Option 1: Import your existing TLS certificate into the keystore (recommended).
If you already have a TLS certificate, import it to the keystore:
${FABRIC_HOME}/fabric/scripts/certificates.sh addkey webserver ~/.keystore changeit
Option 2: Generate a self-signed certificate
The Generating a Self-Signed Certificate in Fabric article explains how to create and use a self-signed certificate in Fabric using the certificates.sh
helper script, and alternatively, how to use the keytool
utility directly. It also covers advanced options for IP-based access and browser trust configuration.
If you have multiple Fabric nodes and want all nodes to use the same certificate, copy the ${user.home}/.keystore created in the first step to the same path on each node.
If Fabric is running in a Docker container, the user may differ. In that case, change the file owner by running the following command:
chown fabric fabric ~/.keystore
Uncomment the following lines in the fabric section of the config.ini file:
#WEB_SERVICE_SECURE_PORT=8443
#WEB_SERVICE_KEY_ALIAS=webserver
https://10.0.0.0:8443/app/admin
To securely access Fabric data via its JDBC driver, the TLS option is enabled (true) by default in the [jdbc-server] section of the config.ini file:
## Turn on TLS for the Fabric driver protocol
#SECURE=true
To disable hardening, set the SECURE flag to false.
Option 1: Import your existing TLS certificate into the keystore (recommended).
If you already have a TLS certificate, import it to the keystore:
${FABRIC_HOME}/fabric/scripts/certificates.sh addkey webserver ~/.keystore changeit
Option 2: Generate a self-signed certificate
The Generating a Self-Signed Certificate in Fabric article explains how to create and use a self-signed certificate in Fabric using the certificates.sh
helper script, and alternatively, how to use the keytool
utility directly. It also covers advanced options for IP-based access and browser trust configuration.
If you have multiple Fabric nodes and want all nodes to use the same certificate, copy the ${user.home}/.keystore created in the first step to the same path on each node.
If Fabric is running in a Docker container, the user may differ. In that case, change the file owner by running the following command:
chown fabric fabric ~/.keystore
Uncomment the following lines in the fabric section of the config.ini file:
#WEB_SERVICE_SECURE_PORT=8443
#WEB_SERVICE_KEY_ALIAS=webserver
https://10.0.0.0:8443/app/admin
To securely access Fabric data via its JDBC driver, the TLS option is enabled (true) by default in the [jdbc-server] section of the config.ini file:
## Turn on TLS for the Fabric driver protocol
#SECURE=true
To disable hardening, set the SECURE flag to false.