Fabric Hardening
Fabric API/WS Hardening
Step 1 - Keys Generation
Run the Web server self-signed script on one of the Fabric nodes. The script’s purpose is to create a key in the key store.
- Usage:
certificates.sh genkey <ALIAS> [CNAME] [PASSWORD]
Step 2 - Copy the key to all Fabric nodes
In case of multiple Fabric nodes, if you want that all the nodes will have the same certificate - copy the ${user.home}/.keystore on each node into the same location.
In case that Fabric is running in Docker container, the user may be different. Then you need to change the file owner by running the following command:
chown root.root ~/.keystore
Step 3 - Configure Fabric
Uncomment the following in the config.ini file:
#WEB_SERVICE_SECURE_PORT=8443
Note that the password of the certification file should be defined here:
#WEB_SERVICE_CERT_PASSPHRASE=
Step 4 - Check access to Fabric Web UI via HTTPS
- Restart each one of the Fabric nodes.
- Use the following access points to check that the https access has been properly granted:
- Admin Panel:
https://10.10.10.10:8443/ - Fabric Web service will be available at:
https://10.10.10.10:8443/deploy
- Admin Panel:
Fabric JDBC Driver Hardening
In order to securely access Fabric Data via its JDBC driver, the TLS option is set to true by default in the [jdbc-server] section of the config.ini file:
## Turn on TLS for the Fabric driver protocol
#SECURE=true
To disable hardening, set the SECURE flag to false.
Fabric Hardening
Fabric API/WS Hardening
Step 1 - Keys Generation
Run the Web server self-signed script on one of the Fabric nodes. The script’s purpose is to create a key in the key store.
- Usage:
certificates.sh genkey <ALIAS> [CNAME] [PASSWORD]
Step 2 - Copy the key to all Fabric nodes
In case of multiple Fabric nodes, if you want that all the nodes will have the same certificate - copy the ${user.home}/.keystore on each node into the same location.
In case that Fabric is running in Docker container, the user may be different. Then you need to change the file owner by running the following command:
chown root.root ~/.keystore
Step 3 - Configure Fabric
Uncomment the following in the config.ini file:
#WEB_SERVICE_SECURE_PORT=8443
Note that the password of the certification file should be defined here:
#WEB_SERVICE_CERT_PASSPHRASE=
Step 4 - Check access to Fabric Web UI via HTTPS
- Restart each one of the Fabric nodes.
- Use the following access points to check that the https access has been properly granted:
- Admin Panel:
https://10.10.10.10:8443/ - Fabric Web service will be available at:
https://10.10.10.10:8443/deploy
- Admin Panel:
Fabric JDBC Driver Hardening
In order to securely access Fabric Data via its JDBC driver, the TLS option is set to true by default in the [jdbc-server] section of the config.ini file:
## Turn on TLS for the Fabric driver protocol
#SECURE=true
To disable hardening, set the SECURE flag to false.
