fabric@lists.hyperledger.org | Confusions in Fabric-CA operational guide

Home Messages Hashtags Subgroups

Date Date 1 - 2 of 2

Confusions in Fabric-CA operational guide

Abhijeet Bhowmik <abhijeet@...> #8685 Hello, Studying Fabric-CA operational guide, there are two certificates mainly present in the ca's crypto folder, ca-cert.pem and tls-cert.pem. There is no mention of what tls-cert.pem is supposed to be. While running fabric-ca-client register commands targeting TLS CA server , we used TLS CA's ca-cert.pem and while registering peer and admin to Org's CA server, Org CA's ca-cert.pem is used. I have developed a notion that we tell fabric-ca-client to trust only a CA server whose signature while TLSing matches the criteria as per ca-cert.pem. Am I right in thinking this? And also what certificate should I use as trustedRoots while making a connection with FabricCA via Fabric CA client SDK. Please excuse if my questions are naive. I am still a novice. Thanks a lot Abhijeet Bhowmik
More All Messages By This Member
Joe Alewine <joe.alewine@...> #8686 Hey, Abhijeet. A peer registers and enrolls with both an "enrollment" CA and with a TLS CA. This is because a peer has to both sign its communications (using a cert from an enrollment CA) and secure the communications it makes through a TLS handshake (using certificates from a TLS CA). An analogy might help here. In the Middle Ages in Europe, it was common for a king of some country or another to send communications that were sealed with his (or hers) private seal and also have this communication carried by a trusted courier. The seal in case would be the method the regent used to literally stamp their communications and is therefore analogous to the public/private key pair issued by an enrollment CA. While the message itself being delivered by a trusted courier would be analogous to the TLS certificate. In other words, both the message itself and the way the message is delivered are secured. For more information, I suggest reading the Fabric CA deployment guide: https://hyperledger-fabric-ca.readthedocs.io/en/master/deployguide/ca-deploy.html Regards, Joe Alewine IBM Blockchain, Raleigh rocket chat: joe-alewine slack: joe.alewine toggle quoted messageShow quoted text ----- Original message ----- From: "Abhijeet Bhowmik" <abhijeet@...> Sent by: fabric@... To: fabric@... Cc: Subject: [EXTERNAL] [Hyperledger Fabric] Confusions in Fabric-CA operational guide Date: Thu, Jul 16, 2020 11:35 PM Hello, Studying Fabric-CA operational guide, there are two certificates mainly present in the ca's crypto folder, ca-cert.pem and tls-cert.pem. There is no mention of what tls-cert.pem is supposed to be. While running fabric-ca-client register commands targeting TLS CA server , we used TLS CA's ca-cert.pem and while registering peer and admin to Org's CA server, Org CA's ca-cert.pem is used. I have developed a notion that we tell fabric-ca-client to trust only a CA server whose signature while TLSing matches the criteria as per ca-cert.pem. Am I right in thinking this? And also what certificate should I use as trustedRoots while making a connection with FabricCA via Fabric CA client SDK. Please excuse if my questions are naive. I am still a novice. Thanks a lot Abhijeet Bhowmik
More All Messages By This Member

1 - 2 of 2

1

Previous Topic Next Topic

Home Hashtags Subgroups Terms