Using non-Fabric CA as a parent of Fabric CAs
Is it possible to use a general public CA (like DigiCert) or an arbitrary non-Fabric CA as a parent of intermediate fabric-ca-servers ? The official doc seems to assume that you use only Fabric CAs as parents.
The intention behind this question is to mitigate the centralized nature of a single root CA.
Edit: By "non-Fabric CA" I mean any implementation other than Fabric CA that can act as a CA, e.g. OpenSSL.
Yes, you can use a third-party certificate as a root (RCA) to generate an intermediate certificate (ICA). You can configure Fabric CA to use the ICA to issue peer/orderer certificates.
If you want the Fabric CA server to use a CA signing certificate and key file which you provide, you must place your files in the location referenced by ca.certfile and ca.keyfile respectively. Both files must be PEM-encoded and must not be encrypted. More specifically, the contents of the CA certificate file must begin with -----BEGIN CERTIFICATE----- and the contents of the key file must begin with -----BEGIN PRIVATE KEY----- and not -----BEGIN ENCRYPTED PRIVATE KEY----.
Checkout the sample Fabric Config file here. The properties ca.certfile, ca.keyfile and ca.chainfile have to point to the ICA before starting the CA Server.
- Seems to me that in the Hyperledger Fabric test-network, only chaincode that created the asset has access to it
- Hyperledger Fabric 2.3 Error: Failed to connect before the deadline on Endorser- name:
- Failed to connect before the deadline on Endorser
- PKIX path building failed: unable to find valid certification path to requested target on chaincode commit on Hyperledger Fabric production network
- Hyperledger Fabric enroll & register admin not working
- Load-balancing using nginx over orderers in Hyperledger Fabric
- Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running? inside a Dockerfile
- Previous hash and data_hash not matching in hyper ledger fabric
- In Hyperledger fabric when i query qscc 'GetBlockByTxID' i get an error saying" error no such transaction ID in index"
- Getting error "Get http://localhost:9443/metrics: dial tcp 127.0.0.1:9443: connect: connection refused"
- Hyperledger Fabric: ERROR [lib/handler.js] Chat stream with peer - on error: "Error: 14 UNAVAILABLE: EOF\n at createStatusError
- While trying to create wallet and gateway connection profile for hyperledger fabric, Getting WEFT warnings
- Is it posible to use Hyperledger Caliper with Hyperledger Fabric v3.0.0?
- The Name of Hyperledger Fabric Test Network is not detected by an Application given in the fabric samples
- failed constructing descriptor for chaincodes
- Orderer container fails to run Hyperledger Fabric 2.0
- Any openssl command line to verify ECDSA prime256v1 certificate and private key match?
- Hyperledger Java SDK working example
- Docker error while trying to install chaincode to a hyperledger fabric channel
- How to query block and transaction info by using the new recommended Gateway Client API
- I am getting an error while trying to connect with node using geth tool
- Unable to fetch private data from peers (Empty membership) - Hyperledged Fabric 1.4.6
- Same struct in two different packages Golang
- go mod fails to find version v0.0.0-00010101000000-000000000000 of a dependency
- Set admin role for an LDAP user in Hyperledger Fabric CA
- HyperLedger Fabric: getting connection refused - when trying to add an orderer node to a channel via osnChannelJoin
- How to insert the data into hyper-ledger fabric fabric network (block-chain) through REST APIs
- What is `<<` and `&` in yaml mean?
- Hyperledger Explorer showing only 1 node for 7 peers under 1 organization configured in hyperledger fabric. Is it correct?
- Does Hyperledger Fabric Gateway Service send a transaction to an orderer if there were not enough endorsement approvals from other peers collected?