How to change TLS CA certificate? #tls


Yoojin Chang
 

I created v1.2.0 network and upgraded it to v2.2.2 and I didn't change TLS CA certificate which was created by v1.2.0 cryptogen binary.
But error occurs when invoking chaincode using Node.js SDK.

So I have to change TLS CA certificate of network. How can I do it?

I want to change 'Extended Key Usage' of TLS CA certificate from 'Any Extended Key Usage' to 'TLS Web Client Authentication, TLS Web Server Authentication'.

TLS CA certificate of v1.2 is as follows:
-----------------------------------------------------------------------------------------------------------------------------------------

Common Name: tlsca.example.com

Issued By: example.com

Issuing Certificate: tlsca.example.com

Serial Number: 6879C4AED0C8FBCA9EBC18823EC7C411

Signature: ecdsa-with-SHA256

Valid From: 07:44:29 12 Jul 2021

Valid To: 07:44:29 10 Jul 2031

Key Usage: Digital Signature, Key Encipherment, Certificate Sign, CRL Sign

Extended Key Usage: Any Extended Key Usage => This is a problem. openssl included in Node.js 10 doesn't allow it.

Basic Constraints: CA:TRUE

Subject Key Identifier: 00:81:94:71:F6:D5:D7:E6:B2:51:7A:44:63:69:81:92:02:FC:B6:B6:8A:8C:95:81:88:24:25:F7:D8:FE:31:90
-----------------------------------------------------------------------------------------------------------------------------------------