BYFN Root CA Certificates

Q

Where are BYFN root CA (Certificate Authority) certificates are located?

✍: FYIcenter.com

A

Like all Hyperledger Fabric networks, BYFN is a private and permission based hyperledger network. Access to the network are control PKI (Public Key Infrastructur) technology.

In BYFN, each organization who manages peer nodes acts a root CA (Certificate Authority) to sign and issue X.509 certificates to control its peer nodes and systems/users who wants to interact with it peer nodes.

If your BYFN is obtained from the Hyperledger Fabric Binary Package at http://bit.ly/2ysbOFE, root CA certificates of all organizations are stored in the ./crypto-config sub-directory.

For example, the private key and the public key certificate of the first organization, org1.example.com, are stored in the ./crypto-config/peerOrganizations/org1.example.com/ca sub-directory.

$ cd ~/hyperledger-binaries/fabric-samples/first-network

$ ls -l crypto-config/peerOrganizations/org1.example.com/ca

-rw------- 1 fyicenter 241 Apr  1 02:00 ab90b589...3d0599d0_sk
-rw-rw-r-- 1 fyicenter 863 Apr  1 02:00 ca.org1.example.com-cert.pem

The each root CA signs and issues its first certificate for the default administrator, Admin@org1.example.com, and stores it in

$ cd ~/hyperledger-binaries/fabric-samples/first-network

$ more crypto-config/peerOrganizations/org1.example.com\
   /peers/peer0.org1.example.com/msp/admincerts/Admin@org1.example.com-cert.pem
 
-----BEGIN CERTIFICATE-----
MIICKjCCAdCgAwIBAgIQJaIMpniwRgmBvyIdgOgrsTAKBggqhkjOPQQDAjBzMQsw
....
bOtHwX2tLdc0msnvEKqFvSHNLQJM6jzav3BCJvG2
-----END CERTIFICATE-----

If you decode this certificate, you will see:

Subject: 
   Common Name (CN): Admin@org1.example.com
   Organizational Unit Name (OU): client
   Locality Name (L): San Francisco
   State or Province Name (ST): California
   Country Name (C): US
Issuer: 
   Common Name (CN): ca.org1.example.com
   Organization Name (O): org1.example.com
   Locality Name (L): San Francisco
   State or Province Name (ST): California
   Country Name (C): US

 

BYFN configtx.yaml Configuration File

"cryptogen" Command - Generate Keys and Certificates

Hyperledger Fabric Sample Networks

⇑⇑ Hyperledger Tutorials

2019-04-22, 309👍, 0💬