Uploaded image for project: 'Fabric'
  1. Fabric
  2. FAB-17472

Node OU configuration can only specify a single CA cert

    XMLWordPrintable

Details

    • Documentation
    • Status: Closed
    • Medium
    • Resolution: Done
    • None
    • v2.1.0, v1.4.5
    • fabric-crypto
    • None

    Description

      Copied from:

      https://jira.hyperledger.org/browse/FAB-17059?focusedCommentId=65793&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-65793

      Given that the MSP configuration contains a single fabric_node_ous field, adding a CA to an existing MSP might create problems. Indeed, if any of the OU identifiers (client, peer, admin or orderer) sets the certificate field, the client, peer, admin or orderer certificate issued by one of the two CAs will be invalid after the config update. We might want to extend the certificate field to become a slice.

      The certificate field in question can be found here:
      https://github.com/hyperledger/fabric/blob/release-1.4/sampleconfig/msp/config.yaml#L14

      Alternatively, we can clarify the documentation and recommend to only set a Certificate in the NodeOU configuration if you really want a specific certificate to issue NodeOU classifications.

      Attachments

        Issue Links

          Activity

            People

              denyeart David Enyeart
              denyeart David Enyeart
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: