toggle quoted messageShow quoted text
From memory (I could be wrong):
If you are using a single instance CA, ca-cert.pem is the
root cert for both TLS and non-TLS certs issues by ca-server,
including the tls-cert.pem issued to itself, so the clients
should only need ca-cert.pem.
tls-cert.pem is the ca-server tls cert for its own endpoint, not
a CA cert.
On 11/6/2019 5:43 PM, Jeehoon Lim
I' m studying the use of fabric CA.
If Fabric CA Server without 'TLS Enabled' option, it generates
If Fabric CA Server with 'TLS Enabled' option, it generates both
ca-cert.pem and tls-cert.pem files.
I thought the tls-cert.pem file should be copied to the fabric
clients for use TLS communication with CA Server .
But in the 'Setup TLS Server' section of operation
guide , it says like below :
need to acquire the file located at
/tmp/hyperledger/tls/ca/crypto/ca-cert.pem on the
machine running the TLS CA server and copy this file over to the
host where you will be running the CA client binary.
Which cert should be copied for TLS - ca-cert.pem or tls-cert.pem