Enabling TLS on a Production Network with Fabric CA
I am curious to know the best way to generate the required TLS certificates required for secure communication between network components when not using a tool cryptogen
.
Registering / registering identities using Fabric CA will give you the key pair you need for network transactions, but can these same key pairs be used to provide network connectivity, or should I provide them separately using openssl?
source to share
Technically, you could use a registration key pair for TLS messaging, but this is not recommended as ideally you would not use the same key pair for multiple purposes.
There are several options:
1) You can start a separate instance of the-ca tag and use it to issue TLS certificates
2) You can use the multi-user to create fabric and use one of the roots for the keypair signature and the other for the TLS keypair
3) Use the LetsEncrypt service
4) Use this utility like openssl to do it
source to share