1

I am currently trying to build a production hyperledger-fabric setup. Therefore I am using a CA instead of cryptogen. My structure looks like this:

  • orderer
  • org1
    • peer0.org1
    • peer1.org1
  • org2
    • peer0.org2
    • peer1.org2

and I have 2 CAs (1 for every org). I have registered and enrolled orderer, peer0.org1, peer1.org1 and Org1Admin @CA1 and peer0.org2, peer1.org2 and Org2Admin @CA2. The orderer has ROOT_CERTS of both CAs.

But how can I create the orderer genesis block based of those MSPs? The configtx.yaml asks for an 'MSPDir' when describing the organizations, but I don't have an MSP directory for the organization itself, I only got the MSPs of the identites. Do I have to set up a specific folder structure for this?

somethingsomething
  • 21
  • 4

2 Answers2

2

you should create a msp directory for each of the organizations, including admincerts and cacerts.

if your tls is enable, you need tlscacerts.

if you have Intermediate CA, you need intermediatecerts too.

you can read this document for complete information.

Pouya Shojaei
  • 307
  • 1
  • 10
  • Where do I get the tlscacerts from? I got those for every "profile" by using --enrollment.profile tls, but which certificate shall I take to represent an organization? – somethingsomething Feb 19 '20 at 21:10
  • you should have two kinds of certificate authorities. one for TLS communications and one for each organization. cacerts is the certificate of the organization CA, and tlscacerts is for the certificate of communications CA. if you use only one, just copy it in both folders! – Pouya Shojaei Feb 20 '20 at 07:11
  • Why do I need an extra CA for TLS communication, I thought I have the 2 Org-CAs for TLS communication? – somethingsomething Feb 24 '20 at 18:05
1

You need to manually setup the MSP folder structure for an organization. Typically for any organization without TLS enabled and no Intermediate CA, it should have cacerts folder, admincerts folder. cacerts folder root CA certificates, admin certs hold the admin certificates for that organization.

You need to point MSPDir in configtx.yaml to this organization msp folder.

Bhargav
  • 21
  • 6