Re: Update expired orderer org admin certificate and orderer certs #fabric #fabric-questions #fabric-orderer #signcerts


Chris Gabriel
 

Yes, that is it.  You got it!

On May 5, 2021, at 10:50 AM, Mattia Bolzonella <mattia.bolzonella@...> wrote:

Just to be clear about what you told me to replace in my system channel configuration, sorry but I want to be 100% sure about what I'm doing:
My json looks like this:

"channel_group": {
    "groups": {
      "Application": { <- MAIN SECTION APPLICATION
        "groups": {
          "OrderersMSP": {
            "groups": {},
            "mod_policy""Admins",
            "policies": {
              "Admins": {
                "mod_policy""Admins",
               // other sections
              "Readers": {
              },
              "Writers": {
            },
            "values": { 
              "MSP": {
                "mod_policy""Admins",
                "value": {
                  "config": {
                    "admins": [ 
                      "EXPIRED CERT BASE64" <--- TO REPLACERIGHT?
                     ],
                    "crypto_config": {
                      "identity_identifier_hash_function""SHA256",
                      "signature_hash_family""SHA2"
                    },
                    "fabric_node_ous": {
                      "admin_ou_identifier": {
                        "certificate""NOT EXPIRED",
                        "organizational_unit_identifier""admin"
                      },
                      "client_ou_identifier": {
                        "certificate""SAME as admin_ou_identifier",
                        "organizational_unit_identifier""client"
                      },
                      "enable"true,
                      "orderer_ou_identifier": {
                        "certificate""SAME as previous",
                        "organizational_unit_identifier""orderer"
                      },
                      "peer_ou_identifier": {
                        "certificate""same as previuos",
                        "organizational_unit_identifier""peer"
                      }
                    },
                    .... other sections
                 } 
                }
            }
        }
    }, // End of Application section
    "Consortiums": { <- MAIN SECTION CONSORTIUM
        "groups": {
          "SampleConsortium": {
            "groups": {
              "IfinPeerMSP": {
                "groups": {},
                "mod_policy""Admins",
                "policies": {
                }, // other sections
                "values": {
                  "MSP": {
                    "mod_policy""Admins",
                    "value": {
                      "config": {
                        "admins": [
                          "EXPIRED" <- TO REPLACE?
                        ],
                        "crypto_config": {
                          "identity_identifier_hash_function""SHA256",
                          "signature_hash_family""SHA2"
                        },
                        "fabric_node_ous": {
                          "admin_ou_identifier": {
                            "certificate""NOT Expired",
                            "organizational_unit_identifier""admin"
                          },
                          "client_ou_identifier"
                            "certificate": "NOT Expired",
                            "organizational_unit_identifier""client"
                          },
                          "enable"true,
                          "orderer_ou_identifier": {
                            "certificate""NOT Expired",
                            "organizational_unit_identifier""orderer"
                          },
                          "peer_ou_identifier": {
                            "certificate""NOT Expired",
                            "organizational_unit_identifier""peer"
                          }
                        },
                       // others
                      },
                      "type"0
                    },
                  }
                },
               
              }
            },
        },
      
      },
    // ORDERER SECTION WILL BE MODIFIED IN ANOTHER TRANSACTION


Thank you again,

Mattia
 

Join fabric@lists.hyperledger.org to automatically receive all group messages.