BYFN Root CA Certificates


Where are BYFN root CA (Certificate Authority) certificates are located?



Like all Hyperledger Fabric networks, BYFN is a private and permission based hyperledger network. Access to the network are control PKI (Public Key Infrastructur) technology.

In BYFN, each organization who manages peer nodes acts a root CA (Certificate Authority) to sign and issue X.509 certificates to control its peer nodes and systems/users who wants to interact with it peer nodes.

If your BYFN is obtained from the Hyperledger Fabric Binary Package at, root CA certificates of all organizations are stored in the ./crypto-config sub-directory.

For example, the private key and the public key certificate of the first organization,, are stored in the ./crypto-config/peerOrganizations/ sub-directory.

$ cd ~/hyperledger-binaries/fabric-samples/first-network

$ ls -l crypto-config/peerOrganizations/

-rw------- 1 fyicenter 241 Apr  1 02:00 ab90b589...3d0599d0_sk
-rw-rw-r-- 1 fyicenter 863 Apr  1 02:00

The each root CA signs and issues its first certificate for the default administrator,, and stores it in

$ cd ~/hyperledger-binaries/fabric-samples/first-network

$ more crypto-config/peerOrganizations/\

If you decode this certificate, you will see:

   Common Name (CN):
   Organizational Unit Name (OU): client
   Locality Name (L): San Francisco
   State or Province Name (ST): California
   Country Name (C): US
   Common Name (CN):
   Organization Name (O):
   Locality Name (L): San Francisco
   State or Province Name (ST): California
   Country Name (C): US


BYFN configtx.yaml Configuration File

"cryptogen" Command - Generate Keys and Certificates

Hyperledger Fabric Sample Networks

⇑⇑ Hyperledger Tutorials

2019-04-22, 254👍, 0💬