Issue: Hyperledger Fabric Peer Node Fails to Start with CA Certificate in MSP Configuration

[Windol]

I'm trying to deploy a Hyperledger Fabric network using certificates generated by a Certificate Authority (CA) with an intermediate certificate. When starting a Peer node with the MSP configuration file (config.yaml) containing:

PeerOUIdentifier:
  Certificate: cacerts/ca-cert.pem
  OrganizationUnitIdentifier: Peer

The peer node fails to start due to server certificate validation errors.

However, when I use the intermediate certificate configuration instead:

PeerOUIdentifier:
  Certificate: intermediatecerts/intermediate-cert.pem
  OrganizationalUnitIdentifier: Peer

The peer node starts successfully.

Question: Why does the peer node fail when using the root CA certificate but work correctly with the intermediate certificate in the MSP configuration? Is this expected behavior or a configuration issue?

---

Additional context that might be helpful:

• Hyperledger Fabric version: 3.1.1
• CA type: external CA
• Certificate chain structure: CA -> Intermediate -> Peer
• Error message from the peer logs:

panic: Failed putting our own identity into the identity mapper: failed classifying identity: Unable to extract msp.Identity from peer Identity: could not validate identity's OUs: certifiersIdentifier does not match: