diff --git a/common/configtx/tool/configtxgen/main.go b/common/configtx/tool/configtxgen/main.go
index 3fffcc6811d..998e5568745 100644
--- a/common/configtx/tool/configtxgen/main.go
+++ b/common/configtx/tool/configtxgen/main.go
@@ -20,6 +20,7 @@ import (
 	"flag"
 	"io/ioutil"
 
+	"github.com/hyperledger/fabric/bccsp/factory"
 	"github.com/hyperledger/fabric/common/configtx"
 	genesisconfig "github.com/hyperledger/fabric/common/configtx/tool/localconfig"
 	"github.com/hyperledger/fabric/common/configtx/tool/provisional"
@@ -43,6 +44,7 @@ func main() {
 	logging.SetLevel(logging.INFO, "")
 
 	logger.Info("Loading configuration")
+	factory.InitFactories(nil)
 	config := genesisconfig.Load(profile)
 	pgen := provisional.New(config)
 
diff --git a/common/configtx/tool/provisional/provisional.go b/common/configtx/tool/provisional/provisional.go
index 23238da0c6a..c825ead0ea6 100644
--- a/common/configtx/tool/provisional/provisional.go
+++ b/common/configtx/tool/provisional/provisional.go
@@ -118,7 +118,7 @@ func New(conf *genesisconfig.Profile) Generator {
 		}
 
 		for _, org := range conf.Orderer.Organizations {
-			mspConfig, err := msp.GetLocalMspConfig(org.MSPDir, org.BCCSP, org.ID)
+			mspConfig, err := msp.GetVerifyingMspConfig(org.MSPDir, org.BCCSP, org.ID)
 			if err != nil {
 				logger.Panicf("Error loading MSP configuration for org %s: %s", org.Name, err)
 			}
@@ -148,7 +148,7 @@ func New(conf *genesisconfig.Profile) Generator {
 			policies.TemplateImplicitMetaMajorityPolicy([]string{configtxapplication.GroupKey}, configvaluesmsp.AdminsPolicyKey),
 		}
 		for _, org := range conf.Application.Organizations {
-			mspConfig, err := msp.GetLocalMspConfig(org.MSPDir, org.BCCSP, org.ID)
+			mspConfig, err := msp.GetVerifyingMspConfig(org.MSPDir, org.BCCSP, org.ID)
 			if err != nil {
 				logger.Panicf("Error loading MSP configuration for org %s: %s", org.Name, err)
 			}
diff --git a/msp/configbuilder.go b/msp/configbuilder.go
index e813fb936f4..38811896451 100644
--- a/msp/configbuilder.go
+++ b/msp/configbuilder.go
@@ -108,12 +108,8 @@ func SetupBCCSPKeystoreConfig(bccspConfig *factory.FactoryOpts, keystoreDir stri
 }
 
 func GetLocalMspConfig(dir string, bccspConfig *factory.FactoryOpts, ID string) (*msp.MSPConfig, error) {
-	cacertDir := filepath.Join(dir, cacerts)
 	signcertDir := filepath.Join(dir, signcerts)
-	admincertDir := filepath.Join(dir, admincerts)
 	keystoreDir := filepath.Join(dir, keystore)
-	intermediatecertsDir := filepath.Join(dir, intermediatecerts)
-
 	SetupBCCSPKeystoreConfig(bccspConfig, keystoreDir)
 
 	err := factory.InitFactories(bccspConfig)
@@ -121,6 +117,32 @@ func GetLocalMspConfig(dir string, bccspConfig *factory.FactoryOpts, ID string)
 		return nil, fmt.Errorf("Could not initialize BCCSP Factories [%s]", err)
 	}
 
+	signcert, err := getPemMaterialFromDir(signcertDir)
+	if err != nil || len(signcert) == 0 {
+		return nil, fmt.Errorf("Could not load a valid signer certificate from directory %s, err %s", signcertDir, err)
+	}
+
+	/* FIXME: for now we're making the following assumptions
+	1) there is exactly one signing cert
+	2) BCCSP's KeyStore has the the private key that matches SKI of
+	   signing cert
+	*/
+
+	sigid := &msp.SigningIdentityInfo{PublicSigner: signcert[0], PrivateSigner: nil}
+
+	return getMspConfig(dir, bccspConfig, ID, sigid)
+}
+
+func GetVerifyingMspConfig(dir string, bccspConfig *factory.FactoryOpts, ID string) (*msp.MSPConfig, error) {
+	return getMspConfig(dir, bccspConfig, ID, nil)
+}
+
+func getMspConfig(dir string, bccspConfig *factory.FactoryOpts, ID string, sigid *msp.SigningIdentityInfo) (*msp.MSPConfig, error) {
+	cacertDir := filepath.Join(dir, cacerts)
+	signcertDir := filepath.Join(dir, signcerts)
+	admincertDir := filepath.Join(dir, admincerts)
+	intermediatecertsDir := filepath.Join(dir, intermediatecerts)
+
 	cacerts, err := getPemMaterialFromDir(cacertDir)
 	if err != nil || len(cacerts) == 0 {
 		return nil, fmt.Errorf("Could not load a valid ca certificate from directory %s, err %s", cacertDir, err)
@@ -139,14 +161,6 @@ func GetLocalMspConfig(dir string, bccspConfig *factory.FactoryOpts, ID string)
 	intermediatecert, _ := getPemMaterialFromDir(intermediatecertsDir)
 	// intermediate certs are not mandatory
 
-	/* FIXME: for now we're making the following assumptions
-	1) there is exactly one signing cert
-	2) BCCSP's KeyStore has the the private key that matches SKI of
-	   signing cert
-	*/
-
-	sigid := &msp.SigningIdentityInfo{PublicSigner: signcert[0], PrivateSigner: nil}
-
 	fmspconf := &msp.FabricMSPConfig{
 		Admins:            admincert,
 		RootCerts:         cacerts,