3.3.3. Update encrypted communication between nodes

This chapter describes how to update certificates used for inter-node communication.

Note

When you deploy mijin Catapult(v.2) via AWS MarketPlace, the initial data is backed up in the AWS Systems Manager Parameter Store.
Note that the following parameter values are subject to update and will differ between the node and the AWS Systems Manager Parameter Store.
The difference does not affect the operation.
・/Crown name specified at deploy time/shares/new-cert/each node/CA/[*].pem
・/Crown name specified at deploy time/shares/nemesis_addresses_harvesting.json
・/Crown name specified at deploy time/shares/nemesis_addresses_harvesting_voting.json
・/Crown name specified at deploy time/shares/nemesis_addresses_harvesting_vrf.json
creation-day:

October 11, 2022

update date:

October 11, 2022

3.3.3.1. mijin Catapult(v.2) encrypted communication between nodes

mijin Catapult(v.2) communicates between nodes using SSL encryption with TLS1.3 at TCP port/7900, and only recognized nodes are communicated with as correct nodes.
For SSL communication, a self-signed certificate is applied to each node, and the node pre-registers the KeyPair public key of every node’s self-signed certificate.
The KeyPair created from this self-signed certificate is also used as the authorized account that can generate the blockchain.
../../_images/node_enc1.png

3.3.3.2. How to renew a node’s SSL certificate

The procedure for updating SSL certificates used between nodes is as follows

  1. CA and signing node SSL certificate creation (used for communication between nodes)

  2. Retrieve the private key from the KeyPair of the SSL certificate of 1 and issue a transaction to enable block generation for the node on the mijin Catapult(v.2) blockchain

  3. Create a private key and a dat file for finalization tied to the private key of 2, and issue a transaction to tie it to the private key of 2.

  4. Replace the SSL certificate and dat file on the relevant node.

  5. Replace the public key of the target node in the configurations of all nodes with the key of 2.

Warning

As of 2022/10, the procedure for renewing SSL certificates is complex and varies from environment to environment, so please contact mijin Support.
In the future, we plan to provide an easy way to update the data with tools.