DEV Community

Ian bradbury
Ian bradbury

Posted on

What happens when a private blockchain certificate expires?

Here's the scenario. Private blockchain - built on the Hyperledger Fabric technology. At start up you created certificate authorities for each of the network participant organisations and certificates for all of the peers etc.

Sometime later..... these certificates start to expire.

Q : What happens then?

Q : How are the certificates managed and renewed?

Q : How does that affect the blockchain?

Top comments (1)

bizzibody profile image
Ian bradbury

In case you're interested.... I also asked this question over on the Hyperledger chat platform.

Here's a response from @gatakka that I received. The gist...nothing to worry about.

"it is simple, you can create a new certificate using old one. This is supported by FabricCA. But if you create a new certificates the result will be the same. Certificate management is responsibility of the client. You can renew the certificates before they expire. By default the livetime of a cert is 10 years, but you can change this value. This will not affect the blockchain in any way. The old data signed with certificated that, at current point in time are expired, is still there and can be validated, because this certificates sign the data, they do not encrypt the data. Even after 100 years you will be able to verify that this transaction was signed by valid certificate from valid Org

If you are talking about data encryption, in general case this is done using symmetric cryptography, and there is no expiration there.
So in general, nothing bad will happen. The worst thing to happen is that new requests will be rejected if certificate expire, and you just create a new valid one. "