corda · paulmoloneyr3 · Apr 28, 2025 · Apr 24, 2025 · Apr 24, 2025 · Apr 24, 2025
@@ -45,7 +45,7 @@ Concepts and Overview
 * [The workflow]({{< relref "../../../../../en/platform/corda/1.2/cenm/workflow.md" >}})
 * [Databases]({{< relref "../../../../../en/platform/corda/1.2/cenm/database-set-up.md" >}})
 * [Public Key Infrastructure (PKI)]({{< relref "../../../../../en/platform/corda/1.2/cenm/pki-tool.md" >}})
-* [The node](../../../../../en/platform/corda/1.2/cenm/network-map.html#node-certificate-revocation-checking)
+* [The node]({{< relref "../../../../../en/platform/corda/1.2/cenm/network-map.md#node-certificate-revocation-checking" >}})
 * [Sub Zones]({{< relref "../../../../../en/platform/corda/1.2/cenm/sub-zones.md" >}})
 * [Network Map overview]({{< relref "../../../../../en/platform/corda/1.2/cenm/network-map-overview.md" >}})
 * [Certificate Revocation List]({{< relref "../../../../../en/platform/corda/1.2/cenm/certificate-revocation.md" >}})

@@ -23,7 +23,7 @@ It is used by nodes when they establish a TLS connection between each other and
 In order to add entries to the certificate revocation list there is the certificate revocation process that resembles
 the one from the certificate signing request (CSR).
 
-For context on how the certificate revocation list fits into the wider context, please see [Certificate Hierarchy Guide](pki-guide.md).
+For context on how the certificate revocation list fits into the wider context, please see [Certificate Hierarchy Guide]({{< relref "pki-guide.md" >}}).
 
 Note that, once added the entries cannot be removed from the certificate revocation list.
 
@@ -171,6 +171,6 @@ an up-to-date CRL is distributed in the network before the previous one expires.
 lifecycle of 6 months and are manually signed every 3 months. Such a schedule gives plenty of time for
 any signing issues to be resolved.
 
-See [Signing Services](signing-service.md) for details on building and signing CRLs, and especially the “updatePeriod”
-configuration field which is used to determine the next update deadline. See also [CRL Endpoint Check Tool](crl-endpoint-check-tool.md)
+See [Signing Services]({{< relref "signing-service.md" >}}) for details on building and signing CRLs, and especially the “updatePeriod”
+configuration field which is used to determine the next update deadline. See also [CRL Endpoint Check Tool]({{< relref "crl-endpoint-check-tool.md" >}})
 for more information how to check CRLs’ update deadlines.
@@ -18,7 +18,7 @@ title: Changelog
 # Changelog
 
 Here’s a summary of what’s changed in each Enterprise Network Manager release. For guidance on how to upgrade code from
-the previous release, see [Upgrading Corda Enterprise Network Manager](upgrade-notes.md).
+the previous release, see [Upgrading Corda Enterprise Network Manager]({{< relref "upgrade-notes.md" >}}).
 
 ## CENM 1.2
 

@@ -28,11 +28,11 @@ The host and port on which the service runs
 
 
 * **database**:
-See [CENM Database Configuration](config-database.md)
+See [CENM Database Configuration]({{< relref "config-database.md" >}})
 
 
 * **shell**:
-*(Optional)* See [Shell Configuration Parameters](config-shell.md)
+*(Optional)* See [Shell Configuration Parameters]({{< relref "config-shell.md" >}})
 
 
 * **localSigner**:
@@ -103,7 +103,7 @@ Whether a client should be attempt to reconnect if the connection is dropped.
 
 
 * **ssl**:
-See [SSL Settings](config-ssl.md)
+See [SSL Settings]({{< relref "config-ssl.md" >}})
 
 
 

@@ -28,11 +28,11 @@ The host and port on which the service runs
 
 
 * **database**:
-See [CENM Database Configuration](config-database.md)
+See [CENM Database Configuration]({{< relref "config-database.md" >}})
 
 
 * **shell**:
-*(Optional)*  See [Shell Configuration Parameters](config-shell.md)
+*(Optional)*  See [Shell Configuration Parameters]({{< relref "config-shell.md" >}})
 
 
 * **enmListener**:
@@ -52,7 +52,7 @@ Whether a client should be attempt to reconnect if the connection is dropped.
 
 
 * **ssl**:
-See [SSL Settings](config-ssl.md)
+See [SSL Settings]({{< relref "config-ssl.md" >}})
 
 
 
@@ -79,7 +79,7 @@ To which port it’s enmListener is bound
 
 
 * **ssl**:
-See [SSL Settings](config-ssl.md)
+See [SSL Settings]({{< relref "config-ssl.md" >}})
 
 
 
@@ -97,7 +97,7 @@ To which port it’s enmListener is bound
 
 
 * **ssl**:
-See [SSL Settings](config-ssl.md)
+See [SSL Settings]({{< relref "config-ssl.md" >}})
 
 
 

@@ -37,7 +37,7 @@ not the recommended deployment model outside of a testing setup.{{< /note >}}
 this service should be deployed (for more details on this see the Signing Service documentation), in brief, it is the
 intention that, unlike the Identity Manager, the signer is completely isolated from external communication. It only
 addresses a data source it shares with the Identity Manager. This ensure no hostile entity can penetrate the system
-and force the signing of a certificate. See [Signing Services](signing-service.md)
+and force the signing of a certificate. See [Signing Services]({{< relref "signing-service.md" >}})
 * The signed certificates are recognised by the Identity Manager and returned to the requesting node (Nodes poll the
 Identity Manager periodically to see if their signature request has been fulfilled).
 
@@ -82,7 +82,7 @@ one sub zone
 
 {{< /important >}}
 
-For more information, see [Sub Zones](sub-zones.md)
+For more information, see [Sub Zones]({{< relref "sub-zones.md" >}})
 
 
 ### Operating a Segregated Sub Zone

@@ -378,7 +378,7 @@ database = {
 
 
 {{< note >}}
-The [CENM Database Configuration](config-database.md) doc page contains a complete list of database specific properties.{{< /note >}}
+The [CENM Database Configuration]({{< relref "config-database.md" >}}) doc page contains a complete list of database specific properties.{{< /note >}}
 
 * The restricted CENM service instance database user has no permissions to alter a database schema, so `runMigration` is set to `false`.
 * The CENM distribution does not include any JDBC drivers with the exception of the H2 driver.

@@ -16,7 +16,7 @@ weight: 100
 
 # CENM Identity Manager Helm chart
 
-This Helm chart is to configure, deploy and run CENM [Identity Manager](identity-manager.md) service.
+This Helm chart is to configure, deploy and run CENM [Identity Manager]({{< relref "identity-manager.md" >}}) service.
 
 ## Example usage
 
@@ -62,4 +62,4 @@ helm install idman idman --set shell.password="superDifficultPassword"
 
 {{< /table >}}
 
-For additional information on database connection details refer to the official documentation: [database documentation](config-database.md).
+For additional information on database connection details refer to the official documentation: [database documentation]({{< relref "config-database.md" >}}).
@@ -16,7 +16,7 @@ weight: 300
 
 # CENM Network Map Helm chart
 
-This Helm chart is to configure, deploy and run CENM [Network Map](network-map.md) service.
+This Helm chart is to configure, deploy and run CENM [Network Map]({{< relref "network-map.md" >}}) service.
 
 ## Example usage
 
@@ -62,4 +62,4 @@ helm install nmap nmap --set shell.password="superDifficultPassword"
 
 {{< /table >}}
 
-For additional information on database connection details refer to the official documentation: [database documentation](config-database.md).
+For additional information on database connection details refer to the official documentation: [database documentation]({{< relref "config-database.md" >}}).
@@ -16,15 +16,15 @@ weight: 200
 
 # CENM Signer Helm chart
 
-This Helm chart is to configure, deploy and run CENM [Signing](signing-service.md) service.
+This Helm chart is to configure, deploy and run CENM [Signing]({{< relref "signing-service.md" >}}) service.
 
 As the initial step this chart runs automatically PKI tool which creates and stores certificates necessary for correct Corda Network operation.
 By default the certificates have sample X.500 subject names (e.g. Identity Manager certificate has the subject name “CN=Test Identity Manager Service Certificate, OU=HQ, O=HoldCo LLC, L=New York, C=US”). The subject name can be set by configuration options starting with `pki.certificates.` prefix.
 
 For more information about PKI Tool and Certificate Hierarchy refer to:
 
-* [Certificate Hierarchy Guide](pki-guide.md)
-* [PKI Tool](pki-tool.md)
+* [Certificate Hierarchy Guide]({{< relref "pki-guide.md" >}})
+* [PKI Tool]({{< relref "pki-tool.md" >}})
 
 ## Example usage
 

@@ -64,10 +64,10 @@ Each CENM service has its own dedicated folder with more detailed documentation.
 
 | Helm Chart                                         |
 | -------------------------------------------------- |
-| [Identity Manager](deployment-kubernetes-idman.md) |
-| [Signer](deployment-kubernetes-signer.md)          |
-| [Network Map](deployment-kubernetes-nmap.md)       |
-| [Corda Notary](deployment-kubernetes-notary.md)    |
+| [Identity Manager]({{< relref "deployment-kubernetes-idman.md" >}}) |
+| [Signer]({{< relref "deployment-kubernetes-signer.md" >}})          |
+| [Network Map]({{< relref "deployment-kubernetes-nmap.md" >}})       |
+| [Corda Notary]({{< relref "deployment-kubernetes-notary.md" >}})    |
 
 The charts are currently developed and tested against
 [Azure Kubernetes Service (AKS)](https://azure.microsoft.com/en-gb/services/kubernetes-service/).
@@ -86,7 +86,7 @@ X.500 subject names (e.g. Identity Manager certificate subject is
 “CN=Test Identity Manager Service Certificate, OU=HQ, O=HoldCo LLC, L=New York, C=US”).
 The subject names of the whole PKI Certificate Hierarchy can be configured in
 the Signer Helm chart. For more information about Signer helm chart refer to
-[Signer](deployment-kubernetes-signer.md).
+[Signer]({{< relref "deployment-kubernetes-signer.md" >}}).
 
 There are three ways of bootstrapping a new CENM environment:
 
@@ -417,5 +417,5 @@ DATA/trust-stores/network-root-truststore.jks
 
 Visit CENM official documentation for more information about network parameters:
 
-- [Updating Network Parameters](updating-network-parameters.md)
-- [Network Parameters List](config-network-parameters.md)
+- [Updating Network Parameters]({{< relref "updating-network-parameters.md" >}})
+- [Network Parameters List]({{< relref "config-network-parameters.md" >}})
@@ -102,7 +102,7 @@ environments:
 * Postgres
 * SQL Server
 
-For details of supported versions and configuration, see [CENM Databases](database-set-up.md).
+For details of supported versions and configuration, see [CENM Databases]({{< relref "database-set-up.md" >}}).
 
 
 # Public Key Infrastructure (PKI)
@@ -114,7 +114,7 @@ By design, they only have the ability to talk *to* the other ENM components, the
 In addition, signing a CRR or CSR, and potentially the Network Parameters, *should* require a human to interact with
 the HSM via some manual authentication mechanism.
 
-See [Certificate Hierarchy Guide](pki-guide.md) for a detailed guide to PKI.
+See [Certificate Hierarchy Guide]({{< relref "pki-guide.md" >}}) for a detailed guide to PKI.
 
 
 # The Node

@@ -83,7 +83,7 @@ acting as clients of the network.
 ### SSL Certificate Configuring
 
 All components should be configured to use SSL with the following configuration block. More details can be found in
-[Identity Manager Configuration Parameters](config-identity-manager-parameters.md) and [Network Map Configuration Parameters](config-network-map-parameters.md).
+[Identity Manager Configuration Parameters]({{< relref "config-identity-manager-parameters.md" >}}) and [Network Map Configuration Parameters]({{< relref "config-network-map-parameters.md" >}}).
 
 ```docker
 ssl = {

@@ -81,7 +81,7 @@ The main elements that need to be configured for the Identity Manager are:
 
 
 {{< note >}}
-See [Identity Manager Configuration Parameters](config-identity-manager-parameters.md) for a detailed explanation about each possible parameter.
+See [Identity Manager Configuration Parameters]({{< relref "config-identity-manager-parameters.md" >}}) for a detailed explanation about each possible parameter.
 
 {{< /note >}}
 
@@ -138,7 +138,7 @@ database {
 {{< note >}}
 Due to the way the migrations are defined, if the Identity Manager and Network Map Services are using the same
 DB instance then they *must* use separate DB schemas. For more information regarding the supported databases
-along with the schema see [CENM Databases](database-set-up.md).
+along with the schema see [CENM Databases]({{< relref "database-set-up.md" >}}).
 
 {{< /note >}}
 
@@ -184,7 +184,7 @@ database {
 
 ### Embedded shell (optional)
 
-See [Shell Configuration](shell.html#shell-configuration) for more information on how to configure the shell.
+See [Shell Configuration]({{< relref "shell.md#shell-configuration" >}}) for more information on how to configure the shell.
 
 
 ### Issuance Workflow
@@ -267,12 +267,12 @@ workflows {
 }
 ```
 
-See [Workflow](workflow.md) for more information.
+See [Workflow]({{< relref "workflow.md" >}}) for more information.
 
 
 ###### Jira Project Configuration
 
-See [Jira Set-Up](jira-setup.md) for more information about how to configure a Jira project for CSR approval.
+See [Jira Set-Up]({{< relref "jira-setup.md" >}}) for more information about how to configure a Jira project for CSR approval.
 
 
 #### CSR Signing Mechanism
@@ -290,11 +290,11 @@ approval mechanism above, this can be achieved via one of two mechanisms:
 The local Signing Service is recommended for testing and toy environments. Given a local key store containing the
 relevant signing keys, it provides the functionality to automatically sign all approved CSRs on a configured schedule.
 No human interaction is needed and the credentials for the key stores have to be provided upfront. The service is an
-integrated signer that is a cut-down version of the standalone [Signing Services](signing-service.md) and provides no HSM integration or
+integrated signer that is a cut-down version of the standalone [Signing Services]({{< relref "signing-service.md" >}}) and provides no HSM integration or
 ability to manually verify changes. It is strongly recommended against using this for production environments.
 
 In order for the local signer to function, it needs to be able to access Identity Manager’s certificate and keypair
-which should have been previously generated (see [Certificate Hierarchy Guide](pki-guide.md) for more information). The local signer uses local
+which should have been previously generated (see [Certificate Hierarchy Guide]({{< relref "pki-guide.md" >}}) for more information). The local signer uses local
 key stores which should include the necessary signing keys along with their full certificate chains.
 
 To enable the local signer, the top level `localSigner` configuration block should be added to the config file:
@@ -317,7 +317,7 @@ signing any CSR requests along with the full certificate chain back to the root
 
 ##### External Signing Service
 
-The production grade signing mechanism is the external [Signing Services](signing-service.md). This has all the functionality of the
+The production grade signing mechanism is the external [Signing Services]({{< relref "signing-service.md" >}}). This has all the functionality of the
 integrated local signer as well as HSM integration and the ability for a user to interactively verify and sign incoming
 CSRs. It should be used in all production environments where maximum security and validation checks are required.
 
@@ -357,7 +357,7 @@ This parameter can be omitted if desired, in which case it will default to port
 
 {{< /note >}}
 {{< note >}}
-All inter-service communication can be configured with SSL support. See [Configuring the ENM services to use SSL](enm-with-ssl.md).
+All inter-service communication can be configured with SSL support. See [Configuring the ENM services to use SSL]({{< relref "enm-with-ssl.md" >}}).
 
 {{< /note >}}
 
@@ -479,7 +479,7 @@ workflows {
 }
 ```
 
-See [Workflow](workflow.md) for more information.
+See [Workflow]({{< relref "workflow.md" >}}) for more information.
 
 
 #### CRR Signing Mechanism
@@ -501,7 +501,7 @@ Identity Manager. That is, the same key used for signing approved CSRs will be u
 
 ##### External Signing Service
 
-Also similarly to CSR signing, the production grade signing mechanism for CRRs is the external [Signing Services](signing-service.md).
+Also similarly to CSR signing, the production grade signing mechanism for CRRs is the external [Signing Services]({{< relref "signing-service.md" >}}).
 This has all the functionality of the integrated local signer as well as HSM integration and the ability for a user to
 interactively verify and sign incoming CRRs. It should be used in all production environments where maximum security and
 validation checks are required.
@@ -537,7 +537,7 @@ This parameter can be omitted if desired, in which case it will default to port
 
 {{< /note >}}
 {{< note >}}
-All inter-service communication can be configured with SSL support. See [Configuring the ENM services to use SSL](enm-with-ssl.md).
+All inter-service communication can be configured with SSL support. See [Configuring the ENM services to use SSL]({{< relref "enm-with-ssl.md" >}}).
 
 {{< /note >}}
 
@@ -709,7 +709,7 @@ shell {
 Below is an example of a more production-like configuration of the Identity Manager. It is configured with a Issuance
 and Revocation workflow, using Jira workflows for CSR/CRR approvals, no local signer and also using SSL for secure
 communication between ENM services. In this scenario, all approved requests would be signed using an external signing
-service (see [Signing Services](signing-service.md)).
+service (see [Signing Services]({{< relref "signing-service.md" >}})).
 
 ```docker
 address = "localhost:10000"

@@ -193,8 +193,8 @@ parameters change.
 * **whitelistedContractImplementations**:
 List of whitelisted versions of contract code. For each contract class there is a
 list of hashes of the approved CorDapp jar versions containing that contract. Read
-more about *contract constraints* in the [contract constraints doc](https://docs.corda.net/api-contract-constraints.html). See
-[Contract Whitelist Generation](contract-whitelisting.md) for how to configure this in the network parameters
+more about *contract constraints* in the [contract constraints doc](https://docs.r3.com/api-contract-constraints.html). See
+[Contract Whitelist Generation]({{< relref "contract-whitelisting.md" >}}) for how to configure this in the network parameters
 configuration file.