Clarity on certificates #fabric #hyperledger-fabric #fabric-questions


chanjaljayaram@...
 

Could anyone please clarify the below queries that I've around certificates and CAs in Hyperledger Fabric?

1) I see that Fabric doesn't support RSA certificates. Does this mean there shouldn't be an RSA certificate in the entire certificate chain? Can the Root CA be an RSA certificate?
2) If we have a single Certificate Authority issuing certificates to multiple Fabric networks (using NodeOU feature) does this mean that an organization in one of the Fabric networks can get access to other Fabric networks if they both are using the same CA and OU? Does this also mean that the recommendation is to go with separate Certificate Authorities for each Fabric network (which would mean that each organization would have to setup a exclusive and dedicated CA for each of the Fabric network that they are part of) ?

Join fabric@lists.hyperledger.org to automatically receive all group messages.