Fabric Hardening

Fabric API/WS Hardening

Step 1 - Keys Generation

Run the Web server self-signed script on one of the Fabric nodes. The script’s purpose is to create a key in the key store.

  • Usage: certificates.sh genkey <ALIAS> [CNAME] [PASSWORD]

Step 2 - Copy the key to all Fabric nodes

In case of multiple Fabric nodes, if you want that all the nodes will have the same certificate - copy the ${user.home}/.keystore on each node into the same location.

In case that Fabric is running in Docker container, the user may be different. Then you need to change the file owner by running the following command:

chown root.root ~/.keystore

Step 3 - Configure Fabric

Uncomment the following in the config.ini file:

#WEB_SERVICE_SECURE_PORT=8443

Note that the password of the certification file should be defined here:

#WEB_SERVICE_CERT_PASSPHRASE=

Step 4 - Check access to Fabric Web UI via HTTPS

  • Restart each one of the Fabric nodes.
  • Use the following access points to check that the https access has been properly granted:
    • Admin Panel: https://10.10.10.10:8443/
    • Fabric Web service will be available at: https://10.10.10.10:8443/deploy

Fabric JDBC Driver Hardening

In order to securely access Fabric Data via its JDBC driver, the TLS option is set to true by default in the [jdbc-server] section of the config.ini file:

## Turn on TLS for the Fabric driver protocol
#SECURE=true

To disable hardening, set the SECURE flag to false.

Previous

Fabric Hardening

Fabric API/WS Hardening

Step 1 - Keys Generation

Run the Web server self-signed script on one of the Fabric nodes. The script’s purpose is to create a key in the key store.

  • Usage: certificates.sh genkey <ALIAS> [CNAME] [PASSWORD]

Step 2 - Copy the key to all Fabric nodes

In case of multiple Fabric nodes, if you want that all the nodes will have the same certificate - copy the ${user.home}/.keystore on each node into the same location.

In case that Fabric is running in Docker container, the user may be different. Then you need to change the file owner by running the following command:

chown root.root ~/.keystore

Step 3 - Configure Fabric

Uncomment the following in the config.ini file:

#WEB_SERVICE_SECURE_PORT=8443

Note that the password of the certification file should be defined here:

#WEB_SERVICE_CERT_PASSPHRASE=

Step 4 - Check access to Fabric Web UI via HTTPS

  • Restart each one of the Fabric nodes.
  • Use the following access points to check that the https access has been properly granted:
    • Admin Panel: https://10.10.10.10:8443/
    • Fabric Web service will be available at: https://10.10.10.10:8443/deploy

Fabric JDBC Driver Hardening

In order to securely access Fabric Data via its JDBC driver, the TLS option is set to true by default in the [jdbc-server] section of the config.ini file:

## Turn on TLS for the Fabric driver protocol
#SECURE=true

To disable hardening, set the SECURE flag to false.

Previous