Re: Update expired orderer org admin certificate and orderer certs #fabric-questions #fabric-orderer #signcerts #fabric

Mattia Bolzonella

Hi Ramesh, 
1: In my situation I had all the certs expired, both admin (peer and orderers), TLS and MSP certs.
2: You need to sign with old certs in orderer tu run the update, if I recall correctly the ORDERER_GENERAL_AUTHENTICATION_NOEXPIRATIONCHECKS=true (in the docker compose file of the orderer) should get the job done --tlsHandshakeTimeShift x where x is an amount of time greater than the expired time, in your case should be > 1211h. Try with this and the update should run smoothly.
3: I wasn't sure about the cluster parameter, in any case they are well documented here: official documentation.
I set the parameteres in the docker compose yaml file for every orderer commenting out to disable the paramenter and restart with docker compose up

Join to automatically receive all group messages.