Renew certificates
In order to trigger the renewal of the certificates, either for the orderer or for the peer, we can use the hlf ca renew <node_type>
command.
#
Renewing certificates for the peerYou can monitor the state of the renewal by using:
#
Renewing certificates for the ordererYou can monitor the state of the renewal by using:
#
!!!! IMPORTANT !!!!When renewing the orderer certificates, the channel which the orderer is consenter of must be updated with the new certificates generated by the operator.
This operation is not handled by the operator, since the operator does not know the channels that the orderer is consenter of, neither has the authority to update the channel since the signatures needed can vary depending on the configuration.
#
Renewing certificates for the consenterFor this operation to work, the ordering service must have at least 3 nodes, for the consensus to work, since for 2 nodes or less, the consensus will not be able to reach a quorum.