Hyperledger fabric cryptgen tool not creating the admincerts

Question

I am using the cryptogen tool from the hyper-ledgerfabric firstsample, Its does not create the admin certificate inside the crypto-config/peerorganisation/org1.example.com/msp/admicerts.

./cryptogen generate --output="crypto-config"

my crypto-config file

          OrdererOrgs:
            - Name: Orderer
            OrdererOrgs:
            - Name: Orderer
              Domain: example.com
              Specs:
            - Hostname: orderer
              PeerOrgs:
            - Name: Org1
            Domain: org1.example.com
           EnableNodeOUs: true
           Template:
           Count: 1
           Users:
           Count: 1
          - Name: Org2
          Domain: org2.example.com
          EnableNodeOUs: true
           Template:
            Count: 1
            Users:
           Count: 1
         - Name: Org3
           Domain: org3.example.com
           EnableNodeOUs: true
           Template:
          Count: 1
          Users:
          Count: 1

you can copy singcerts into admincerts directory both certificate are same — mohammed, Sep 26 '19 at 09:29
Why exactly are/were you looking for anything too be in `admincerts`? — Gari Singh, Sep 27 '19 at 11:49

Gari Singh · Accepted Answer · 2019-09-27T09:52:52.730

There is a new feature in 1.4.3 which allows you to specify an OU for admin rather than explicitly putting certificates in the admincerts folder.

In your crypto-config, you set EnableNodeOUs: true and this automatically enables OUs for all supported roles.

You'll see something like

NodeOUs:
  Enable: true
  ClientOUIdentifier:
    Certificate: cacerts/ca.sampleorg-cert.pem
    OrganizationalUnitIdentifier: client
  PeerOUIdentifier:
    Certificate: cacerts/ca.sampleorg-cert.pem
    OrganizationalUnitIdentifier: peer
  AdminOUIdentifier:
    Certificate: cacerts/ca.sampleorg-cert.pem
    OrganizationalUnitIdentifier: admin
  OrdererOUIdentifier:
    Certificate: cacerts/ca.sampleorg-cert.pem
    OrganizationalUnitIdentifier: orderer

in the msp/config.yaml file ( in your case in crypto-config/peerorganisation/org1.example.com/msp/crypto.yaml).

Note the AdminOUIdentifier field. This means that any cert issued by the CA for your org which contains an OU=admin is now considered an admin. The certificate generated for the admin user under your org MSP is also generated with OU=admin (e.g. Subject: C=US, ST=California, L=San Francisco, OU=admin, CN=Admin@sampleorg ).

Thanks @GariSingh for such a detailed explanation of this new configuration. — Trinayan, Sep 27 '19 at 06:34
`The certificate generated for the admin user under your org MSP is also generated with OU=admin` .. where is it generated? is it inside `crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/admincerts` ?? — Pool, Feb 21 '20 at 08:53

score 0 · Answer 2 · answered Sep 26 '19 at 09:16

0

Yes, I also faced this problem.

For a workaround check what is the version of your cryptogen tool. Try with 1.4.0 version of cryptogen, it works well.

answered Sep 26 '19 at 09:16

Trinayan

867
6
15

i am using cryptogen version 1.4.3 – nagaraj Sep 26 '19 at 11:18

Hyperledger fabric cryptgen tool not creating the admincerts

2 Answers2

Linked