/
GTR Travel Rule Provider

GTR Travel Rule Provider

The GTR Travel Rule Provider was added to CAS in version 20251001.

This Provider is an open alliance and available to all users.

Configuration Overview

A) Create a GTR profile

The files downloaded here will be needed here (below): Install the GTR API credentials

  1. Navigate to: https://www.globaltravelrule.com/en/account/sign-up

  2. Signup for an account.

  3. Receive your VASP code (used in Step D below).

B) Create a reverse proxy server

A reverse proxy must be configured to receive the incoming communication from GTR.

Specific reverse proxy instructions: https://generalbytes.atlassian.net/wiki/spaces/ESD/pages/4504944641

  • The Reverse Proxy must be functioning before moving forward.

  • The chosen subdomain must be used in the CSR generated in the next step.

C) Create a certificate request file (CSR) and Private Key

These 2 files are created from your Linux CLI or CAS console in the current working directory. Switch to the desired folder in the CLI before executing this command:

openssl req -new -newkey rsa:4096 -nodes -keyout PRIVATE.key -out CSR.csr

  • You’ll be asked for the certificate details. Provide accurate information that aligns with your company. The CSR is required for a PRODUCTION API key (versus TESTING).

image-20260312-150032.png

  • Mistake? Just repeat the process.

  • The 2 files are created in the current folder:

    • PRIVATE.key

    • CSR.csr

IMPORTANT: Common Name

Input any subdomain name!

Example: gtr.yourcasdomain.com

This field identifies the domain for the callback service, so verify the domain is correctly mapped to your callback server.

D) Create the GTR API key

GTR forces you to engage the API in 2 steps. First, you have to implement the “test” environment, THEN after you are approved by GTR, you may implement the “production” environment. Each step is slightly different and both are outlined for clarity.

1. TEST ENVIRONMENT

Login to GTR & navigate to: Travel rule Info → Create API key

  1. Purpose for the API key creation: Test Environment Usage

  2. Download the zip folder named: “Test_env_key_and_certificate”

  3. Extract the compressed files from that folder:

    1. Api key

    2. certificate.pem

    3. client-truststore.pem

    4. privateKey.pem

  4. Navigate to Setting → Public key.

    1. Add Public key for Test Environment Usage.

    2. It will create an folder named: key_pair_XXXX.zip,

      1. which is necessary to extract for Public and Private keys.

  5. Add your CAS host IP address for Test env.

2. PRODUCTION ENVIRONMENT

Login to GTR & navigate to: Travel rule Info → Create API key

  1. Select Purpose for the API key creation: Production Environment Usage

  2. Upload the CSR file you created in Step B (above).

  3. Download the zip file named: “key_and_certificate”

  4. Extract the compressed files from that file:

    1. Api key

    2. certificate.pem

    3. client-truststore.pem

    4. privateKey.pem

  5. Navigate to Setting → Public key.

    1. Add Public key for Test Environment Usage.

    2. It will create an folder named: key_pair_XXXX.zip,

      1. which is necessary to extract for Public and Private keys.

  6. Add your CAS host IP address for Test env.

E) Install the GTR API credentials

The credentials you downloaded in (previous) Step D must now be placed in their required folders. This process will vary depending upon where you downloaded it, the name you gave it, and the OS you’re using. There is no single valid command to illustrate the process, but they must be extracted/decompressed and available in their native formats for this step.

Create a directory named certs in: /etc/nginx and restrict the folder permissions:

sudo mkdir /etc/nginx/certs sudo chmod 0700 /etc/nginx/certs

Move the extracted files: certificate.pem, client-truststore.pem and privateKey.pem to that folder on the CAS host.

Set the correct permissions and protect the files:

sudo chown -R root:root /etc/nginx/certs sudo chmod 0600 /etc/nginx/certs/*
image-20260312-153148.png
Example of /etc/nginx/certs/ folder listing permissions.

Lastly, restart CAS. See: https://generalbytes.atlassian.net/wiki/x/ToC1O

F) Configure the CAS API for Global Travel Rule.

image-20260202-152633.png

  1. Navigate to: CAS → Travel rule → Providers → Add

    1. Global Travel Rule Provider should now be listed as an option.

    2. Using the files from this step (above): Create a GTR profile

      1. Add the Public and Private key from your key_pair_XXXX file,

      2. Client ID and Client Secret from your API key.csv file,

        1. Client ID = Access key,

        2. Client secret = Secret key

    3. VASP DID is the VASP listed in your profile at GTR.

  2. Save it.

G) Test the configuration.

image-20260126-181005.png

Use TEST CONFIGURATION to verify all is set correctly.

H) Configure the Travel Rule Settings in CAS

See: https://generalbytes.atlassian.net/wiki/x/AYCACwE https://generalbytes.atlassian.net/wiki/spaces/ESD/pages/4066672644

Copyright © 2020-2026 General Bytes USA LLC