Two Typical Setups of Fabric CA Server: using a Self-Generated Root CA or a given Intermediate CA

Introduction

Fabric CA Server provides flexibility when bringing up a Certificate Authority (CA). If we are doing testing or just a small setup, we may let the Fabric CA Server generate CA material by itself. In real life we are more likely given an Intermediate CA (ICA) from an existing enterprise CA (which is the Root CA and source of trust). In this case, we are using the given ICA issuing certificate for entities of our organization in the fabric network.