Implementations of the present disclosure include generating, by a consensus node, a certificate signing request (CSR); sending the CSR to a first certificate authority (CA); receiving a first public key certificate of the consensus node from the first CA, and a first one or more public key certificates issued by a first one or more CAs. The consensus nodes also sends the CSR to a second CA, receives a second public key certificate of the consensus node from the second CA, and a second one or more public key certificates issued by a second one or more CAs. The consensus node further configures a first truststore including the first public key certificate and the first one or more public key certificates, and a second truststore including the second public key certificate and the second one or more public key certificates.