Re: Alternative of cryptogen for Prod


Jean-Gaël Dominé <jgdomine@...>
 

Hi,

cryptogen uses self-signed root certificates to generate all the other certificates and keys.
IMHO one of the purposes of a blockchain is to bring trust between entities that do not necessarily "trust" each other. As the certificates and keys are used by Fabric to ensure that every component participating in the network is who it pretends to be and is also authorized to perform its actions, I don't see how it can work with self-signed certificates.
That is why the CA (or a replacement) is here for because you should use root certificates that can be verified by a certification authority.

To me, cryptogen should never be used beyond development environments.

I'm no expert in this matter but that is my understanding of Fabric on this aspect

Hope this helps

JG

Join fabric@lists.hyperledger.org to automatically receive all group messages.