Explanation needed regarding External Participant Config

[MarkusPfundstein]

Hi everyone,

I am trying to configure Keyrock to act as an AR. However I have some trouble getting the config right. The docs are not really helpful.

Assume the config.pr:

config.pr = {
    url: "https://mw.i4trustsat.ishareworks.nl",
    id: "EU.EORI.NLi4TRUSTSAT",
    parties_endpoint: undefined,
    token_endpoint: undefined,
    client_id: "EU.EORI.NL03000023",
    client_key: undefined,
    client_crt: undefined
}

My questions:

• What precisely is an external participant? Is it an iShare Satelite instance?
• Where does url have to point to? To the iShare satelite base URL? (I assume because of the two endpoints)
• If no, what does id need to be?
• How must client_key look like?
• How must client_crt look like?
• Is it the same cert as the one from the EORI indicated by client_id and retrieved from iShare satelite?

Thanks
Markus

[MarkusPfundstein]

So far I figured out that client_key and client_crt must look as follows:

client_key: "-----BEGIN PRIVATE KEY-----\n<YOUR PRIVATE KEY\n-----END PRIVATE KEY-----",
client_crt: "-----BEGIN CERTIFICATE-----\n<YOUR CERT\n-----END CERTIFICATE-----"

I assume its from the Entitled Party. Could that be?