Re: Which cert should be copied for TLS( ca-cert.pem or tls-cert.pem) #fabric-ca


Nye Liu <nye@...>
 

From memory (I could be wrong):

If you are using a single instance CA, ca-cert.pem is the root cert for both TLS and non-TLS certs issues by ca-server, including the tls-cert.pem issued to itself, so the clients should only need ca-cert.pem.

tls-cert.pem is the ca-server tls cert for its own endpoint, not a CA cert.

On 11/6/2019 5:43 PM, Jeehoon Lim wrote:

Hi all.

I' m studying the use of fabric CA.

If Fabric CA Server without 'TLS Enabled' option, it generates ca-cert.pem file.
If Fabric CA Server with 'TLS Enabled' option, it generates both ca-cert.pem and tls-cert.pem files.

I thought the tls-cert.pem file should be copied to the fabric clients for use TLS communication with CA Server .

But in the 'Setup TLS Server' section of  operation guide , it says like below :

   you would need to acquire the file located at /tmp/hyperledger/tls/ca/crypto/ca-cert.pem on the machine running the TLS CA server and copy this file over to the host where you will be running the CA client binary.

 
Which cert should be copied for TLS -  ca-cert.pem or tls-cert.pem ?


Regards,
Jeehoon Lim

Join fabric@lists.hyperledger.org to automatically receive all group messages.