diff --git a/core/comm/server_test.go b/core/comm/server_test.go
index 3adb0c26b25..c7488d8c57e 100644
--- a/core/comm/server_test.go
+++ b/core/comm/server_test.go
@@ -19,7 +19,9 @@ package comm_test
 import (
 	"crypto/tls"
 	"crypto/x509"
+	"io/ioutil"
 	"net"
+	"path/filepath"
 	"testing"
 	"time"
 
@@ -61,7 +63,7 @@ zA85vv7JhfMkvZYGPELC7I2K8V7ZAiEA9KcthV3HtDXKNDsA6ULT+qUkyoHRzCzr
 A4QaL2VU6i4=
 -----END CERTIFICATE-----
 `
-var timeout = time.Second * 10
+var timeout = time.Second * 3
 
 type testServiceServer struct{}
 
@@ -133,12 +135,8 @@ func TestNewGRPCServerInvalidParameters(t *testing.T) {
 
 	//bad hostname
 	_, err = comm.NewGRPCServer("hostdoesnotexist.localdomain:9050", nil, nil, nil, nil)
-	//check for error
-	msg = "no such host"
-	if assert.Error(t, err, "%s error expected", msg) {
-		assert.Contains(t, err.Error(), msg) //use contains here as error message inconsistent
-	}
-
+	//check for error only - there are a few possibilities depending on DNS resolution but will get an error
+	assert.Error(t, err, "%s error expected", msg)
 	if err != nil {
 		t.Log(err.Error())
 	}
@@ -225,9 +223,8 @@ func TestNewGRPCServer(t *testing.T) {
 	_, err = invokeEmptyCall(testAddress, dialOptions)
 
 	if err != nil {
-		t.Logf("GRPC client failed to invoke the EmptyCall service on %s: %v",
+		t.Fatalf("GRPC client failed to invoke the EmptyCall service on %s: %v",
 			testAddress, err)
-		t.Fatalf(err.Error())
 	} else {
 		t.Log("GRPC client successfully invoked the EmptyCall service: " + testAddress)
 	}
@@ -277,9 +274,8 @@ func TestNewGRPCServerFromListener(t *testing.T) {
 	_, err = invokeEmptyCall(testAddress, dialOptions)
 
 	if err != nil {
-		t.Logf("GRPC client failed to invoke the EmptyCall service on %s: %v",
+		t.Fatalf("GRPC client failed to invoke the EmptyCall service on %s: %v",
 			testAddress, err)
-		t.Fatalf(err.Error())
 	} else {
 		t.Log("GRPC client successfully invoked the EmptyCall service: " + testAddress)
 	}
@@ -336,7 +332,7 @@ func TestNewSecureGRPCServer(t *testing.T) {
 	_, err = invokeEmptyCall(testAddress, dialOptions)
 
 	if err != nil {
-		t.Logf("GRPC client failed to invoke the EmptyCall service on %s: %v",
+		t.Fatalf("GRPC client failed to invoke the EmptyCall service on %s: %v",
 			testAddress, err)
 	} else {
 		t.Log("GRPC client successfully invoked the EmptyCall service: " + testAddress)
@@ -401,9 +397,168 @@ func TestNewSecureGRPCServerFromListener(t *testing.T) {
 	_, err = invokeEmptyCall(testAddress, dialOptions)
 
 	if err != nil {
-		t.Logf("GRPC client failed to invoke the EmptyCall service on %s: %v",
+		t.Fatalf("GRPC client failed to invoke the EmptyCall service on %s: %v",
 			testAddress, err)
 	} else {
 		t.Log("GRPC client successfully invoked the EmptyCall service: " + testAddress)
 	}
 }
+
+//prior tests used self-signed certficates loaded by the GRPCServer and the test client
+//here we'll use certificates signed by certificate authorities
+func TestWithSignedRootCertificates(t *testing.T) {
+
+	//use Org1 testdata
+	fileBase := "Org1"
+	certPEMBlock, err := ioutil.ReadFile(filepath.Join("testdata", "certs", fileBase+"-server1-cert.pem"))
+	keyPEMBlock, err := ioutil.ReadFile(filepath.Join("testdata", "certs", fileBase+"-server1-key.pem"))
+	caPEMBlock, err := ioutil.ReadFile(filepath.Join("testdata", "certs", fileBase+"-cert.pem"))
+
+	if err != nil {
+		t.Fatalf("Failed to load test certificates: %v", err)
+	}
+	testAddress := "localhost:9057"
+	//create our listener
+	lis, err := net.Listen("tcp", testAddress)
+
+	if err != nil {
+		t.Fatalf("Failed to create listener: %v", err)
+	}
+
+	srv, err := comm.NewGRPCServerFromListener(lis, keyPEMBlock,
+		certPEMBlock, nil, nil)
+	//check for error
+	if err != nil {
+		t.Fatalf("Failed to return new GRPC server: %v", err)
+	}
+
+	//register the GRPC test server
+	testpb.RegisterTestServiceServer(srv.Server(), &testServiceServer{})
+
+	//start the server
+	go srv.Start()
+
+	defer srv.Stop()
+	//should not be needed
+	time.Sleep(10 * time.Millisecond)
+
+	//create the client credentials
+	certPoolServer := x509.NewCertPool()
+
+	//use the server certificate only
+	if !certPoolServer.AppendCertsFromPEM(certPEMBlock) {
+		t.Fatal("Failed to append certificate to client credentials")
+	}
+
+	creds := credentials.NewClientTLSFromCert(certPoolServer, "")
+
+	//GRPC client options
+	var dialOptions []grpc.DialOption
+	dialOptions = append(dialOptions, grpc.WithTransportCredentials(creds))
+
+	//invoke the EmptyCall service
+	_, err = invokeEmptyCall(testAddress, dialOptions)
+
+	//client should not be able to connect
+	//for now we can only test that we get a timeout error
+	assert.EqualError(t, err, grpc.ErrClientConnTimeout.Error())
+	t.Logf("assert.EqualError: %s", err.Error())
+
+	//now use the CA certificate
+	certPoolCA := x509.NewCertPool()
+	if !certPoolCA.AppendCertsFromPEM(caPEMBlock) {
+		t.Fatal("Failed to append certificate to client credentials")
+	}
+	creds = credentials.NewClientTLSFromCert(certPoolCA, "")
+	var dialOptionsCA []grpc.DialOption
+	dialOptionsCA = append(dialOptionsCA, grpc.WithTransportCredentials(creds))
+
+	//invoke the EmptyCall service
+	_, err2 := invokeEmptyCall(testAddress, dialOptionsCA)
+
+	if err2 != nil {
+		t.Fatalf("GRPC client failed to invoke the EmptyCall service on %s: %v",
+			testAddress, err2)
+	} else {
+		t.Log("GRPC client successfully invoked the EmptyCall service: " + testAddress)
+	}
+}
+
+//here we'll use certificates signed by intermediate certificate authorities
+func TestWithSignedIntermediateCertificates(t *testing.T) {
+
+	//use Org1 testdata
+	fileBase := "Org1"
+	certPEMBlock, err := ioutil.ReadFile(filepath.Join("testdata", "certs", fileBase+"-child1-server1-cert.pem"))
+	keyPEMBlock, err := ioutil.ReadFile(filepath.Join("testdata", "certs", fileBase+"-child1-server1-key.pem"))
+	intermediatePEMBlock, err := ioutil.ReadFile(filepath.Join("testdata", "certs", fileBase+"-child1-cert.pem"))
+
+	if err != nil {
+		t.Fatalf("Failed to load test certificates: %v", err)
+	}
+	testAddress := "localhost:9058"
+	//create our listener
+	lis, err := net.Listen("tcp", testAddress)
+
+	if err != nil {
+		t.Fatalf("Failed to create listener: %v", err)
+	}
+
+	srv, err := comm.NewGRPCServerFromListener(lis, keyPEMBlock,
+		certPEMBlock, nil, nil)
+	//check for error
+	if err != nil {
+		t.Fatalf("Failed to return new GRPC server: %v", err)
+	}
+
+	//register the GRPC test server
+	testpb.RegisterTestServiceServer(srv.Server(), &testServiceServer{})
+
+	//start the server
+	go srv.Start()
+
+	defer srv.Stop()
+	//should not be needed
+	time.Sleep(10 * time.Millisecond)
+
+	//create the client credentials
+	certPoolServer := x509.NewCertPool()
+
+	//use the server certificate only
+	if !certPoolServer.AppendCertsFromPEM(certPEMBlock) {
+		t.Fatal("Failed to append certificate to client credentials")
+	}
+
+	creds := credentials.NewClientTLSFromCert(certPoolServer, "")
+
+	//GRPC client options
+	var dialOptions []grpc.DialOption
+	dialOptions = append(dialOptions, grpc.WithTransportCredentials(creds))
+
+	//invoke the EmptyCall service
+	_, err = invokeEmptyCall(testAddress, dialOptions)
+
+	//client should not be able to connect
+	//for now we can only test that we get a timeout error
+	assert.EqualError(t, err, grpc.ErrClientConnTimeout.Error())
+	t.Logf("assert.EqualError: %s", err.Error())
+
+	//now use the CA certificate
+	certPoolCA := x509.NewCertPool()
+	if !certPoolCA.AppendCertsFromPEM(intermediatePEMBlock) {
+		t.Fatal("Failed to append certificate to client credentials")
+	}
+	creds = credentials.NewClientTLSFromCert(certPoolCA, "")
+	var dialOptionsCA []grpc.DialOption
+	dialOptionsCA = append(dialOptionsCA, grpc.WithTransportCredentials(creds))
+
+	//invoke the EmptyCall service
+	_, err2 := invokeEmptyCall(testAddress, dialOptionsCA)
+
+	if err2 != nil {
+		t.Fatalf("GRPC client failed to invoke the EmptyCall service on %s: %v",
+			testAddress, err2)
+	} else {
+		t.Log("GRPC client successfully invoked the EmptyCall service: " + testAddress)
+	}
+}
diff --git a/core/comm/testdata/certs/Org1-cert.pem b/core/comm/testdata/certs/Org1-cert.pem
new file mode 100644
index 00000000000..57998923c8a
--- /dev/null
+++ b/core/comm/testdata/certs/Org1-cert.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB5zCCAYygAwIBAgIQBoqyusG6LOG7fdzjrfvW8DAKBggqhkjOPQQDAjBYMQsw
+CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
+YW5jaXNjbzENMAsGA1UEChMET3JnMTENMAsGA1UEAxMET3JnMTAeFw0xNjEyMTkx
+MjE0NTRaFw0yNjEyMTcxMjE0NTRaMFgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpD
+YWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRPcmcx
+MQ0wCwYDVQQDEwRPcmcxMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgm/Cr5PM
+QasIdK2Ez8ghs43OjC9syqlJsZ3UCfvd671pDr2hZtbFsG1pHElUvcYjuXrh/Jso
+YItEXmAJ2jZZsKM4MDYwDgYDVR0PAQH/BAQDAgGmMBMGA1UdJQQMMAoGCCsGAQUF
+BwMBMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAIAMGQk4gvE+
+RlaxBVqsv6FarhtN9EfAMYu/gFrv3vUqAiEAu3MPm/0iZpa53N8PAhIKus6UIx4g
+nXzhP2sbDMVjccA=
+-----END CERTIFICATE-----
diff --git a/core/comm/testdata/certs/Org1-child1-cert.pem b/core/comm/testdata/certs/Org1-child1-cert.pem
new file mode 100644
index 00000000000..502337ee241
--- /dev/null
+++ b/core/comm/testdata/certs/Org1-child1-cert.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB8zCCAZqgAwIBAgIQYKUEm2IXkwb7hhfmFKH0lTAKBggqhkjOPQQDAjBYMQsw
+CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
+YW5jaXNjbzENMAsGA1UEChMET3JnMTENMAsGA1UEAxMET3JnMTAeFw0xNjEyMTkx
+MjE0NTRaFw0yNjEyMTcxMjE0NTRaMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpD
+YWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtPcmcx
+LWNoaWxkMTEUMBIGA1UEAxMLT3JnMS1jaGlsZDEwWTATBgcqhkjOPQIBBggqhkjO
+PQMBBwNCAAQd0zt95LaDV7TYJGpS9rCNeURgVJUJLtQZtgxAIP+k8je+1yXC1WqR
+qMKtBm3aQP04kcJd8xaXj5yl3p1/qk/bozgwNjAOBgNVHQ8BAf8EBAMCAaYwEwYD
+VR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNH
+ADBEAh9HoG8o8aljiYEal3PumepBWpbIcDv9Pc4oLmDgh6PNAiEAh9MT72bmCdrh
+qSSazVaZxgmrH7DyNn7Y5ij4XDRjhwQ=
+-----END CERTIFICATE-----
diff --git a/core/comm/testdata/certs/Org1-child1-client1-cert.pem b/core/comm/testdata/certs/Org1-child1-client1-cert.pem
new file mode 100644
index 00000000000..0b52994f2a8
--- /dev/null
+++ b/core/comm/testdata/certs/Org1-child1-client1-cert.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICBDCCAaugAwIBAgIQXS8mfkPPbSh05Kbty0/mwjAKBggqhkjOPQQDAjBmMQsw
+CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
+YW5jaXNjbzEUMBIGA1UEChMLT3JnMS1jaGlsZDExFDASBgNVBAMTC09yZzEtY2hp
+bGQxMB4XDTE2MTIxOTEyMTQ1NFoXDTI2MTIxNzEyMTQ1NFowbDELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28x
+HDAaBgNVBAoTE09yZzEtY2hpbGQxLWNsaWVudDExEjAQBgNVBAMTCWxvY2FsaG9z
+dDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOLHdFSFvnTbYcLr63Wi/wjdBaVo
+6Vo7y1zSyxSZ1G7kI2cfg+lDfdzUD1WM4SUZV1pIlYS6MpokZn9Dyd7SfM+jNTAz
+MA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8E
+AjAAMAoGCCqGSM49BAMCA0cAMEQCICk/fL44adOAlXJxvuql5+3xx7bGzgCIfoVz
+sAqDScfsAiAH4C/z+jCKK4WpywxlE/U3wz0FwZwGGXDON4AXVg3Mow==
+-----END CERTIFICATE-----
diff --git a/core/comm/testdata/certs/Org1-child1-client1-key.pem b/core/comm/testdata/certs/Org1-child1-client1-key.pem
new file mode 100644
index 00000000000..9d27a9ee617
--- /dev/null
+++ b/core/comm/testdata/certs/Org1-child1-client1-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIJOlMLzN+kRVbnCTDeIeO5VmYVr4ILNr7MqD7a72HaLFoAoGCCqGSM49
+AwEHoUQDQgAE4sd0VIW+dNthwuvrdaL/CN0FpWjpWjvLXNLLFJnUbuQjZx+D6UN9
+3NQPVYzhJRlXWkiVhLoymiRmf0PJ3tJ8zw==
+-----END EC PRIVATE KEY-----
diff --git a/core/comm/testdata/certs/Org1-child1-key.pem b/core/comm/testdata/certs/Org1-child1-key.pem
new file mode 100644
index 00000000000..d1aadb1e7a0
--- /dev/null
+++ b/core/comm/testdata/certs/Org1-child1-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIANJY6KInPgTmezBBoE/Vq0g6y/FwoBo54rbJjmXnedhoAoGCCqGSM49
+AwEHoUQDQgAEHdM7feS2g1e02CRqUvawjXlEYFSVCS7UGbYMQCD/pPI3vtclwtVq
+kajCrQZt2kD9OJHCXfMWl4+cpd6df6pP2w==
+-----END EC PRIVATE KEY-----
diff --git a/core/comm/testdata/certs/Org1-child1-server1-cert.pem b/core/comm/testdata/certs/Org1-child1-server1-cert.pem
new file mode 100644
index 00000000000..ffa5c7f1da4
--- /dev/null
+++ b/core/comm/testdata/certs/Org1-child1-server1-cert.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICBTCCAaugAwIBAgIQGJLwRu+fdXkVBXqn4Q/D9TAKBggqhkjOPQQDAjBmMQsw
+CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
+YW5jaXNjbzEUMBIGA1UEChMLT3JnMS1jaGlsZDExFDASBgNVBAMTC09yZzEtY2hp
+bGQxMB4XDTE2MTIxOTEyMTQ1NFoXDTI2MTIxNzEyMTQ1NFowbDELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28x
+HDAaBgNVBAoTE09yZzEtY2hpbGQxLXNlcnZlcjExEjAQBgNVBAMTCWxvY2FsaG9z
+dDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPPWSE1Hwcb6/gkkLUQTiGqJbaEc
+fXc6ua+gZabJtEZgoO+RjTDq8X1OVFKJYnVUsqdYoA4ymclbZh1p90fGB/+jNTAz
+MA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8E
+AjAAMAoGCCqGSM49BAMCA0gAMEUCIGhtRzuHGz8e/I/Wkv8fSzVeRUyiRrdp33MW
+APfmqW+uAiEAzToTwUh4qXosee/gh3zG2kfiEgrSa4nfMz0T9dBfF68=
+-----END CERTIFICATE-----
diff --git a/core/comm/testdata/certs/Org1-child1-server1-key.pem b/core/comm/testdata/certs/Org1-child1-server1-key.pem
new file mode 100644
index 00000000000..200ad9149cc
--- /dev/null
+++ b/core/comm/testdata/certs/Org1-child1-server1-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIFq1dZOPEkCC5VuAdtB0vb9Ncz1zIfBPTe9eCN9rfkWloAoGCCqGSM49
+AwEHoUQDQgAE89ZITUfBxvr+CSQtRBOIaoltoRx9dzq5r6Blpsm0RmCg75GNMOrx
+fU5UUolidVSyp1igDjKZyVtmHWn3R8YH/w==
+-----END EC PRIVATE KEY-----
diff --git a/core/comm/testdata/certs/Org1-child1-server2-cert.pem b/core/comm/testdata/certs/Org1-child1-server2-cert.pem
new file mode 100644
index 00000000000..d5f0eaeb1a4
--- /dev/null
+++ b/core/comm/testdata/certs/Org1-child1-server2-cert.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICBzCCAaygAwIBAgIRAO+oRnnA09sDNeNBFP4J/mcwCgYIKoZIzj0EAwIwZjEL
+MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG
+cmFuY2lzY28xFDASBgNVBAoTC09yZzEtY2hpbGQxMRQwEgYDVQQDEwtPcmcxLWNo
+aWxkMTAeFw0xNjEyMTkxMjE0NTRaFw0yNjEyMTcxMjE0NTRaMGwxCzAJBgNVBAYT
+AlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv
+MRwwGgYDVQQKExNPcmcxLWNoaWxkMS1zZXJ2ZXIyMRIwEAYDVQQDEwlsb2NhbGhv
+c3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS8+DMyiKGF+MmGOUDR5Ba0DdEs
+Ea8r5wc3Qwt+kbE5rh0J+pMV+ZB1nvuGk/P7wUSMMyCae1Z9TwmGVQyhfNw4ozUw
+MzAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/
+BAIwADAKBggqhkjOPQQDAgNJADBGAiEAvnm6cyeF3YKA/WiQdsP8iASlNkFMnuek
+jZdLCgDs4XICIQDzn9j9S4aJvZwKQ96d3dIpJ/8910w6VF6apgpJ6WnYBQ==
+-----END CERTIFICATE-----
diff --git a/core/comm/testdata/certs/Org1-child1-server2-key.pem b/core/comm/testdata/certs/Org1-child1-server2-key.pem
new file mode 100644
index 00000000000..deb3ea462f6
--- /dev/null
+++ b/core/comm/testdata/certs/Org1-child1-server2-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIG9/X7NuNj1A9WGsTVzDUBE5hp1hN4q/EAOEjjO3oYKEoAoGCCqGSM49
+AwEHoUQDQgAEvPgzMoihhfjJhjlA0eQWtA3RLBGvK+cHN0MLfpGxOa4dCfqTFfmQ
+dZ77hpPz+8FEjDMgmntWfU8JhlUMoXzcOA==
+-----END EC PRIVATE KEY-----
diff --git a/core/comm/testdata/certs/Org1-child2-cert.pem b/core/comm/testdata/certs/Org1-child2-cert.pem
new file mode 100644
index 00000000000..628d0ed2c6a
--- /dev/null
+++ b/core/comm/testdata/certs/Org1-child2-cert.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB8zCCAZqgAwIBAgIQO2kTviFxObnIfvpvm5INczAKBggqhkjOPQQDAjBYMQsw
+CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
+YW5jaXNjbzENMAsGA1UEChMET3JnMTENMAsGA1UEAxMET3JnMTAeFw0xNjEyMTkx
+MjE0NTRaFw0yNjEyMTcxMjE0NTRaMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpD
+YWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtPcmcx
+LWNoaWxkMjEUMBIGA1UEAxMLT3JnMS1jaGlsZDIwWTATBgcqhkjOPQIBBggqhkjO
+PQMBBwNCAATT8hJlwkqlhum6LXTyUENBmuvG1D47Yaoo7xolqB4rgaQ66twGXIbm
+/kBd++4glU0tdHFxiNEx+NFGBjRydbGgozgwNjAOBgNVHQ8BAf8EBAMCAaYwEwYD
+VR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNH
+ADBEAiBqdAbBd0Iy4iEiPegzzJFDDCO/p0O/4kPq0W/TCC4QbQIgSCNE54c6WuB3
+s1015/Hh5OfZVYfwNdtdUnLDqWaRqZc=
+-----END CERTIFICATE-----
diff --git a/core/comm/testdata/certs/Org1-child2-client1-cert.pem b/core/comm/testdata/certs/Org1-child2-client1-cert.pem
new file mode 100644
index 00000000000..de767e945f5
--- /dev/null
+++ b/core/comm/testdata/certs/Org1-child2-client1-cert.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICBjCCAaygAwIBAgIRAPjPkGnHmU7cf0H+Tl9LuNQwCgYIKoZIzj0EAwIwZjEL
+MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG
+cmFuY2lzY28xFDASBgNVBAoTC09yZzEtY2hpbGQyMRQwEgYDVQQDEwtPcmcxLWNo
+aWxkMjAeFw0xNjEyMTkxMjE0NTRaFw0yNjEyMTcxMjE0NTRaMGwxCzAJBgNVBAYT
+AlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv
+MRwwGgYDVQQKExNPcmcxLWNoaWxkMi1jbGllbnQxMRIwEAYDVQQDEwlsb2NhbGhv
+c3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATPYg/tCw3jPT7wEaxNAaae52Ix
+qyew7c5np0fOD+phVSC4Pd1HqU4geVZtLR88KUJdG6BibgxJOK8gBvsSMoZjozUw
+MzAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/
+BAIwADAKBggqhkjOPQQDAgNIADBFAiBQNm7l7CNEkAYbWskaMZe7W6qK7YOqGPKC
+mZe4f+JyEAIhAIyW9AupkwIVqAf4Y+qLXWw6Ou72P2cxacwnU/EqY5v3
+-----END CERTIFICATE-----
diff --git a/core/comm/testdata/certs/Org1-child2-client1-key.pem b/core/comm/testdata/certs/Org1-child2-client1-key.pem
new file mode 100644
index 00000000000..d0e88ec5922
--- /dev/null
+++ b/core/comm/testdata/certs/Org1-child2-client1-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIJ8099eKaVtltKkoSsgxtDZ8nly8hEF8mzpoxgIUTKbPoAoGCCqGSM49
+AwEHoUQDQgAEz2IP7QsN4z0+8BGsTQGmnudiMasnsO3OZ6dHzg/qYVUguD3dR6lO
+IHlWbS0fPClCXRugYm4MSTivIAb7EjKGYw==
+-----END EC PRIVATE KEY-----
diff --git a/core/comm/testdata/certs/Org1-child2-key.pem b/core/comm/testdata/certs/Org1-child2-key.pem
new file mode 100644
index 00000000000..b637d38f706
--- /dev/null
+++ b/core/comm/testdata/certs/Org1-child2-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEILD5s03CCydQC/fk15bPBIST29zSR640HZ6EFkljXQVvoAoGCCqGSM49
+AwEHoUQDQgAE0/ISZcJKpYbpui108lBDQZrrxtQ+O2GqKO8aJageK4GkOurcBlyG
+5v5AXfvuIJVNLXRxcYjRMfjRRgY0cnWxoA==
+-----END EC PRIVATE KEY-----
diff --git a/core/comm/testdata/certs/Org1-child2-server1-cert.pem b/core/comm/testdata/certs/Org1-child2-server1-cert.pem
new file mode 100644
index 00000000000..8b7a2e8cf88
--- /dev/null
+++ b/core/comm/testdata/certs/Org1-child2-server1-cert.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICBTCCAaugAwIBAgIQBWuPAYs8k+OxJCws3MC9jDAKBggqhkjOPQQDAjBmMQsw
+CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
+YW5jaXNjbzEUMBIGA1UEChMLT3JnMS1jaGlsZDIxFDASBgNVBAMTC09yZzEtY2hp
+bGQyMB4XDTE2MTIxOTEyMTQ1NFoXDTI2MTIxNzEyMTQ1NFowbDELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28x
+HDAaBgNVBAoTE09yZzEtY2hpbGQyLXNlcnZlcjExEjAQBgNVBAMTCWxvY2FsaG9z
+dDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABN10+yKShT7e72Eg4spl29gN8JWj
+FtrNF+7Htz8iuOXTjh0bXDaA39ZgXPQXPHHXb2qBOhFFty+IKjCKwtq9SJ6jNTAz
+MA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8E
+AjAAMAoGCCqGSM49BAMCA0gAMEUCIBamPit5An50gI0xmEgxKqdJXqKwMsbAsYlb
+WW61cdLqAiEAmNfaObAswKqpZ01uK9gef3Sq6h75Dvx3Y/Mi+YPL+6g=
+-----END CERTIFICATE-----
diff --git a/core/comm/testdata/certs/Org1-child2-server1-key.pem b/core/comm/testdata/certs/Org1-child2-server1-key.pem
new file mode 100644
index 00000000000..32fc31b81e0
--- /dev/null
+++ b/core/comm/testdata/certs/Org1-child2-server1-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIBP5H0bLYye1oMhE/Nju+tYDqN0tHJzS1AssVSoEQMnKoAoGCCqGSM49
+AwEHoUQDQgAE3XT7IpKFPt7vYSDiymXb2A3wlaMW2s0X7se3PyK45dOOHRtcNoDf
+1mBc9Bc8cddvaoE6EUW3L4gqMIrC2r1Ing==
+-----END EC PRIVATE KEY-----
diff --git a/core/comm/testdata/certs/Org1-child2-server2-cert.pem b/core/comm/testdata/certs/Org1-child2-server2-cert.pem
new file mode 100644
index 00000000000..a7b9e675840
--- /dev/null
+++ b/core/comm/testdata/certs/Org1-child2-server2-cert.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICBjCCAaygAwIBAgIRAIjkOm9RLJLYwNp/UrVHOdkwCgYIKoZIzj0EAwIwZjEL
+MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG
+cmFuY2lzY28xFDASBgNVBAoTC09yZzEtY2hpbGQyMRQwEgYDVQQDEwtPcmcxLWNo
+aWxkMjAeFw0xNjEyMTkxMjE0NTRaFw0yNjEyMTcxMjE0NTRaMGwxCzAJBgNVBAYT
+AlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv
+MRwwGgYDVQQKExNPcmcxLWNoaWxkMi1zZXJ2ZXIyMRIwEAYDVQQDEwlsb2NhbGhv
+c3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQxC0FvjjgIPgNVD1EyVlFOgnM2
+xSD5YTmPesYsTxZkhT8rZT82F5tLh/FLTTPfUT0aGsJMDbcVuS9WA7v9Zu+9ozUw
+MzAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/
+BAIwADAKBggqhkjOPQQDAgNIADBFAiBIRHNQoEvOp55SFn0rxZ0Cge4xsShjiO/n
+ODqPKI0fXgIhAKNYujfC8M2FnRetyq4T1riUQ6+r5fpeSQOP30Bnj6K/
+-----END CERTIFICATE-----
diff --git a/core/comm/testdata/certs/Org1-child2-server2-key.pem b/core/comm/testdata/certs/Org1-child2-server2-key.pem
new file mode 100644
index 00000000000..43576899c15
--- /dev/null
+++ b/core/comm/testdata/certs/Org1-child2-server2-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIBlr8ZpdVksUiqWhNrPIOKHM8nAcoFPCn17h5K5qTpgvoAoGCCqGSM49
+AwEHoUQDQgAEMQtBb444CD4DVQ9RMlZRToJzNsUg+WE5j3rGLE8WZIU/K2U/Nheb
+S4fxS00z31E9GhrCTA23FbkvVgO7/WbvvQ==
+-----END EC PRIVATE KEY-----
diff --git a/core/comm/testdata/certs/Org1-client1-cert.pem b/core/comm/testdata/certs/Org1-client1-cert.pem
new file mode 100644
index 00000000000..fbcfb1871ae
--- /dev/null
+++ b/core/comm/testdata/certs/Org1-client1-cert.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB8jCCAZmgAwIBAgIQRk9iXI0SuYIHlo5ZabCRKDAKBggqhkjOPQQDAjBYMQsw
+CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
+YW5jaXNjbzENMAsGA1UEChMET3JnMTENMAsGA1UEAxMET3JnMTAeFw0xNjEyMTkx
+MjE0NTRaFw0yNjEyMTcxMjE0NTRaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpD
+YWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxPcmcx
+LWNsaWVudDExFTATBgNVBAMTDE9yZzEtY2xpZW50MTBZMBMGByqGSM49AgEGCCqG
+SM49AwEHA0IABMwcflghuFe3wFNtQAWJfflB0sQrpwffjqUKDGvjYizOykMEA+vu
+qW7u1HwDJQ9TCBVhts8SIUiZXe7B5HMYvDCjNTAzMA4GA1UdDwEB/wQEAwIFoDAT
+BgNVHSUEDDAKBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMAoGCCqGSM49BAMCA0cA
+MEQCIFLmpy5K/wxleUuYIMiFuihxIok4DM72pEaUyH7k5wxHAiBLTAPO2GqNV5Uk
+T/yTU1qEwan2BdtDztwCR0SicrF7fw==
+-----END CERTIFICATE-----
diff --git a/core/comm/testdata/certs/Org1-client1-key.pem b/core/comm/testdata/certs/Org1-client1-key.pem
new file mode 100644
index 00000000000..5177049cdaf
--- /dev/null
+++ b/core/comm/testdata/certs/Org1-client1-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIJazPH2DGnUxy0zgq6wFvv7g2taswBBSax+kIj/gX9puoAoGCCqGSM49
+AwEHoUQDQgAEzBx+WCG4V7fAU21ABYl9+UHSxCunB9+OpQoMa+NiLM7KQwQD6+6p
+bu7UfAMlD1MIFWG2zxIhSJld7sHkcxi8MA==
+-----END EC PRIVATE KEY-----
diff --git a/core/comm/testdata/certs/Org1-client2-cert.pem b/core/comm/testdata/certs/Org1-client2-cert.pem
new file mode 100644
index 00000000000..225d32e03be
--- /dev/null
+++ b/core/comm/testdata/certs/Org1-client2-cert.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB9DCCAZmgAwIBAgIQM/cHDcPK2OBKVQVRUMJazjAKBggqhkjOPQQDAjBYMQsw
+CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
+YW5jaXNjbzENMAsGA1UEChMET3JnMTENMAsGA1UEAxMET3JnMTAeFw0xNjEyMTkx
+MjE0NTRaFw0yNjEyMTcxMjE0NTRaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpD
+YWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxPcmcx
+LWNsaWVudDIxFTATBgNVBAMTDE9yZzEtY2xpZW50MjBZMBMGByqGSM49AgEGCCqG
+SM49AwEHA0IABKaFvV2yQsUepus1CuGEXHkSx149ROFquwHMUQOXAshPZRiWI8Gh
+VzuwwNSWiV+4lMf6ELSeG3FSQBPDEk/QM32jNTAzMA4GA1UdDwEB/wQEAwIFoDAT
+BgNVHSUEDDAKBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMAoGCCqGSM49BAMCA0kA
+MEYCIQC2IPIQnskMoycN3YHC7FCuhzUQp9M23uPLjATJ9ARV9QIhALE/A9FH09ri
+6bgFnseQuaWL/b/r0ZMzn2Kl5bDiNzdW
+-----END CERTIFICATE-----
diff --git a/core/comm/testdata/certs/Org1-client2-key.pem b/core/comm/testdata/certs/Org1-client2-key.pem
new file mode 100644
index 00000000000..e5e69f33b6b
--- /dev/null
+++ b/core/comm/testdata/certs/Org1-client2-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIOTa9xcvp+CKKWa70Z0+vGsGgOL6nBM41We7U2hTY+1VoAoGCCqGSM49
+AwEHoUQDQgAEpoW9XbJCxR6m6zUK4YRceRLHXj1E4Wq7AcxRA5cCyE9lGJYjwaFX
+O7DA1JaJX7iUx/oQtJ4bcVJAE8MST9AzfQ==
+-----END EC PRIVATE KEY-----
diff --git a/core/comm/testdata/certs/Org1-key.pem b/core/comm/testdata/certs/Org1-key.pem
new file mode 100644
index 00000000000..9137b412929
--- /dev/null
+++ b/core/comm/testdata/certs/Org1-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIIPx348Wscx9ntkEAy6mExhnmU5E1KDkJB08SS4UYb5JoAoGCCqGSM49
+AwEHoUQDQgAEgm/Cr5PMQasIdK2Ez8ghs43OjC9syqlJsZ3UCfvd671pDr2hZtbF
+sG1pHElUvcYjuXrh/JsoYItEXmAJ2jZZsA==
+-----END EC PRIVATE KEY-----
diff --git a/core/comm/testdata/certs/Org1-server1-cert.pem b/core/comm/testdata/certs/Org1-server1-cert.pem
new file mode 100644
index 00000000000..d82f50ad557
--- /dev/null
+++ b/core/comm/testdata/certs/Org1-server1-cert.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB8jCCAZegAwIBAgIRAIQFT714AoD+bWcj31Yv/HEwCgYIKoZIzj0EAwIwWDEL
+MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG
+cmFuY2lzY28xDTALBgNVBAoTBE9yZzExDTALBgNVBAMTBE9yZzEwHhcNMTYxMjE5
+MTIxNDU0WhcNMjYxMjE3MTIxNDU0WjBlMQswCQYDVQQGEwJVUzETMBEGA1UECBMK
+Q2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEVMBMGA1UEChMMT3Jn
+MS1zZXJ2ZXIxMRIwEAYDVQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjO
+PQMBBwNCAASIkWmzwMBTdofKdUsgc9OYY3I0MrBGw9042Tv/brYR9tul0hzqDPk0
+me+HoPCfZeS2JIfFdc2mdTEbNdMQs7IcozUwMzAOBgNVHQ8BAf8EBAMCBaAwEwYD
+VR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAKBggqhkjOPQQDAgNJADBG
+AiEAguZ4madu+URKEdi1uaycvvpqO/2r1FXY5E4+NlVPWT8CIQCYNzk0TYebAn6Y
+iMxfjWcAzPUHUB0fjaz5f6oyVfzFBw==
+-----END CERTIFICATE-----
diff --git a/core/comm/testdata/certs/Org1-server1-key.pem b/core/comm/testdata/certs/Org1-server1-key.pem
new file mode 100644
index 00000000000..91191087ca8
--- /dev/null
+++ b/core/comm/testdata/certs/Org1-server1-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIPuDKgX2mBkVPdbMPB5qp/bavLwXv/aknAaNa3VD3DvnoAoGCCqGSM49
+AwEHoUQDQgAEiJFps8DAU3aHynVLIHPTmGNyNDKwRsPdONk7/262EfbbpdIc6gz5
+NJnvh6Dwn2XktiSHxXXNpnUxGzXTELOyHA==
+-----END EC PRIVATE KEY-----
diff --git a/core/comm/testdata/certs/Org1-server2-cert.pem b/core/comm/testdata/certs/Org1-server2-cert.pem
new file mode 100644
index 00000000000..c786e3c3efb
--- /dev/null
+++ b/core/comm/testdata/certs/Org1-server2-cert.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB7zCCAZagAwIBAgIQd1elm4A3cDk56P7ncHlb7jAKBggqhkjOPQQDAjBYMQsw
+CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
+YW5jaXNjbzENMAsGA1UEChMET3JnMTENMAsGA1UEAxMET3JnMTAeFw0xNjEyMTkx
+MjE0NTRaFw0yNjEyMTcxMjE0NTRaMGUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpD
+YWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxPcmcx
+LXNlcnZlcjIxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49
+AwEHA0IABBWK8sVC6mmp6fSEBueSlqbAun0RaHpAZOFRmn4JRJHn6Ivll2v7j8sI
+R/ynK63y5hRzZmaC92sWNh6nqE5ojo+jNTAzMA4GA1UdDwEB/wQEAwIFoDATBgNV
+HSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMAoGCCqGSM49BAMCA0cAMEQC
+IFxR5i0YyRLaannvHK31/MnWQr/vCoWFupsE6vTdJAkaAiAX7cibvIcXz0SSTmZw
+SagDbD7aQRStKo5Txbm2RNlcXw==
+-----END CERTIFICATE-----
diff --git a/core/comm/testdata/certs/Org1-server2-key.pem b/core/comm/testdata/certs/Org1-server2-key.pem
new file mode 100644
index 00000000000..27e3355967e
--- /dev/null
+++ b/core/comm/testdata/certs/Org1-server2-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIGo+VE1uGPpAqcbm2ARPJgBAb1h6nBctYLI8I10fY4lNoAoGCCqGSM49
+AwEHoUQDQgAEFYryxULqaanp9IQG55KWpsC6fRFoekBk4VGafglEkefoi+WXa/uP
+ywhH/KcrrfLmFHNmZoL3axY2HqeoTmiOjw==
+-----END EC PRIVATE KEY-----
diff --git a/core/comm/testdata/certs/Org2-cert.pem b/core/comm/testdata/certs/Org2-cert.pem
new file mode 100644
index 00000000000..a817d650540
--- /dev/null
+++ b/core/comm/testdata/certs/Org2-cert.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB6DCCAY2gAwIBAgIRAKHfuoKkuD99zWY7zOoLi9MwCgYIKoZIzj0EAwIwWDEL
+MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG
+cmFuY2lzY28xDTALBgNVBAoTBE9yZzIxDTALBgNVBAMTBE9yZzIwHhcNMTYxMjE5
+MTIxNDU0WhcNMjYxMjE3MTIxNDU0WjBYMQswCQYDVQQGEwJVUzETMBEGA1UECBMK
+Q2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMET3Jn
+MjENMAsGA1UEAxMET3JnMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFgXzISs
+ROob0qm4eSjwmxP35Y+AEJC5sD6Qj1dGia7OWZFMPcj7+hCnWlGaY9mf85bGu98Y
+iDKgxocA2Tfei+ejODA2MA4GA1UdDwEB/wQEAwIBpjATBgNVHSUEDDAKBggrBgEF
+BQcDATAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0kAMEYCIQCwehcuBJw/
+g6jYz+TjH+UjzK+zYqRt+sWP1aU3jx0ZbAIhANDLzoKfsf13/ezeqzyYy3ypSS5N
+TvIJI/ZNdk5OVcle
+-----END CERTIFICATE-----
diff --git a/core/comm/testdata/certs/Org2-child1-cert.pem b/core/comm/testdata/certs/Org2-child1-cert.pem
new file mode 100644
index 00000000000..6606ce66ef7
--- /dev/null
+++ b/core/comm/testdata/certs/Org2-child1-cert.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB9TCCAZqgAwIBAgIQZSNeXvLJpF6SqaV9peJj/DAKBggqhkjOPQQDAjBYMQsw
+CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
+YW5jaXNjbzENMAsGA1UEChMET3JnMjENMAsGA1UEAxMET3JnMjAeFw0xNjEyMTkx
+MjE0NTRaFw0yNjEyMTcxMjE0NTRaMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpD
+YWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtPcmcy
+LWNoaWxkMTEUMBIGA1UEAxMLT3JnMi1jaGlsZDEwWTATBgcqhkjOPQIBBggqhkjO
+PQMBBwNCAAQsenDMFOH4Boqcq+y9M7TXQLnwGaN12klqVY9o4mnH3FUfGOVkM29b
+TAsLPBRa+NtJ9cg+YOHFHzZBdNvJay6BozgwNjAOBgNVHQ8BAf8EBAMCAaYwEwYD
+VR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNJ
+ADBGAiEAtX8u1JGIPLoOseVfzIfyMin13C9H6xZNt25uYGsPMQkCIQCyEVRmM40+
+vioQW2DZyq+bURMykRYMu1pKPweWo6cvCw==
+-----END CERTIFICATE-----
diff --git a/core/comm/testdata/certs/Org2-child1-client1-cert.pem b/core/comm/testdata/certs/Org2-child1-client1-cert.pem
new file mode 100644
index 00000000000..a2b2fbb256f
--- /dev/null
+++ b/core/comm/testdata/certs/Org2-child1-client1-cert.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICBzCCAaygAwIBAgIRAKhLiY/5kRo+1iV8LETwqWgwCgYIKoZIzj0EAwIwZjEL
+MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG
+cmFuY2lzY28xFDASBgNVBAoTC09yZzItY2hpbGQxMRQwEgYDVQQDEwtPcmcyLWNo
+aWxkMTAeFw0xNjEyMTkxMjE0NTRaFw0yNjEyMTcxMjE0NTRaMGwxCzAJBgNVBAYT
+AlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv
+MRwwGgYDVQQKExNPcmcyLWNoaWxkMS1jbGllbnQxMRIwEAYDVQQDEwlsb2NhbGhv
+c3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARVq5r1FYyOGn1O3Cn1ZjIeX3KC
+l9XR0hJ0cpDNHPW51H8mq8ftEKnd/gRhGaHTGDoihrCDYrTi0+nHenHrs/5HozUw
+MzAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/
+BAIwADAKBggqhkjOPQQDAgNJADBGAiEAvmW1ZnpUh/Fz9/MHrTlTM0n6jy+GH8ZW
+p4KrQjhZ59wCIQDaBHK17dSTZc2kaa/z79ikX5e2Svg6jR9p/4aypj0HUA==
+-----END CERTIFICATE-----
diff --git a/core/comm/testdata/certs/Org2-child1-client1-key.pem b/core/comm/testdata/certs/Org2-child1-client1-key.pem
new file mode 100644
index 00000000000..73188cf61c8
--- /dev/null
+++ b/core/comm/testdata/certs/Org2-child1-client1-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIIDxg0BFxsG8rHOaT2O1xDC6Lw+BMr8s3BNo2CRTZ6tZoAoGCCqGSM49
+AwEHoUQDQgAEVaua9RWMjhp9Ttwp9WYyHl9ygpfV0dISdHKQzRz1udR/JqvH7RCp
+3f4EYRmh0xg6Ioawg2K04tPpx3px67P+Rw==
+-----END EC PRIVATE KEY-----
diff --git a/core/comm/testdata/certs/Org2-child1-key.pem b/core/comm/testdata/certs/Org2-child1-key.pem
new file mode 100644
index 00000000000..fce737555c6
--- /dev/null
+++ b/core/comm/testdata/certs/Org2-child1-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEILLKY/aj5tAPYKkN+kBVnpdFY1cIgi3JbtEcPTfnBV7voAoGCCqGSM49
+AwEHoUQDQgAELHpwzBTh+AaKnKvsvTO010C58BmjddpJalWPaOJpx9xVHxjlZDNv
+W0wLCzwUWvjbSfXIPmDhxR82QXTbyWsugQ==
+-----END EC PRIVATE KEY-----
diff --git a/core/comm/testdata/certs/Org2-child1-server1-cert.pem b/core/comm/testdata/certs/Org2-child1-server1-cert.pem
new file mode 100644
index 00000000000..d19db78a6a0
--- /dev/null
+++ b/core/comm/testdata/certs/Org2-child1-server1-cert.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICBzCCAaygAwIBAgIRAKJ4Rs9l6vraj1EjjPZnBz8wCgYIKoZIzj0EAwIwZjEL
+MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG
+cmFuY2lzY28xFDASBgNVBAoTC09yZzItY2hpbGQxMRQwEgYDVQQDEwtPcmcyLWNo
+aWxkMTAeFw0xNjEyMTkxMjE0NTRaFw0yNjEyMTcxMjE0NTRaMGwxCzAJBgNVBAYT
+AlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv
+MRwwGgYDVQQKExNPcmcyLWNoaWxkMS1zZXJ2ZXIxMRIwEAYDVQQDEwlsb2NhbGhv
+c3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATl3NzMKqw/lp3LxRHCXeO6HIQI
+9DADYA/n1ThL4jbsSbzjGNp5KHGePLQM/Egl4VFk6KsjRtQhHqB+MPaZ2GizozUw
+MzAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/
+BAIwADAKBggqhkjOPQQDAgNJADBGAiEAu1xmMYZHz59eeiJwDNMZX0IPda3ezMRg
+8Y7wu5NnQzMCIQDTZ87MjZu0mHqm2g409seN0V9twXbnBiXl2TNBAqkA1Q==
+-----END CERTIFICATE-----
diff --git a/core/comm/testdata/certs/Org2-child1-server1-key.pem b/core/comm/testdata/certs/Org2-child1-server1-key.pem
new file mode 100644
index 00000000000..fb1bdc82548
--- /dev/null
+++ b/core/comm/testdata/certs/Org2-child1-server1-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEINLo7S7hnkB+vbBv164Iire7fYunfWwsPwoJ+TU5sBszoAoGCCqGSM49
+AwEHoUQDQgAE5dzczCqsP5ady8URwl3juhyECPQwA2AP59U4S+I27Em84xjaeShx
+njy0DPxIJeFRZOirI0bUIR6gfjD2mdhosw==
+-----END EC PRIVATE KEY-----
diff --git a/core/comm/testdata/certs/Org2-child1-server2-cert.pem b/core/comm/testdata/certs/Org2-child1-server2-cert.pem
new file mode 100644
index 00000000000..776a4e0fc96
--- /dev/null
+++ b/core/comm/testdata/certs/Org2-child1-server2-cert.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICBTCCAaygAwIBAgIRALxrSIFsf2QhgO+o/73/bbgwCgYIKoZIzj0EAwIwZjEL
+MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG
+cmFuY2lzY28xFDASBgNVBAoTC09yZzItY2hpbGQxMRQwEgYDVQQDEwtPcmcyLWNo
+aWxkMTAeFw0xNjEyMTkxMjE0NTRaFw0yNjEyMTcxMjE0NTRaMGwxCzAJBgNVBAYT
+AlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv
+MRwwGgYDVQQKExNPcmcyLWNoaWxkMS1zZXJ2ZXIyMRIwEAYDVQQDEwlsb2NhbGhv
+c3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR2BRbCLFkHOBsE2j6dThk0uqJt
+6AI94H0ZPHdXrAW2uwGmPIMzX9kG6zxtUg7Li+36PSl23Rpmh83l0xs1e2OfozUw
+MzAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/
+BAIwADAKBggqhkjOPQQDAgNHADBEAiB+v/fJtOJta4Ji0JgVCh8RabECiQbn5ilM
+Jil8/Hzr3QIgTnnMUdEXEFF5HAxfrnVjPlAPYrfrbl3Lq51h9JFbIJY=
+-----END CERTIFICATE-----
diff --git a/core/comm/testdata/certs/Org2-child1-server2-key.pem b/core/comm/testdata/certs/Org2-child1-server2-key.pem
new file mode 100644
index 00000000000..1a57c44d6fb
--- /dev/null
+++ b/core/comm/testdata/certs/Org2-child1-server2-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEINeWqNP1l3uL2a5rrhxSIOvY94nUqBCJ5xSSK0FyNxGAoAoGCCqGSM49
+AwEHoUQDQgAEdgUWwixZBzgbBNo+nU4ZNLqibegCPeB9GTx3V6wFtrsBpjyDM1/Z
+Bus8bVIOy4vt+j0pdt0aZofN5dMbNXtjnw==
+-----END EC PRIVATE KEY-----
diff --git a/core/comm/testdata/certs/Org2-child2-cert.pem b/core/comm/testdata/certs/Org2-child2-cert.pem
new file mode 100644
index 00000000000..edcdb3f44f0
--- /dev/null
+++ b/core/comm/testdata/certs/Org2-child2-cert.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB9TCCAZugAwIBAgIRALKKxS8V2q2/Iz1UrNjk/DIwCgYIKoZIzj0EAwIwWDEL
+MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG
+cmFuY2lzY28xDTALBgNVBAoTBE9yZzIxDTALBgNVBAMTBE9yZzIwHhcNMTYxMjE5
+MTIxNDU0WhcNMjYxMjE3MTIxNDU0WjBmMQswCQYDVQQGEwJVUzETMBEGA1UECBMK
+Q2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEUMBIGA1UEChMLT3Jn
+Mi1jaGlsZDIxFDASBgNVBAMTC09yZzItY2hpbGQyMFkwEwYHKoZIzj0CAQYIKoZI
+zj0DAQcDQgAEubWW4VqOMNMpbCUTdswE0RQe0bPgMLnr8HaW2e8PecFTz2cnfal6
+7Vmw48wQ0lK32Kxr7I2OnRp3J9E/SGh9X6M4MDYwDgYDVR0PAQH/BAQDAgGmMBMG
+A1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwID
+SAAwRQIgb2TTNKLBhaYVXbASzESkjWQFc+0Pm6jM70dTFD1nvn8CIQDJe/qN0wqZ
+YrKrtaFVe+K6g83wsV6aFNhQYuyIRU4+Ew==
+-----END CERTIFICATE-----
diff --git a/core/comm/testdata/certs/Org2-child2-client1-cert.pem b/core/comm/testdata/certs/Org2-child2-client1-cert.pem
new file mode 100644
index 00000000000..2c393a1a56f
--- /dev/null
+++ b/core/comm/testdata/certs/Org2-child2-client1-cert.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICBjCCAaygAwIBAgIRAPFwEeuXxVk7BRq8GEq83bowCgYIKoZIzj0EAwIwZjEL
+MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG
+cmFuY2lzY28xFDASBgNVBAoTC09yZzItY2hpbGQyMRQwEgYDVQQDEwtPcmcyLWNo
+aWxkMjAeFw0xNjEyMTkxMjE0NTRaFw0yNjEyMTcxMjE0NTRaMGwxCzAJBgNVBAYT
+AlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv
+MRwwGgYDVQQKExNPcmcyLWNoaWxkMi1jbGllbnQxMRIwEAYDVQQDEwlsb2NhbGhv
+c3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQlK0kZIx4Mh0/EzY5SUZPsqQwg
+Hwxr1S2qqoMdFl8HSHpzu4XJ+iRzUG3XG9wpJBYIgTUkCjqSRe2oAI31sXReozUw
+MzAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/
+BAIwADAKBggqhkjOPQQDAgNIADBFAiBWrWiDcbkp8z4fySygEl6W1GMqOssvuPm5
+b/qYBeeCVwIhAJI6cl09Mqgooa8Sj0Y4Imo+G61BuqwWuT+/tb5wYWMF
+-----END CERTIFICATE-----
diff --git a/core/comm/testdata/certs/Org2-child2-client1-key.pem b/core/comm/testdata/certs/Org2-child2-client1-key.pem
new file mode 100644
index 00000000000..e8fead0e5ed
--- /dev/null
+++ b/core/comm/testdata/certs/Org2-child2-client1-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIE1DC9FfgJ5Oy+rsBoOnCWlMExtVmcKO+4sodWCY2vDroAoGCCqGSM49
+AwEHoUQDQgAEJStJGSMeDIdPxM2OUlGT7KkMIB8Ma9UtqqqDHRZfB0h6c7uFyfok
+c1Bt1xvcKSQWCIE1JAo6kkXtqACN9bF0Xg==
+-----END EC PRIVATE KEY-----
diff --git a/core/comm/testdata/certs/Org2-child2-key.pem b/core/comm/testdata/certs/Org2-child2-key.pem
new file mode 100644
index 00000000000..44f3354c003
--- /dev/null
+++ b/core/comm/testdata/certs/Org2-child2-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIKcSCCWeHnF0iKyZ0XU5eHAQEeVUPZzryAmjq+Hh9PAPoAoGCCqGSM49
+AwEHoUQDQgAEubWW4VqOMNMpbCUTdswE0RQe0bPgMLnr8HaW2e8PecFTz2cnfal6
+7Vmw48wQ0lK32Kxr7I2OnRp3J9E/SGh9Xw==
+-----END EC PRIVATE KEY-----
diff --git a/core/comm/testdata/certs/Org2-child2-server1-cert.pem b/core/comm/testdata/certs/Org2-child2-server1-cert.pem
new file mode 100644
index 00000000000..cd6f5a7e601
--- /dev/null
+++ b/core/comm/testdata/certs/Org2-child2-server1-cert.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICBTCCAaygAwIBAgIRAKieUZHNHlxBwwj0O+oLvDgwCgYIKoZIzj0EAwIwZjEL
+MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG
+cmFuY2lzY28xFDASBgNVBAoTC09yZzItY2hpbGQyMRQwEgYDVQQDEwtPcmcyLWNo
+aWxkMjAeFw0xNjEyMTkxMjE0NTRaFw0yNjEyMTcxMjE0NTRaMGwxCzAJBgNVBAYT
+AlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv
+MRwwGgYDVQQKExNPcmcyLWNoaWxkMi1zZXJ2ZXIxMRIwEAYDVQQDEwlsb2NhbGhv
+c3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ99kgzTO4+aYTsusHq4SkVUIOv
+z1iuu7Ih9jjJ9w1fDUJRaNtK0mziuGx3ashOr52U5eygW2wAKPxzXLbgNIoeozUw
+MzAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/
+BAIwADAKBggqhkjOPQQDAgNHADBEAiAntC9AjmhkWLM/pcTCxG3lBbJRh0a+/1es
+rHPt6wCKvwIgTYFbnpcs++ltzOXlvqbLgjdFZhVC6hfbr1oOOPAkjk8=
+-----END CERTIFICATE-----
diff --git a/core/comm/testdata/certs/Org2-child2-server1-key.pem b/core/comm/testdata/certs/Org2-child2-server1-key.pem
new file mode 100644
index 00000000000..a2bb2df27fe
--- /dev/null
+++ b/core/comm/testdata/certs/Org2-child2-server1-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIPlKAnYcpH0badLFRtc3Y8wjgwPvLo/+GH1ACmFU09WkoAoGCCqGSM49
+AwEHoUQDQgAEPfZIM0zuPmmE7LrB6uEpFVCDr89YrruyIfY4yfcNXw1CUWjbStJs
+4rhsd2rITq+dlOXsoFtsACj8c1y24DSKHg==
+-----END EC PRIVATE KEY-----
diff --git a/core/comm/testdata/certs/Org2-child2-server2-cert.pem b/core/comm/testdata/certs/Org2-child2-server2-cert.pem
new file mode 100644
index 00000000000..443fae973a5
--- /dev/null
+++ b/core/comm/testdata/certs/Org2-child2-server2-cert.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICBjCCAaygAwIBAgIRAMxH8hUzdCWho/mj/1WvNvUwCgYIKoZIzj0EAwIwZjEL
+MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG
+cmFuY2lzY28xFDASBgNVBAoTC09yZzItY2hpbGQyMRQwEgYDVQQDEwtPcmcyLWNo
+aWxkMjAeFw0xNjEyMTkxMjE0NTRaFw0yNjEyMTcxMjE0NTRaMGwxCzAJBgNVBAYT
+AlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv
+MRwwGgYDVQQKExNPcmcyLWNoaWxkMi1zZXJ2ZXIyMRIwEAYDVQQDEwlsb2NhbGhv
+c3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATbhgL9n7kToWxjFDxtxQaud5d4
+7n6E9MEifMS9xj+st5UgksjPIgAsnpIAlLL9ZmEe7498H/QTmidPGjKoia7eozUw
+MzAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/
+BAIwADAKBggqhkjOPQQDAgNIADBFAiEAzYlyKcERrMTFt8NvTKkR1yX2yPTlHQAw
+cBJgeUMo7l0CICWIS/NIOn9ug5Y6i2UXa/rWMNe/Gmn1p/G4R78JDYEb
+-----END CERTIFICATE-----
diff --git a/core/comm/testdata/certs/Org2-child2-server2-key.pem b/core/comm/testdata/certs/Org2-child2-server2-key.pem
new file mode 100644
index 00000000000..cb9757342e8
--- /dev/null
+++ b/core/comm/testdata/certs/Org2-child2-server2-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIHfG7CKcTs7GZQiO+QB/OJLf7TjKQ9KbIJEXQ/0ONiJmoAoGCCqGSM49
+AwEHoUQDQgAE24YC/Z+5E6FsYxQ8bcUGrneXeO5+hPTBInzEvcY/rLeVIJLIzyIA
+LJ6SAJSy/WZhHu+PfB/0E5onTxoyqImu3g==
+-----END EC PRIVATE KEY-----
diff --git a/core/comm/testdata/certs/Org2-client1-cert.pem b/core/comm/testdata/certs/Org2-client1-cert.pem
new file mode 100644
index 00000000000..5ee903b0f8b
--- /dev/null
+++ b/core/comm/testdata/certs/Org2-client1-cert.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB9DCCAZmgAwIBAgIQP2/1g08YqjCiGVEtwyht+zAKBggqhkjOPQQDAjBYMQsw
+CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
+YW5jaXNjbzENMAsGA1UEChMET3JnMjENMAsGA1UEAxMET3JnMjAeFw0xNjEyMTkx
+MjE0NTRaFw0yNjEyMTcxMjE0NTRaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpD
+YWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxPcmcy
+LWNsaWVudDExFTATBgNVBAMTDE9yZzItY2xpZW50MTBZMBMGByqGSM49AgEGCCqG
+SM49AwEHA0IABDbvz0bK6Fhw+3rJQXnJBxCZcYZcIzUwwQDWi5S4OFHFtglecJHn
+fK0AGJI/GY8goUBieQiTo4tTckV8RyCMoqijNTAzMA4GA1UdDwEB/wQEAwIFoDAT
+BgNVHSUEDDAKBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMAoGCCqGSM49BAMCA0kA
+MEYCIQC4Mg/8csSuKu8RHyIJL1WrPhOLPEp6uIQbSSvDu1+nBwIhANLq2V2GTgJV
+OAkd82Y1rc6ROlTbedMbClKkii+WkYT0
+-----END CERTIFICATE-----
diff --git a/core/comm/testdata/certs/Org2-client1-key.pem b/core/comm/testdata/certs/Org2-client1-key.pem
new file mode 100644
index 00000000000..a6142926877
--- /dev/null
+++ b/core/comm/testdata/certs/Org2-client1-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIBROzGMJj51KFslcjt920XosuD9KCIbS1W22WIk6ysRKoAoGCCqGSM49
+AwEHoUQDQgAENu/PRsroWHD7eslBeckHEJlxhlwjNTDBANaLlLg4UcW2CV5wked8
+rQAYkj8ZjyChQGJ5CJOji1NyRXxHIIyiqA==
+-----END EC PRIVATE KEY-----
diff --git a/core/comm/testdata/certs/Org2-client2-cert.pem b/core/comm/testdata/certs/Org2-client2-cert.pem
new file mode 100644
index 00000000000..48d5576a6ef
--- /dev/null
+++ b/core/comm/testdata/certs/Org2-client2-cert.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB9TCCAZqgAwIBAgIRAJWM/TSDgXPN5np+9Y7m1UcwCgYIKoZIzj0EAwIwWDEL
+MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG
+cmFuY2lzY28xDTALBgNVBAoTBE9yZzIxDTALBgNVBAMTBE9yZzIwHhcNMTYxMjE5
+MTIxNDU0WhcNMjYxMjE3MTIxNDU0WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECBMK
+Q2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEVMBMGA1UEChMMT3Jn
+Mi1jbGllbnQyMRUwEwYDVQQDEwxPcmcyLWNsaWVudDIwWTATBgcqhkjOPQIBBggq
+hkjOPQMBBwNCAAT3/hAt4sVEDqGih2ScmZ7hDzCRKUdl+UL3puV721IzHIoKIDGM
+ErmiI0yYSAzNyDHLpE3t5l7ncblc3YdAtwceozUwMzAOBgNVHQ8BAf8EBAMCBaAw
+EwYDVR0lBAwwCgYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAKBggqhkjOPQQDAgNJ
+ADBGAiEAiLgw2CKJfiBa5HlJMOgkZkqk9b+caOi0U9PP7KqXphgCIQDglAjK81/H
+Q2LtNs/g/e5Jvyp4X86tI7MS6V001gZAQQ==
+-----END CERTIFICATE-----
diff --git a/core/comm/testdata/certs/Org2-client2-key.pem b/core/comm/testdata/certs/Org2-client2-key.pem
new file mode 100644
index 00000000000..7db97c28aa1
--- /dev/null
+++ b/core/comm/testdata/certs/Org2-client2-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIJpC0Vbjyg+IEGdWuNkR9hlRLktCON3uOUESr+HjANNNoAoGCCqGSM49
+AwEHoUQDQgAE9/4QLeLFRA6hoodknJme4Q8wkSlHZflC96ble9tSMxyKCiAxjBK5
+oiNMmEgMzcgxy6RN7eZe53G5XN2HQLcHHg==
+-----END EC PRIVATE KEY-----
diff --git a/core/comm/testdata/certs/Org2-key.pem b/core/comm/testdata/certs/Org2-key.pem
new file mode 100644
index 00000000000..7486a1b7b0a
--- /dev/null
+++ b/core/comm/testdata/certs/Org2-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIOZ10kuyfXpUJUfmC7b8XGfq0kbZm1OOkk+L8+Br5NN0oAoGCCqGSM49
+AwEHoUQDQgAEWBfMhKxE6hvSqbh5KPCbE/flj4AQkLmwPpCPV0aJrs5ZkUw9yPv6
+EKdaUZpj2Z/zlsa73xiIMqDGhwDZN96L5w==
+-----END EC PRIVATE KEY-----
diff --git a/core/comm/testdata/certs/Org2-server1-cert.pem b/core/comm/testdata/certs/Org2-server1-cert.pem
new file mode 100644
index 00000000000..97ea44bad16
--- /dev/null
+++ b/core/comm/testdata/certs/Org2-server1-cert.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB8TCCAZagAwIBAgIQRbbpn6Zgh49VP4U8QnORuDAKBggqhkjOPQQDAjBYMQsw
+CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
+YW5jaXNjbzENMAsGA1UEChMET3JnMjENMAsGA1UEAxMET3JnMjAeFw0xNjEyMTkx
+MjE0NTRaFw0yNjEyMTcxMjE0NTRaMGUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpD
+YWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxPcmcy
+LXNlcnZlcjExEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49
+AwEHA0IABMkPclExa0eZt5X16Z7jlfIBajSiZTijffRmBhfSh/8RidkawdcBW63u
+L6lvgfS1JlA0vqJ30iTpylfgAPSyrOyjNTAzMA4GA1UdDwEB/wQEAwIFoDATBgNV
+HSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMAoGCCqGSM49BAMCA0kAMEYC
+IQDo5jtvXR4N9gYriCRB2XwNSIzrf9Dyqfxlt47zB3XlZgIhAJSUekvDfT86kdFx
+bOWoqS07mW7OVoybCPKWV10uFi2Q
+-----END CERTIFICATE-----
diff --git a/core/comm/testdata/certs/Org2-server1-key.pem b/core/comm/testdata/certs/Org2-server1-key.pem
new file mode 100644
index 00000000000..192704f681d
--- /dev/null
+++ b/core/comm/testdata/certs/Org2-server1-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIHmesxAYlOC7dp6s8FgDFc6iQUgMPWjgi6HOKqZ1xUoUoAoGCCqGSM49
+AwEHoUQDQgAEyQ9yUTFrR5m3lfXpnuOV8gFqNKJlOKN99GYGF9KH/xGJ2RrB1wFb
+re4vqW+B9LUmUDS+onfSJOnKV+AA9LKs7A==
+-----END EC PRIVATE KEY-----
diff --git a/core/comm/testdata/certs/Org2-server2-cert.pem b/core/comm/testdata/certs/Org2-server2-cert.pem
new file mode 100644
index 00000000000..9b7b9543644
--- /dev/null
+++ b/core/comm/testdata/certs/Org2-server2-cert.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB8DCCAZagAwIBAgIQdgziayuxo4VbtGQ49h+bIjAKBggqhkjOPQQDAjBYMQsw
+CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
+YW5jaXNjbzENMAsGA1UEChMET3JnMjENMAsGA1UEAxMET3JnMjAeFw0xNjEyMTkx
+MjE0NTRaFw0yNjEyMTcxMjE0NTRaMGUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpD
+YWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxPcmcy
+LXNlcnZlcjIxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49
+AwEHA0IABADyRBbCdj9ufF+YS+jhmlsX+D1VJNzWdjdtea0POyI+/f6SThPv4O4r
+eFyOHdKKll+tDmd7QNFeI+Foif0Xcj+jNTAzMA4GA1UdDwEB/wQEAwIFoDATBgNV
+HSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMAoGCCqGSM49BAMCA0gAMEUC
+IQDnX6sxUFk+/voAZ+m5ALnaN12p1XDvix5P91Re8qdekAIgZcz/xS4GAMjIYK1R
+UAe3NUthAWpMbEmEaFwn4+34yc0=
+-----END CERTIFICATE-----
diff --git a/core/comm/testdata/certs/Org2-server2-key.pem b/core/comm/testdata/certs/Org2-server2-key.pem
new file mode 100644
index 00000000000..8abd6568ca8
--- /dev/null
+++ b/core/comm/testdata/certs/Org2-server2-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEILTvnblj0jxAnpE7jbUo5bXeDw6iiRdAAWWyXg5RBTZ9oAoGCCqGSM49
+AwEHoUQDQgAEAPJEFsJ2P258X5hL6OGaWxf4PVUk3NZ2N215rQ87Ij79/pJOE+/g
+7it4XI4d0oqWX60OZ3tA0V4j4WiJ/RdyPw==
+-----END EC PRIVATE KEY-----
diff --git a/core/comm/testdata/certs/generate.go b/core/comm/testdata/certs/generate.go
new file mode 100644
index 00000000000..82edfd1dcd8
--- /dev/null
+++ b/core/comm/testdata/certs/generate.go
@@ -0,0 +1,299 @@
+/*
+Copyright IBM Corp. 2016 All Rights Reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+		 http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// +build ignore
+
+//go:generate -command gencerts go run $GOPATH/src/github.com/hyperledger/fabric/core/comm/testdata/certs/generate.go
+//go:generate gencerts -orgs 2 -child-orgs 2 -servers 2 -clients 1
+
+package main
+
+import (
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/rand"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/pem"
+	"flag"
+	"fmt"
+	"math/big"
+	"os"
+	"time"
+)
+
+//command line flags
+var (
+	numOrgs        = flag.Int("orgs", 2, "number of unique organizations")
+	numChildOrgs   = flag.Int("child-orgs", 2, "number of intermediaries per organization")
+	numClientCerts = flag.Int("clients", 1, "number of client certificates per organization")
+	numServerCerts = flag.Int("servers", 1, "number of server certificates per organization")
+)
+
+//default template for X509 subject
+func subjectTemplate() pkix.Name {
+	return pkix.Name{
+		Country:  []string{"US"},
+		Locality: []string{"San Francisco"},
+		Province: []string{"California"},
+	}
+}
+
+//default template for X509 certificates
+func x509Template() (x509.Certificate, error) {
+
+	//generate a serial number
+	serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
+	serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
+	if err != nil {
+		return x509.Certificate{}, err
+	}
+
+	now := time.Now()
+	//basic template to use
+	x509 := x509.Certificate{
+		SerialNumber:          serialNumber,
+		NotBefore:             now,
+		NotAfter:              now.Add(3650 * 24 * time.Hour), //~ten years
+		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
+		BasicConstraintsValid: true,
+	}
+	return x509, nil
+
+}
+
+//generate an EC private key (P256 curve)
+func genKeyECDSA(name string) (*ecdsa.PrivateKey, error) {
+	priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	if err != nil {
+		return nil, err
+	}
+	//write key out to file
+	keyBytes, err := x509.MarshalECPrivateKey(priv)
+	keyFile, err := os.OpenFile(name+"-key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
+	if err != nil {
+		return nil, err
+	}
+	pem.Encode(keyFile, &pem.Block{Type: "EC PRIVATE KEY", Bytes: keyBytes})
+	keyFile.Close()
+	return priv, nil
+}
+
+//generate a signed X509 certficate using ECDSA
+func genCertificateECDSA(name string, template, parent *x509.Certificate, pub *ecdsa.PublicKey,
+	priv *ecdsa.PrivateKey) (*x509.Certificate, error) {
+
+	//create the x509 public cert
+	certBytes, err := x509.CreateCertificate(rand.Reader, template, parent, pub, priv)
+	if err != nil {
+		return nil, err
+	}
+
+	//write cert out to file
+	certFile, err := os.Create(name + "-cert.pem")
+	if err != nil {
+		return nil, err
+	}
+	//pem encode the cert
+	pem.Encode(certFile, &pem.Block{Type: "CERTIFICATE", Bytes: certBytes})
+	certFile.Close()
+
+	x509Cert, err := x509.ParseCertificate(certBytes)
+	if err != nil {
+		return nil, err
+	}
+	return x509Cert, nil
+}
+
+//generate an EC certificate appropriate for use by a TLS server
+func genServerCertificateECDSA(name string, signKey *ecdsa.PrivateKey, signCert *x509.Certificate) error {
+	fmt.Println(name)
+	key, err := genKeyECDSA(name)
+	template, err := x509Template()
+
+	if err != nil {
+		return err
+	}
+
+	template.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}
+
+	//set the organization for the subject
+	subject := subjectTemplate()
+	subject.Organization = []string{name}
+	subject.CommonName = "localhost" //hardcode to localhost for hostname verification
+
+	template.Subject = subject
+
+	_, err = genCertificateECDSA(name, &template, signCert, &key.PublicKey, signKey)
+
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+//generate an EC certificate appropriate for use by a TLS server
+func genClientCertificateECDSA(name string, signKey *ecdsa.PrivateKey, signCert *x509.Certificate) error {
+	fmt.Println(name)
+	key, err := genKeyECDSA(name)
+	template, err := x509Template()
+
+	if err != nil {
+		return err
+	}
+
+	template.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}
+
+	//set the organization for the subject
+	subject := subjectTemplate()
+	subject.Organization = []string{name}
+	subject.CommonName = name
+
+	template.Subject = subject
+
+	_, err = genCertificateECDSA(name, &template, signCert, &key.PublicKey, signKey)
+
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+//generate an EC certificate signing(CA) key pair and output as PEM-encoded files
+func genCertificateAuthorityECDSA(name string) (*ecdsa.PrivateKey, *x509.Certificate, error) {
+
+	key, err := genKeyECDSA(name)
+	template, err := x509Template()
+
+	if err != nil {
+		return nil, nil, err
+	}
+
+	//this is a CA
+	template.IsCA = true
+	template.KeyUsage |= x509.KeyUsageCertSign | x509.KeyUsageCRLSign
+	template.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}
+
+	//set the organization for the subject
+	subject := subjectTemplate()
+	subject.Organization = []string{name}
+	subject.CommonName = name
+
+	template.Subject = subject
+
+	x509Cert, err := genCertificateECDSA(name, &template, &template, &key.PublicKey, key)
+
+	if err != nil {
+		return nil, nil, err
+	}
+	return key, x509Cert, nil
+}
+
+//generate an EC certificate appropriate for use by a TLS server
+func genIntermediateCertificateAuthorityECDSA(name string, signKey *ecdsa.PrivateKey,
+	signCert *x509.Certificate) (*ecdsa.PrivateKey, *x509.Certificate, error) {
+
+	fmt.Println(name)
+	key, err := genKeyECDSA(name)
+	template, err := x509Template()
+
+	if err != nil {
+		return nil, nil, err
+	}
+
+	//this is a CA
+	template.IsCA = true
+	template.KeyUsage |= x509.KeyUsageCertSign | x509.KeyUsageCRLSign
+	template.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}
+
+	//set the organization for the subject
+	subject := subjectTemplate()
+	subject.Organization = []string{name}
+	subject.CommonName = name
+
+	template.Subject = subject
+
+	x509Cert, err := genCertificateECDSA(name, &template, signCert, &key.PublicKey, signKey)
+
+	if err != nil {
+		return nil, nil, err
+	}
+	return key, x509Cert, nil
+}
+
+func main() {
+
+	//parse the command line flags
+	flag.Parse()
+
+	fmt.Printf("Generating %d organizations each with %d server(s) and %d client(s)\n",
+		*numOrgs, *numServerCerts, *numClientCerts)
+
+	baseOrgName := "Org"
+	//generate orgs / CAs
+	for i := 1; i <= *numOrgs; i++ {
+		signKey, signCert, err := genCertificateAuthorityECDSA(fmt.Sprintf(baseOrgName+"%d", i))
+		if err != nil {
+			fmt.Printf("error generating CA %s%d : %s\n", baseOrgName, i, err.Error())
+		}
+		//generate server certificates for the org
+		for j := 1; j <= *numServerCerts; j++ {
+			err := genServerCertificateECDSA(fmt.Sprintf(baseOrgName+"%d-server%d", i, j), signKey, signCert)
+			if err != nil {
+				fmt.Printf("error generating server certificate for %s%d-server%d : %s\n",
+					baseOrgName, i, j, err.Error())
+			}
+		}
+		//generate client certificates for the org
+		for k := 1; k <= *numServerCerts; k++ {
+			err := genClientCertificateECDSA(fmt.Sprintf(baseOrgName+"%d-client%d", i, k), signKey, signCert)
+			if err != nil {
+				fmt.Printf("error generating client certificate for %s%d-client%d : %s\n",
+					baseOrgName, i, k, err.Error())
+			}
+		}
+		//generate child orgs (intermediary authorities)
+		for m := 1; m <= *numChildOrgs; m++ {
+			childSignKey, childSignCert, err := genIntermediateCertificateAuthorityECDSA(
+				fmt.Sprintf(baseOrgName+"%d-child%d", i, m), signKey, signCert)
+			if err != nil {
+				fmt.Printf("error generating CA %s%d-child%d : %s\n",
+					baseOrgName, i, m, err.Error())
+			}
+			//generate server certificates for the child org
+			for n := 1; n <= *numServerCerts; n++ {
+				err := genServerCertificateECDSA(fmt.Sprintf(baseOrgName+"%d-child%d-server%d", i, m, n),
+					childSignKey, childSignCert)
+				if err != nil {
+					fmt.Printf("error generating server certificate for %s%d-child%d-server%d : %s\n",
+						baseOrgName, i, m, n, err.Error())
+				}
+			}
+			//generate client certificates for the child org
+			for p := 1; p <= *numClientCerts; p++ {
+				err := genServerCertificateECDSA(fmt.Sprintf(baseOrgName+"%d-child%d-client%d", i, m, p),
+					childSignKey, childSignCert)
+				if err != nil {
+					fmt.Printf("error generating server certificate for %s%d-child%d-client%d : %s\n",
+						baseOrgName, i, m, p, err.Error())
+				}
+			}
+		}
+	}
+
+}