I'm trying to deploy a Hyperledger Fabric network using certificates generated by a Certificate Authority (CA) with an intermediate certificate. When starting a Peer node with the MSP configuration file (config.yaml) containing:
PeerOUIdentifier:
Certificate: cacerts/ca-cert.pem
OrganizationUnitIdentifier: Peer
The peer node fails to start due to server certificate validation errors.
However, when I use the intermediate certificate configuration instead:
PeerOUIdentifier:
Certificate: intermediatecerts/intermediate-cert.pem
OrganizationalUnitIdentifier: Peer
The peer node starts successfully.
Question: Why does the peer node fail when using the root CA certificate but work correctly with the intermediate certificate in the MSP configuration? Is this expected behavior or a configuration issue?
Additional context that might be helpful:
- Hyperledger Fabric version: 3.1.1
- CA type: external CA
- Certificate chain structure: CA -> Intermediate -> Peer
- Error message from the peer logs:
panic: Failed putting our own identity into the identity mapper: failed classifying identity: Unable to extract msp.Identity from peer Identity: could not validate identity's OUs: certifiersIdentifier does not match:
I'm trying to deploy a Hyperledger Fabric network using certificates generated by a Certificate Authority (CA) with an intermediate certificate. When starting a Peer node with the MSP configuration file (
config.yaml) containing:The peer node fails to start due to server certificate validation errors.
However, when I use the intermediate certificate configuration instead:
The peer node starts successfully.
Question: Why does the peer node fail when using the root CA certificate but work correctly with the intermediate certificate in the MSP configuration? Is this expected behavior or a configuration issue?
Additional context that might be helpful: