|Corda Network Foundation||Document history|
Joining Corda Network
The below gives a high-level guide on the steps required to join Corda Network. However, we have found that many of our users are joining Corda Network as part of a wider group or business network, so far - and the process can be modified where a group is joining together.
Firstly, Corda Network participation requires each node to possess a recognised Certificate Authority (CA) signed certificate (“Participation Certificate”), which is used to derive other digital certificates required (such as legal entity signing certificates and TLS certificates).
Identity certificates must be issued by the Corda Network Identity Service, which guarantees that the identity listed on the certificate is uniquely held by a single party within the network.
A high-level outline of steps to join the Network is listed below. This assumes that Participants wish to operate a node and already have access to at least one CorDapp which they wish to deploy. A more detailed step-by-step guide will soon be available.
Step 1. Obtain Corda software - either the Enterprise version, via a Corda representative, or the open source version available through github under an Apache 2 license. There is further guidance available on Corda Docs for getting set up on Corda.
Step 2. Whitelist the IP address(es) associated with the Corda deployment, prior to raising Certificate Signing Requests (CSRs). Send to email@example.com.
Step 3. For the time being, request the trust root certificate from Identity Service by mailing firstname.lastname@example.org, which will be sent back as a truststore.jks file. In future, the Corda Network trust root will be packaged in the software distribution.
Step 4. Start the node - where applicable, with help from a Corda representative.
Step 5. Configure the node – a node.conf file must be included in the root directory of every Corda node. This includes: specifying an email address in relation to the certificate signing request as well as choosing a distinguished name.
The email address is only retained by the Operator for the purposes of contact in relation to identity checks and any administrative issues.
Step 6. Run the initial registration.
Once the node.conf file is configured, the following should be typed to the command line
- Indirect model: A Business Network Operator (BNO) may request approval for a certificate on behalf of Participants in its Business Network.
Step 8. Identity Service verification checks – upon receipt of a CSR, a number of identity-related checks will be conducted, before issuing a certificate, including email and legal entity checks.
Identity checks do not constitute formal Know Your Customer (KYC) or Enhanced Due Diligence (EDD) checks. Node operators and their users are responsible for carrying out appropriate due diligence on any participant in relation to transactions performed via Corda Network.
Step 9. Once identity checks have been completed, a signed node CA certificate will be released by the Operator to the node. A node in polling mode will automatically download and install the certificate in its local trust store. It will also automatically generate additional identity and TLS certificates from the node CA certificate, which are required for subsequent operation of the node.
At this point, the node will terminate and will need to be restarted. Type “java -jar
Billing details will be gathered, for a participation fee invoice, during this process. This will depend on if they are taking part in the indirect or direct model.