Re: Starting Fabric-CA without providing any root certificate #fabric-ca


Gari Singh <garis@...>
 

To be clear, the root certificate is actually not the same although the CN will always be the same unless you actually change it in the config.
You can run `fabric-ca-server init` to generate a default config and then edit the "csr" section of the config.

-----------------------------------------
Gari Singh
Distinguished Engineer, CTO - IBM Blockchain
IBM Middleware
550 King St
Littleton, MA 01460
Cell: 978-846-7499
garis@...
-----------------------------------------

-----fabric@... wrote: -----
To: fabric@...
From: "shrugupt via Lists.Hyperledger.Org"
Sent by: fabric@...
Date: 10/24/2019 02:30AM
Cc: fabric@...
Subject: [EXTERNAL] [Hyperledger Fabric] Starting Fabric-CA without providing any root certificate

Hi All,

I am using Fabric-CA to generate enrollment and TLS certificates. I am using below command to start the Fabric-CA:

fabric-ca-server start -b admin:adminpw --port 7054

I am not providing any root certificate keypair to Fabric-CA.

Fabric-CA is getting started successfully but I am seeing that Root Certificate is always the same. So, if I have started 2 instances of Fabric-CA- 1 for orderer org and 1 for peer org- root certificate is same for both the organizations. This behavior is consistently same.

Is it mandatory to supply a root certificate to Fabric-CA while starting it? Does it not generate a different root certificate on its own? Am I missing any step?

Thanks & Regards,
Shruti Gupta

Join fabric@lists.hyperledger.org to automatically receive all group messages.