TRUST

You can view and edit your TRUST configuration under the 'TRUST' tab.

TRUST VASP configuration

Configure your VASP

VASP Configuration Settings

The VASP Legal Name field is used to identify the VASP. For example, 'Tangany'.

VASP LEI

The LEI (Legal Entity Identifier) field is a unique identifier for your VASP, you can register for this on the Global Legal Entity Identifier Foundation (GLEIF) website or, for testing purposes, use our LEI Generator. The owner of the VASP or a representative should present you with their LEI; however, the LEI registry is also public.

Note that this needs to match the value that you provided to TRUST during your onboarding.

Default Counterparty Status

When VASPs are fetched from the TRUST network for the first time, they will receive this counterparty status. "Trusted" means you will be able to transact with them without manual vetting. "Blocked" means you will have to approve them on an individual basis after having performed counterparty due diligence.

TLS Server Identity (optional)

The TLS Server Identity is the PEM-encoded identity used by your TRUST PII server for incoming mTLS connections. It must include a certificate chain and exactly one private key, and the certificate must be valid for server authentication. During initial setup you must provide it; on later updates you can leave it empty to keep the existing server identity. See Obtaining Certificates for a basic certificate ordering guide.

mTLS Client Identity (optional)

The mTLS Client Identity is the PEM-encoded identity used for outgoing TRUST connections (for example to the TRUST bulletin board). It must include a certificate chain and exactly one private key, and the certificate must be valid for client authentication. During initial setup you must provide it; on later updates you can leave it empty to keep the existing client identity. If the certificate signals suitable combined client and server authentication, this may be identical to the Server Identity above. See Obtaining Certificates for a basic certificate ordering guide.

Decryption Key (optional)

The PII payloads other VASPs send to you is encrypted with the public key that you submitted to the VASP network. Here, you can update the corresponding decryption private key if necessary. If you don't supply one in the initial configuration, a keypair will be generated for you. The corresponding public key can then be submitted to the TRUST network for onboarding.