Confusion related to env variable ORDERER_TLS_CA

Abhijeet Bhowmik <abhijeet@...>

Hello wonderful people,

I hope all are doing well. As a beginner, I have a confusion that came to me while writing docker-compose files to build my own network. There is an env variable in the orderer section 
- ORDERER_GENERAL_TLS_ROOTCAS=[/etc/hyperledger/tls/orderer/ca.crt]

So while TLSing via Peer, I have been told to use orderer's /tls/ca.crt. That's where my confusion lies. If anyways we are gonna use orderer's tls/ca.crt, what's the purpose of having value of ORDERER_GENERAL_TLS_ROOTCAS as array. What other values could I mention there. And what will be their significance? Ideally while TLSing between Server-client, Server presents it's certificate (with public key) during the request and the client doesn't have it pre hand. So if we go by that scenario, maybe either the orderer should present it's cert during the request or else there must be a way that we can use peer side artifacts to do the TLS. I see no point in copying orderer's tls/ca.crt to every peer manually.

Definitely I could be wrong. I will be more than happy if someone throws some light on this. Looking forward to it.

Thanks and Regards
Abhijeet Bhowmik

Join to automatically receive all group messages.