hyperledger-fabric-ca

I have created a hyperledger-composer application with an Angular frontend and multi-user authentication. The admin can create a new participant and issue an identity for this participant. Adding the participant to the network works fine. But the second step - issuing an identity for this new participant results in the following error message: "message": "fabric-ca request register failed with errors [[{\"code\":20,\"message\":\"Authorization failure\"}]]", ... see the following screenshots: and The method causing this error message is the following: createBusinessNetworkCardFile

Note: I am using the Go SDK, but this should apply to Node, Java, etc. SDKs. I am using a fabric-ca instance as my Certificate Authority, and for a realistic production environment I need to use a secure connection. Based on the config-e2e.yaml example configuration file [1], we should be able to use https in the CA url. Example: certificateAuthorities: org1-ca: url: https://localhost:7054 However, once https is required, the SDK requires that the TLS cert/key filepath is added in the client section [1]: tlsCACerts: # Comma-Separated list of paths path: {filepath} # Client key and cert for SSL

I read the docs on Hyperledger Fabric Membership Service Providers (MSPs) and not everything was really clear to me. The link to the part of the docs on MSPs is this: https://hyperledger-fabric.readthedocs.io/en/release-1.2/membership/membership.html Quote from the docs: This is where a Membership Service Provider (MSP) comes into play — it identifies which Root CAs and Intermediate CAs are trusted to define the members of a trust domain, e.g., an organization, either by listing the identities of their members, or by identifying which CAs are authorized to issue valid identities for their

I am wondering if it is strongly discouraged to use fabric-ca without mutual TLS in production. I am planning to operate a fabric network where a lot of peers, applications and users will be added automatically and the cryptogen tool will not be used. Instead a second fabric-ca will be used to issue TLS certificates. Those certificates will be used for client authentication with the MSP fabric-ca and the peers etc. The TLS fabric-ca does not perform client authentication because new users will have enrollmentID+secret but no client certificates. I Illustrated the registration process in this