Skip to content

Commit

Permalink
[FAB-9938] Add alert about not using TLS
Browse files Browse the repository at this point in the history 
Added an alert to remind user to enable TLS on the
Fabric CA server.

Change-Id: Iec6d3cb33a830c742c0fdbd0ac84ed0bf59d9331
Signed-off-by: Anil Ambati <[email protected]>
  • Loading branch information
Anil Ambati committed Jun 5, 2018
1 parent 7c3fc1a commit 7aa2298
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions docs/source/users-guide.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -481,6 +481,10 @@ name and password for a bootstrap identity.
To cause the Fabric CA server to listen on ``https`` rather than
``http``, set ``tls.enabled`` to ``true``.

SECURITY WARNING: The Fabric CA server should always be started with TLS
enabled (``tls.enabled`` set to true). Failure to do so leaves the
server vulnerable to an attacker with access to network traffic.

To limit the number of times that the same secret (or password) can be
used for enrollment, set the ``registry.maxenrollments`` in the configuration
file to the appropriate value. If you set the value to 1, the Fabric CA
Expand Down

0 comments on commit 7aa2298

Please sign in to comment.