I am able to register & enroll peer/orderer identity with fabric-ca. Now I want to generate tls certs and key for that. Does anyone know how to do that?
Any reference/steps would be helpful
Use the -m and --enrollment.profile flags with the fabric-ca-client ( https://hyperledger-fabric-ca.readthedocs.io/en/latest/clientcli.html ).
fabric-ca-client enroll -m $HOSTNAME --enrollment.profile tls ...
$HOSTNAME is host to use (e.g. peer0.org1.example.com, localhost, peer0). If you need to supply multiple SANS, you can use the --csr.hosts option which takes a comma-separated list. Fabric CA has a built-in tls profile which issues X509 certs with the proper extended key usages.