Re: Confusions in Fabric-CA operational guide
|
Joe Alewine <joe.alewine@...>
Hey, Abhijeet.
A peer registers and enrolls with both an "enrollment" CA and with a TLS CA. This is because a peer has to both sign its communications (using a cert from an enrollment CA) and secure the communications it makes through a TLS handshake (using certificates from a TLS CA).
An analogy might help here. In the Middle Ages in Europe, it was common for a king of some country or another to send communications that were sealed with his (or hers) private seal and also have this communication carried by a trusted courier. The seal in case would be the method the regent used to literally stamp their communications and is therefore analogous to the public/private key pair issued by an enrollment CA. While the message itself being delivered by a trusted courier would be analogous to the TLS certificate.
In other words, both the message itself and the way the message is delivered are secured.
For more information, I suggest reading the Fabric CA deployment guide: https://hyperledger-fabric-ca.readthedocs.io/en/master/deployguide/ca-deploy.html
Regards,
Joe Alewine
IBM Blockchain, Raleigh
rocket chat: joe-alewine
slack: joe.alewine
----- Original message ----- |
|
|