Uploaded image for project: 'Fabric'
  1. Fabric
  2. FAB-18175

Certificate expiration - Permit peer CLI to use expired certificates

    XMLWordPrintable

Details

    • Story
    • Status: Backlog
    • Medium
    • Resolution: Unresolved
    • None
    • None
    • fabric-cli
    • Unset
    • Unset
    • Unset

    Description

      If your admin certificate expires, and you are not using NodeOU support, then you must submit a config update transaction using the old admin certificate to add the new admin certificate to your MSP definition on the channel. 

      There is a setting on the orderer that stops the orderer from rejecting expired admin certificates, but the peer CLI rejects the use of expired admin certificates to submit the transaction. Some of the SDKs, for example the Node.js SDK, do not perform expiry checking and can be used to submit the transaction - however the SDKs cannot be used everywhere, unlike the CLI.

      Can we get a flag/environment variable/etc on the peer CLI so it does not perform the expiry checks when submitting transactions?

      Attachments

        Issue Links

          relates to

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. FAB-18205 Certificate expiration - Permit peer CLI to communicate with orderers with expired TLS certificates

          • High - Serious problem that could block progress.
          • Closed

          Activity

            People

              Unassigned Unassigned
              sstone1 Simon Stone
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated: