Using non-Fabric CA as a parent of Fabric CAs
Is it possible to use a general public CA (like DigiCert) or an arbitrary non-Fabric CA as a parent of intermediate fabric-ca-servers ? The official doc seems to assume that you use only Fabric CAs as parents.
The intention behind this question is to mitigate the centralized nature of a single root CA.
Edit: By "non-Fabric CA" I mean any implementation other than Fabric CA that can act as a CA, e.g. OpenSSL.
Yes, you can use a third-party certificate as a root (RCA) to generate an intermediate certificate (ICA). You can configure Fabric CA to use the ICA to issue peer/orderer certificates.
If you want the Fabric CA server to use a CA signing certificate and key file which you provide, you must place your files in the location referenced by ca.certfile and ca.keyfile respectively. Both files must be PEM-encoded and must not be encrypted. More specifically, the contents of the CA certificate file must begin with -----BEGIN CERTIFICATE----- and the contents of the key file must begin with -----BEGIN PRIVATE KEY----- and not -----BEGIN ENCRYPTED PRIVATE KEY----.
Checkout the sample Fabric Config file here. The properties ca.certfile, ca.keyfile and ca.chainfile have to point to the ICA before starting the CA Server.
- go mod fails to find version v0.0.0-00010101000000-000000000000 of a dependency
- Set admin role for an LDAP user in Hyperledger Fabric CA
- HyperLedger Fabric: getting connection refused - when trying to add an orderer node to a channel via osnChannelJoin
- How to insert the data into hyper-ledger fabric fabric network (block-chain) through REST APIs
- What is `<<` and `&` in yaml mean?
- Hyperledger Explorer showing only 1 node for 7 peers under 1 organization configured in hyperledger fabric. Is it correct?
- Does Hyperledger Fabric Gateway Service send a transaction to an orderer if there were not enough endorsement approvals from other peers collected?
- Hyperledger Fabric Error on Creating channel
- Error: error validating DeltaSet: policy for [Group] /Channel/Application not satisfied: implicit
- Hyperledger Fabric development Jira references inaccessible
- Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running? inside a Dockerfile
- Hyperledger-Fabric network.sh not working
- Error when trying to bring up the test network
- Can a blockchain be Centralised? Will it be called as Blockchain if it is centralised?
- Error deploying chaincode in Hyperledger Firefly Fabric
- Not able to set multiple events in chaincode per transaction, getting only last event
- hyperledger fabric - How to remove a chaincode on peer?
- Error: endorsement failure during invoke. response: status:500 message:"error in simulation:
- Issuing an Identity for a Participant not working on RestAPI, but it does in Command Line
- fabric chaincode invocation arguments usage
- hyperledger caliper with multi-host deployment using docker-swarm
- Hyperledger fabric add index to java chaincode
- Validity dates for certificates issue with Fabric CA
- can HLF be set up via windows binaries exclusively?
- Peers trying to submit transactions to orderers from a other ORGs
- Hyperledger Fabric: Unable to Update Certificate Attributes in Node SDK
- Is working with an offline private key still possible using @hyperledger/fabric-gateway
- Failed to connect before the deadline on Endorser
- hyperledger fabric - "go": executable file not found in $PATH
- How to browse logs of a Hyperledger Fabric 2.2.2 Java chaincode deployed in Kubernetes using DinD (tcp)