Understanding Various Certificates in Hyperledger fabric

Question

Hello I am tryin to use hyperledger fabric for a block chain implementation. I did the first-network demo and found lot of certificates in it. I have tried arranging them hierar

Answer 1

Just in case you still have doubts, your post is a bit old and you may have already answered your inquiries.

1. Why are all these different categories of certs required. Like different msp tls are they generated once and copied at different locations?

R/ I think the part on why all these certs are required, @kots got it pretty much covered. To the second part of your question, the reason there are so many crypto objects copied is that in a production environment you are supposed to have every container separated. So the folder you mount them should contain all the objects required for communication and authorization. There should not be a central folder containing just a copy of the files.

2. How these different certificates will be used in different scenarios (like enrollment and communication.)

R/ They pass through a bunch of security mechanisms such as channels, MSPs, etc, through the gossip protocols and they need to authenticate each request. More details on the link copied by @kots.

3. If we dont use cryptogen then can some third party generate all these certificates.

R/ You can use cryptogen (without Fabric-ca), Fabric-CA (with your own external root cert, one generated by cryptogen, or one generated by fabric-ca), or you can bring your own CA but it's a bit harder and you need to match it with your ChainCode authorization strategy.

4. How can fabric-ca or any other third party CA help here.

R/ Using Fabric-CA gives you a nearly production ready environment. They handle most of the crypto gen tasks, as well handling CRL and Enrollment. As explained in response #3 you may have plenty of mixes depending on your requirements.

Best regards.