Zone Service Configuration Parameters
The configuration references for the Zone Service are given below:
database: See CENM Database Configuration
enmListener: Information about the way the service communicates with the rest of the CENM deployment.
host: (Optional) The host or IP of the service.
port: The port that the service binds to, and other CENM components it connects to.
reconnect: Determines if a client should attempt to reconnect if the connection is dropped.
Thesslconfiguration is not present in theenmListener, as the Zone Service uses the same TLS configuration for both CENM and admin listening sockets.adminListener: A configuration property you must define in order to use the RPC API in the Zone Service. You can add
port,reconnect, andverbose. Also, this property has an SSL field - for more information, see SSL Settings.host: (Optional) The host or IP of the Admin RPC service.
port: Port number to listen to for Admin RPC connections.
verbose: (Optional) Enables verbose logging for the socket layer. Defaults to
false.reconnect: (Optional) Determines if a client should attempt to reconnect if the connection is dropped. Defaults to
true.ssl: See SSL Settings for details.
authServiceConfig: The admin RPC interface requires an Auth Service to verify requests, which must be configured below in an
authServiceConfigblock. Typically, this is provided automatically by the Zone Service (via an Angel Service). However, the parameters are detailed below for reference:host: The hostname of the Auth Service. Required unless authentication is disabled.
port: The port number of the Auth Service. Required unless authentication is disabled.
trustStore: Trust store configuration for the SSL PKI root of trust.
location: The location in the file system of the keystore containing the Auth Service root of trust.
password: The password for the trust root keystore.
issuer: The "iss" claim in the JWT - you must set the same value as in the Auth Service’s configuration. Required unless authentication is disabled.
leeway: Defines the amount of time, in seconds, allowed when checking JSON Web Token (JWT) issuance and expiration times. Required unless authentication is disabled. R3 recommends a default time of 10 seconds.
Obfuscated configuration files
To view the latest changes to the obfuscated configuration files, see Obfuscation configuration file changes.
Was this page helpful?
Thanks for your feedback!
Chat with us
Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.
Propose documentation improvements directly
Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.
We're sorry this page wasn't helpful. Let us know how we can make it better!
Chat with us
Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.
Create an issue
Create a new GitHub issue in this repository - submit technical feedback, draw attention to a potential documentation bug, or share ideas for improvement and general feedback.
Propose documentation improvements directly
Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.