Gateway Service

The Gateway Service acts as common entry point for remote management of Corda Nodes as well as networks using CENM - either using the available command-line tools or via the web applications hosted by the Gateway.

Install the Gateway Service

You can install the Gateway Service by installing the Gateway Service .jar file:

java -jar gateway-service.jar -f config.conf

Configure the Gateway Service

When you configure the Gateway Service, you need to:

  1. Specify the endpoint where the Auth Service is exposed - this must match the IP or host name of the machine/VM/container and the port that is configured in the Auth Service config file.

  2. Specify the SSL configuration for connecting to the Auth Service. You can do this using the PKI tool.

  3. Your authentication credentials, as specified in your Auth Service configuration.

  4. Your Zone Service address.

You can create a configuration file as shown in the sample, and then add this to your CENM services using the command line commands below.

# Configuration dependent on the Auth service install
auth {
    # This is the endpoint where the auth service is exposed, should be the IP or host name of
    # the machine/VM/container and the port that was configured in the auth service conf file
    serverUrl = "https://auth-service:8081/"
    # SSL config for connecting to the auth service
    # Should be the same trust store that is used when configuring the auth service
    # Generally generated by the PKI Tool
    sslConfig = {
        trustStore = "/usr/gateway/certificates/corda-ssl-trust-store.jks"
        trustStorePassword = "trustpass"
    # Client credentials that were configured in the auth service conf file like so:
    # clientConfig = {
    #   clients = [
    #       {
    #           clientId = "gateway1"
    #           clientSecret = "secret1"
    #           scopes = [
    #               "accounts:admin"
    #           ]
    #           audience = [
    #               "zone",
    #               "network-map",
    #               "identity-manager"
    #           ]
    #       }
    #   ]
    clientCredentials = {
        clientId = "gateway1"
        clientSecret = "secret1"

# application-specific configuration should go here

# port to bind to (defaults to 8080)
server {
    port = 8080

Manage Gateway Service configuration

Name of the distribution: gateway-service.jar

Command line arguments:

  • -v, --verbose - If set, prints logging to the console as well as to a file.
  • --logging-level= - Enable logging at this level and higher. Defaults to INFO. Possible values: OFF, INFO, WARN, TRACE, DEBUG, ERROR, ALL
  • -f, --config-file= --config-obfuscation-passphrase[=] - The passphrase used in the key derivation function when generating an AES key
  • --config-obfuscation-seed[=] - The seed used in the key derivation function to create a salt
  • -h, --help
  • -V, --version

Installing applications onto the Gateway Service