Date
1 - 4 of 4
Starting Fabric-CA without providing any root certificate #fabric-ca
|
shrugupt@...
Hi All,
I am using Fabric-CA to generate enrollment and TLS certificates. I am using below command to start the Fabric-CA: fabric-ca-server start -b admin:adminpw --port 7054 I am not providing any root certificate keypair to Fabric-CA. Fabric-CA is getting started successfully but I am seeing that Root Certificate is always the same. So, if I have started 2 instances of Fabric-CA- 1 for orderer org and 1 for peer org- root certificate is same for both the organizations. This behavior is consistently same. Is it mandatory to supply a root certificate to Fabric-CA while starting it? Does it not generate a different root certificate on its own? Am I missing any step? Thanks & Regards, Shruti Gupta |
|
|
|
Jean-Gaël Dominé <jgdomine@...>
Hi,
This is a tricky thing. I had the same issue and it took me a while to figure out the issue. This is definitely not mandatory to provide the root certificate and the private key to the CA because it will generate them if needed. BUT (and that's where your issue lies) the provided fabric-ca image was packaged with already a root certificate and a private key... I suppose you always see that example.com issued everything right? The workaround I found was to delete these two files before starting the CA so that it creates them. I did it like this: rm -Rf /etc/hyperledger/fabric-ca-server
Pretty ugly but at least all my CAs use the CN I was defining :) Hope this helps JG |
|
|
|
Gari Singh <garis@...>
To be clear, the root certificate is actually not the same although the CN will always be the same unless you actually change it in the config.
You can run `fabric-ca-server init` to generate a default config and then edit the "csr" section of the config. ----------------------------------------- Gari Singh Distinguished Engineer, CTO - IBM Blockchain IBM Middleware 550 King St Littleton, MA 01460 Cell: 978-846-7499 garis@... ----------------------------------------- -----fabric@... wrote: ----- To: fabric@... From: "shrugupt via Lists.Hyperledger.Org" Sent by: fabric@... Date: 10/24/2019 02:30AM Cc: fabric@... Subject: [EXTERNAL] [Hyperledger Fabric] Starting Fabric-CA without providing any root certificate Hi All, I am using Fabric-CA to generate enrollment and TLS certificates. I am using below command to start the Fabric-CA: fabric-ca-server start -b admin:adminpw --port 7054 I am not providing any root certificate keypair to Fabric-CA. Fabric-CA is getting started successfully but I am seeing that Root Certificate is always the same. So, if I have started 2 instances of Fabric-CA- 1 for orderer org and 1 for peer org- root certificate is same for both the organizations. This behavior is consistently same. Is it mandatory to supply a root certificate to Fabric-CA while starting it? Does it not generate a different root certificate on its own? Am I missing any step? Thanks & Regards, Shruti Gupta |
|
|
|
shrugupt@...
Sorry for the delayed response!
toggle quoted message
Show quoted text
Thank you Gari and Jean-Gaël. This is really helpful clearing my doubt! On Thu, Oct 24, 2019 at 04:13 AM, Gari Singh wrote:
rtificate is actually not the same although the CN will always be the same unless you actually change it in the config. |
|
|