I have one simple question and I will be very grateful if someone could help me. So when I run fabric-ca server, what sh -c 'fabric-ca-server init -b admin:adminpw' does is that it creates self signed certificate, and this will be root certificate for fabric-ca, under this certificate admin:adminpw user will be creted. so here is my question: why the hell I need ca-cert.pem and ca-key.pem files inside etc/hyperledger/fabric-ca-server folder? when do I use it?
The init command will create a self-signed certificate for the CA, but it has no association to admin:adminpw. That part of the command only registers a bootstrap identity with name of 'admin' and a password of 'adminpw'.
The ca-key.pem file is the secret key and will be used to sign certificates when identities enroll with the CA. The ca-cert.pem is the public component and is used in the verification of certificates, it comes into play when you define your channel and local peer MSPs.