Re: Updating ca signing certificates and tls root certificate in a network
|
Nikhil Gupta
Did you already change the certificate for your admin to the new CA? You would need to do that after you have updated the channel.
-----fabric@... wrote: ----- To: fabric@... From: aramachandran@... Sent by: fabric@... Date: 04/24/2020 12:30PM Subject: [EXTERNAL] [Hyperledger Fabric] Updating ca signing certificates and tls root certificate in a network Hi All, Our company is working on a project where there are four orgs in a HLF network. one of the requirements for the implementation is to have auto cert rotation implemented in all the peers of an org. My question is how do I update the CA signing certificate for an organization? Below is the translated config block portion for one of the orgs. When I try to update the certificate for root cert field (highlighted field) I am getting the following error : initializing channel config failed: could not create channel Application sub-group config: setting up the MSP manager failed: the supplied identity is not valid: x509: certificate signed by unknown authority Is this the correct approach to update the CA signing cert? Why does this error occur? Is there any other way of updating the same?
Config block : { "channel_group": { "groups": { "Application": { "groups": { "ORG1MSP": { "groups": {}, "mod_policy": "Admins", "policies": { "Admins": { "mod_policy": "Admins", "policy": { "type": 1, "value": { "identities": [ { "principal": { "msp_identifier": "ORG1MSP", "role": "ADMIN" }, "principal_classification": "ROLE" } ], "rule": { "n_out_of": { "n": 1, "rules": [ { "signed_by": 0 } ] } }, "version": 0 } }, "version": "0" }, "Readers": { "mod_policy": "Admins", "policy": { "type": 1, "value": { "identities": [ { "principal": { "msp_identifier": "ORG1MSP", "role": "ADMIN" }, "principal_classification": "ROLE" }, { "principal": { "msp_identifier": "ORG1MSP", "role": "PEER" }, "principal_classification": "ROLE" }, { "principal": {"msp_identifier": "ORG1MSP", "role": "CLIENT" },"principal_classification": "ROLE" } ], "rule": { "n_out_of": { "n": 1, "rules": [ { "signed_by": 0 }, { "signed_by": 1 }, { "signed_by": 2 } ] } }, "version": 0 } }, "version": "0" }, "Writers": { "mod_policy": "Admins", "policy": { "type": 1, "value": { "identities": [ { "principal": { "msp_identifier": "ORG1MSP", "role": "ADMIN" }, "principal_classification": "ROLE" }, { "principal": { "msp_identifier": "ORG1MSP", "role": "CLIENT" }, "principal_classification": "ROLE" } ], "rule": { "n_out_of": { "n": 1, "rules": [ { "signed_by": 0 }, { "signed_by": 1 } ] } }, "version": 0 } }, "version": "0" } }, "values": { "AnchorPeers": { "mod_policy": "Admins", "value": { "anchor_peers": [ { "host": "peer0.ORG1.accums.coalesce.org", "port": 7051 } ] }, "version": "0" }, "MSP": { "mod_policy": "Admins", "value": { "config": { "admins": [ "<admin cert>" ], "crypto_config": { "identity_identifier_hash_function": "SHA256", "signature_hash_family": "SHA2" }, "fabric_node_ous": { "client_ou_identifier": { "certificate": "<cert>", "organizational_unit_identifier": "client" }, "enable": true, "peer_ou_identifier": { "certificate": "<cert>", "organizational_unit_identifier": "peer" } }, "intermediate_certs": [], "name": "ORG1MSP", "organizational_unit_identifiers": [], "revocation_list": [], "root_certs": [ "<Root cert>" ], "signing_identity": null, "tls_intermediate_certs": [], "tls_root_certs": [ "<Tls root Certificate>" ] }, "type": 0 }, "version": "0" } }, "version": "1" } } } }
|
|
|