Use certificates from a non-Fabric CA with your Fabric network #fabric-ca #interoperability #signcerts #x509


sangieri@...
 

Hello Community, 

 

I'm working on a use case where I need to use certificates, which bind resources to identities, that have been already issued by an Authoritative CA with the Fabric Network I'm developing which is dealing with the same resources bound in the certificates. 

 

Reading the docs: https://hyperledger-fabric-ca.readthedocs.io/en/latest/deployguide/ca-deploy-topology.html 

I see that yes it is possible, but I cannot figure out How. 

There are several articles about how "to link" a third party or external CA to a HF CA, but I guess this is not the use case. Actually, instead of linking the Authoritative CA to a HF CA I would like just to use the certificates emitted by the Authoritative CA into my network.

Basically, I want to bind the existing authorization model to my HF network.  

 

So let's imagine a scenario: 

 

user with (certificate, private_key) externally emitted --> Fabric CA --> User credential for the Fabric Network

where the fabric CA can verify, using a trust anchor, the validity of the certificate provided by the user and upon successfull verification, emit the user credential for the fabric network.

 

Has such a solution already been implemented?  

Any advise, different solution or pointer to docs I can read about? 

 

Thanks to All, 

Stefano Angieri 

 

 

 

Join fabric@lists.hyperledger.org to automatically receive all group messages.