Why do we require Fabric TLSCA if we use PKI in hyperledger fabric?

Question

I don't understand what is the actual need of having FabricTLSCA if we have PKI in place for secure communication. My assumption is that TLSCA is required for secure communication between different components. For example cert for my domain *.abc.com can be used using PKI than why Fabric TLSCA is required to give certificates.

Answer 1

You are not required to use the Fabric CA for issuing TLS certificates. You can use your own CA as well. You can even use 3rd party TLS/SSL certificate issuers such as Let's Encrypt, DigiCert, Verisign, etc as well. If you choose to use mutual TLS, you may want not want to use a public 3rd party service if you are looking to to added authentication, but generally speaking it is unnecessary to use mutual TLS in any case.