PKI Specifications
As described in the Certificate Hierarchy Guide, Corda security relies heavily on the use of Public Key Infrastructure (PKI). Whether creating this hierarchy using the PKI Tool or setting up a Corda network on your own, your PKI must comply with existing Corda specifications.
Specifications and instructions are referenced here for the four scenarios below. Follow these guidelines to successfully create a Corda compliant hierarchy for your own use or to pass on to a third party service.
Generating root, subordinate, and network certificates
For instructions on generating certificates, see the PKI Tool documentation.
Setting up a network under an existing root
If you wish to set up a Corda network under an existing root and therefore are not using the PKI Tool, the certificate hierarchy you create should follow the guidelines specified in the Certificate Hierarchy Guide. You may also find it helpful to reference the Corda network policies.
Delegating network signing to a third party
If you wish to delegate network signing to a third party software provider, this can be done partially (with the Certificate Authority only) or fully (with the Certificate Authority and the non-Certificate Authority).
Use a signing plugin to delegate this task to a third party software provider. See the Developing Signing Plugins and the EJBCA Sample Plugin documentation for guidance on creating a plugin that suits your needs.
Using your own Certificate Authority software
To set up a Corda network using your own Certificate Authority software, use a signing plugin. A signing plugin acts as a bridge between CENM services and one or more Signing Services. See the Developing Signing Plugins and the EJBCA Sample Plugin documentation for guidance on creating a plugin that suits your needs.
Was this page helpful?
Thanks for your feedback!
Chat with us
Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.
Propose documentation improvements directly
Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.
We're sorry this page wasn't helpful. Let us know how we can make it better!
Chat with us
Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.
Create an issue
Create a new GitHub issue in this repository - submit technical feedback, draw attention to a potential documentation bug, or share ideas for improvement and general feedback.
Propose documentation improvements directly
Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.