssl-trust-store"] }, "cordasslsigner" = { key = { type = LOCAL includeIn = ["corda-ssl-signer-keys"] algorithm = "ECDSA_SECP256R1_SHA256" password = "password" } isSelfSigned = false signedBy = "cordasslrootca" keyUsages = [DIGITAL_SIGNATURE, KEY_CERT_SIGN, CRL_SIGN] keyPurposes = [SERVER_AUTH, CLIENT_AUTH] validDays = 7300 issuesCertificates = false subject = "CN=Test Signer SSL Certificate, OU=HQ, O=HoldCo LLC, L=New York, C=US" includeIn = ["corda-ssl-trust-store"] }, "cordasslauth" = { key = { type = LOCAL includeIn = ["corda-ssl-auth-keys"] algorithm = "ECDSA_SECP256R1_SHA256" password = "password" } isSelfSigned = false signedBy = "cordasslrootca" keyUsages = [DIGITAL_SIGNATURE, KEY_CERT_SIGN, CRL_SIGN] keyPurposes = [SERVER_AUTH, CLIENT_AUTH] validDays = 7300 issuesCertificates = false subject = "CN=Test Auth SSL Certificate, OU=HQ, O=HoldCo LLC, L=New York, C=US" includeIn = ["corda-ssl-trust-store"] }, "gateway" = { key = { type = LOCAL includeIn = ["gateway-ssl-key-store"] algorithm = "ECDSA_SECP256R1_SHA256" password = "password" } isSelfSigned = false signedBy = "cordasslrootca" keyUsages = [DIGITAL_SIGNATURE] keyPurposes = [SERVER_AUTH, CLIENT_AUTH] validDays = 7300 issuesCertificates = false subject = "CN=Test Gateway TLS Signer Certificate, OU=Corda, O=R3 HoldCo LLC, L=New York, C=US" includeIn = ["corda-ssl-trust-store"] }, "gateway-private" = { key = { type = LOCAL includeIn = ["gateway-private-ssl-key-store"] algorithm = "ECDSA_SECP256R1_SHA256" password = "password" } isSelfSigned = false signedBy = "cordasslrootca" keyUsages = [DIGITAL_SIGNATURE] keyPurposes = [SERVER_AUTH, CLIENT_AUTH] validDays = 7300 issuesCertificates = false subject = "CN=Test Gateway Private TLS Signer Certificate, OU=Corda, O=R3 HoldCo LLC, L=New York, C=US" includeIn = ["corda-ssl-trust-store"] } }