TLS on AdminAPI

Arne_Gebert · February 2, 2022, 9:41pm

Apologies I made a mistake - the TLS configuration for remote consoles is indeed slightly different than for in-process consoles. Something like the following should work:

participant1 {
      admin-api {
        address = localhost
        port = 5012
        tls {
          trust-collection-file = "./adminapitls/root.cert"
          client-cert = {
              cert-chain-file = "./adminapitls/client.cert"
              private-key-file = "./adminapitls/client.key"
            }
          }
        }
      ledger-api.port = 5011
      ledger-api.address = localhost
    }

I also added a note about this to the end of the TLS configuration section. Your understanding of the client-side/server-side for TLS in Canton is correct.

Best,
Arne

Topic		Replies	Views
Canton High Availability TLS configuration Questions ledger-api , canton	5	371	February 17, 2023
Configuring TLS on Participant Canton Network canton	12	68	February 13, 2025
Questions about the nature of Canton keys with an external GCP KMS + recommended best practice for key provisioning Questions canton , security , kms	2	35	September 25, 2024
Access Token configuration for Canton console Questions canton	2	353	March 18, 2022
DAR file uploaded through canton remote console Questions canton	4	461	July 4, 2022

TLS on AdminAPI

Related topics