Generating network cryptographic material
The first step in the configuration of a network involves the creation of certificates and signing keys for the MSP of each peer and orderer organization, and for TLS-based communication. We also need to create certificates and keys for each peer and orderer node to be able to communicate with each other and with their respective MSPs. The configuration for this must be specified in a crypto-config.yaml file in the network folder in our code repository. This file contains the organization structure (see more details in the channel artifacts configuration section later), the number of peers in each organization, and the default number of users in an organization for whom certificates and keys must be created (note that an admin user is created by default). As an example, see the definition of the Importer’s organization in the file as follows:
PeerOrgs:
- Name: ImporterOrg
Domain: importerorg.trade.com
EnableNodeOUs: true
Template:
Count: 1
Users:
Count: 2
This configuration indicates that the organization labeled ImporterOrg will contain one peer. Two non-admin users will also be created. The organization domain name to be used by the peer is also defined.
To generate cryptographic material for all the organizations, run the cryptogen command as follows:
cryptogen generate --config=./crypto-config.yaml
The output is saved to the crypto-config folder.