I am trying to get an intermediate CA and use that to generate all the certs for a particular organization. I am currently using fabric-sample as a base reference.
Currently crypto-config.yaml, creates a root CA for each org and than use that to generate all certs for that org.
How can I change the crypto-config.yaml file, so that
Then I will use docker-compose-e2e-template to start intermediate CA and all peers and orderer.
Is this approach is fine? If not, what is the easiest way to achieve the intermediate CA and use this CA to generate all peers and admin cert?
Thanks for any help!!
cryptogen is really just a tool for creating the crypto material for basic test networks and is really designed to be independent of of Fabric CA (although it's possible to start a Fabric CA using the root cert pair generated for each organization).
If you actually want to set up Fabric CA with root and intermediate CA's, I'd recommend using Fabric CA directly. Of course this means that you'll need to distribute / bootstrap all of your peer and admin certs yourself as well.
I'd recommend reading https://hyperledger-fabric-ca.readthedocs.io/en/release-1.2/users-guide.html#enrolling-an-intermediate-ca which explains how to set up intermediate CAs by pointing them at an already established root CA.
You can then follow https://hyperledger-fabric-ca.readthedocs.io/en/release-1.2/users-guide.html#registering-a-new-identity to enroll your admin identities against the intermediate CA and https://hyperledger-fabric-ca.readthedocs.io/en/release-1.2/users-guide.html#enrolling-a-peer-identity for enrolling your peer identity.
Note that you will need to add the admin public key to the admincerts folder of the MSP for the appropriate peer(s).