Cryptographic material inside crypto-config folder

Question

I found similar questions here : Hyperledger fabric Crypto materials Hyperledger Fabric cryptographic material confusion

I was not able to find a clear defination for a

Answer 1

Here is the link to my naive approach of building a tree for the sole purpose of an explanation of the MSP structure. Certificates with the same colors are the same but with different names. You can open each certificate using openssl command openssl x509 -in certificate.crt -text -noout.

Google Exel Sheet

So let's start with one organization(Organization and orderer have same structure)

We have can have multiple peers and will have folders that will follow same format.

In Every organization we have 5 folders,

1. ca
2. msp
3. peer
4. tlsca
5. users

---

1. CA Folder has two files, one is the root ca which signs peers and user certificates and other file is its key.

2. MSP folder is the msp folder for the organization which has 3 folders and one config.yaml file. admincerts folder will have a user certificate which will be admin of the organization. cacerts will have the same certificate from the CA folder we just saw in point 1. tlscacert will have TLS root certificate which will be used when tls will be enabled in the docker file.(Explained point 4). Config.yaml is used to enable and disable NodeOUs.

3. Peer folder will have folders for each peer of that organization. Every peer folder will have 2 folders msp and tls. msp folder will have 5 folders and one config.yaml file. admincerts will have a user certificate which will be the admin of this user. cacerts will have the same root certificate from point 1. signcerts will have the peer certificate which will be signed by ca root certificate from point 1. keystore folder will have the key of the certificate present in the signcert folder. tlscacerts will have the root tls ca cert. tls folder inside Peer will have 2 certificates and one key. The ca.crt is the same TLS root ca cert which was present everywhere in tlscacerts folder and will be present in point 4. server.crt will the peer certificate but signed by tls root ca certificate which was named as ca.crt here and tlsca.org1.example.com-cert.pem everywhere. This is used when tls is enabled. .

4. This folder is similar as CA folder from point 1, but it contains the root certificate and its key which will be used when tls will be enabled.

5. It contains all the users like peers. The only difference you put the user certificate you want to create admin into admincerts. You will see the same user certificate in the admincerts folder of the User1@org1.example.com/msp because he is the admin of its own user.