Title: fabric CA details
date: 2021-04-15 14:30:23
categories:
- Hyperledger Fabric
tags: - Hyperledger Fabric
- fabric-ca
MSP
msp definition
msp is a module component of hyperleger fabric for identity management and authentication of members in the network.
effect:
Manage user ID
Verify the node you want to join the network
Provide vouchers for transactions initiated by customers
Network MSP: manage members in the entire hyperledger fabric network; Define the MSP of the participating organization and which members of the organization are authorized to perform administrative tasks (such as creating channels)
Channel MSP: manages members in a channel
Peer MSP: each peer node has a separate MSP instance that performs exactly the same functions as the channel MSP
Orderer MSP: same as Peer MSP
User MSP: each Organization can have multiple different users, which are defined on the file system of its Organization node. It is only applicable to the Peer node that defines it.
Four key elements of PKI:
Digital certificate: the most common certificate type is the certificate conforming to the X.509 standard.
Public and private keys:
Certification authority: these certificates are digitally signed by CA, which is the basis for providing verifiable digital identity for participants in the organization.
Certificate revocation list:
Fabric-ca
Fabric CA project is an open source project launched specifically to solve the problem of fabric account. It perfectly solves the problem of fabric account generation. The fabric CA project consists of two modules: fabric server and fabric client. Among them, fabric server plays a very important role in fabric. We can use the cryptogen command to generate some account information with the configuration file, but if there is a need to dynamically add an account, it cannot be met. Therefore, we should introduce fabric Ca into the project at this time.
In the figure above, Fabric CA provides two access methods to call Server services
- Call via fabric client
- Call through SDK (node.js, java, go)
Usually, an organization corresponds to a fabric server,
- To deploy a fabric CA server in each organization, register new users for the current organization
- The Hyperledger fabric CA client or SDK can be connected to the Hyperledger fabric CA server cluster, which is load balanced by HA Proxy, etc.
- The server may contain multiple CAS. Each CA is a root CA or an intermediate Ca, and each intermediate CA has a parent ca.
Initialize ca
-
Determine the home directory of the hyperleger fabric CA server
- Check the command line. If there is - home, use the value of - home as the main directory
- Check FABRIC_CA_SERVER_CA_HOME
- Check FABRIC_CA_HOME
- Check CA_CFG_PATH
- Otherwise, use the current working directory as the server-side home directory
-
Initialize hyperledger fabric ca
Fabric CA server init - B admin: pass / / initialization command
After executing the command, the following files are generated:
- fabric-ca-server-config.yaml: default profile
- Ca-cert.pem: CA certificate file in PEM format, self signed;
- fabric-ca-server.db: SQLite3 database for storing data;
- map/keystore /: the private key file storing the personal identity under the path, corresponding to the signature certificate;
-
Quick start ca
Fabric CA server start - B admin: pass if not initialized, the startup process will be initialized automatically
Hyperledger fabric ca client commands
Five subcommands
These commands are executed through the RESTful interface of the server
enroll: register to get ECert
Register: register users
getcainfo: get the certificate chain of CA service
reenroll: re register
Revoke: revoke the issued certificate identity
Version: Hyperledger fabric CA client version information
ca configuration in docker compose file
ca.org1.example.com: //server name
image: hyperledger/fabric-ca:1.4.9 //Fabric CA image file
container_name: ca.org1.example.com
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server //home directory in fabric CA container
- FABRIC_CA_SERVER_CA_NAME=ca.org1.example.com //The server name starts by itself
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem //Specify which organization the current fabric CA belongs to
- FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/priv_sk //Private key
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem //Override cert.pem settings in the configuration file:
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/priv_sk
ports:
- 7054:7054 //Port bound by fabric CA server
command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
volumes: //User name: password
- ./crypto-config/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
networks:
- test
fabric-ca-client enroll -u https://admin:pass@ca.org1.example.com:7054 --tls.certfiles /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
hyperledger fabric CA practice
1. Initialization
2. Start the fabric CA service
Neither of these operations should be started for you ca.org1.example.com The container has been made
ports:
- 7054:7054 //Port bound by fabric CA server
command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
volumes: //User name: password
Remember this password
3. Configuration database
I use it by default, and others will be used and learned later, so I don't care about this one
4. Configure LDAP
Don't worry about this for the time being. It hasn't been used yet
5. Practical CA client commands
Registered user
$docker exec -it ca.org1.example.com bash //Enter container terminal $export PATH=$PATH:$GOPATH/bin $export FABRIC_CA_CLIENT_HOME=$HOME/fabric-ca/clients/admin $fabric-ca-client enroll -u https://admin:adminpw@ca.org1.example.com:7054 --tls.certfiles /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
If successful, the following results will appear: if unsuccessful, it will be solved by itself
2021/04/17 09:44:54 [INFO] Created a default configuration file at /root/fabric-ca/clients/admin/fabric-ca-client-config.yaml
2021/04/17 09:44:54 [INFO] TLS Enabled
2021/04/17 09:44:54 [INFO] generating key: &{A:ecdsa S:256}
2021/04/17 09:44:54 [INFO] encoded CSR
2021/04/17 09:44:54 [INFO] Stored client certificate at /root/fabric-ca/clients/admin/msp/signcerts/cert.pem
2021/04/17 09:44:54 [INFO] Stored root CA certificate at /root/fabric-ca/clients/admin/msp/cacerts/ca-org1-example-com-7054.pem
2021/04/17 09:44:54 [INFO] Stored Issuer public key at /root/fabric-ca/clients/admin/msp/IssuerPublicKey
2021/04/17 09:44:54 [INFO] Stored Issuer revocation public key at /root/fabric-ca/clients/admin/msp/IssuerRevocationPublicKey
Registered user
It's useless for the time being. I'll supplement it later
Registration node
$export FABRIC_CA_CLIENT_HOME=$HOME/fabric-ca/clients/admin $fabric-ca-client register --id.name peer1.org1.example.com --id.type peer --id.affiliation org1.department1 --id.secret peer1pw --tls.certfiles /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
If successful: is displayed 2021/04/17 09:53:56 [INFO] Configuration file location: /root/fabric-ca/clients/admin/fabric-ca-client-config.yaml 2021/04/17 09:53:56 [INFO] TLS Enabled 2021/04/17 09:53:56 [INFO] TLS Enabled Password: peer2pw
Registration node
$export FABRIC_CA_CLIENT_HOME=$HOME/fabric-ca/clients/peer1.org1.example.com $fabric-ca-client enroll -u https://peer1.org1.example.com:peer1pw@ca.org1.example.com:7054 -M $FABRIC_CA_CLIENT_HOME/msp --tls.certfiles /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
If successful:
2021/04/17 09:59:05 [INFO] TLS Enabled
2021/04/17 09:59:05 [INFO] generating key: &{A:ecdsa S:256}
2021/04/17 09:59:05 [INFO] encoded CSR
2021/04/17 09:59:05 [INFO] Stored client certificate at /root/fabric-ca/clients/peer2.org1.example.com/msp/signcerts/cert.pem
2021/04/17 09:59:05 [INFO] Stored root CA certificate at /root/fabric-ca/clients/peer2.org1.example.com/msp/cacerts/ca-org1-example-com-7054.pem
2021/04/17 09:59:05 [INFO] Stored Issuer public key at /root/fabric-ca/clients/peer2.org1.example.com/msp/IssuerPublicKey
2021/04/17 09:59:05 [INFO] Stored Issuer revocation public key at /root/fabric-ca/clients/peer2.org1.example.com/msp/IssuerRevocationPublicKey
Register administrator for TLS CA
$docker exec -it ca.org1.example.com bash //Enter container terminal $export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/tls-ca/crypto/tls-ca-cert.pem $export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/tls-ca/admin $fabric-ca-client enroll -d -u https://admin:adminpw@ca.org1.example.com:7054 --tls.certfiles /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
Display on the terminal after success
2021/04/28 08:50:50 [DEBUG] Set log level:
2021/04/28 08:50:50 [DEBUG] Home directory: /etc/hyperledger/fabric-ca-server
2021/04/28 08:50:50 [INFO] Created a default configuration file at /etc/hyperledger/fabric-ca-server/fabric-ca-client-config.yaml
2021/04/28 08:50:50 [DEBUG] Client configuration settings: &{URL:https://admin:adminpw@ca.org1.example.com:7054 MSPDir:msp TLS:{Enabled:true CertFiles:[/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem] Client:{KeyFile: CertFile:}} Enrollment:{ Name: Secret:**** CAName: AttrReqs:[] Profile: Label: CSR:<nil> Type:x509 } CSR:{CN:admin Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[18ed2407e2d5] KeyRequest:0xc00037f3c0 CA:<nil> SerialNumber:} ID:{Name: Type:client Secret: MaxEnrollments:0 Affiliation: Attributes:[] CAName:} Revoke:{Name: Serial: AKI: Reason: CAName: GenCRL:false} CAInfo:{CAName:} CAName: CSP:0xc00037ee00 Debug:true LogLevel:}
2021/04/28 08:50:50 [DEBUG] Entered runEnroll
2021/04/28 08:50:50 [DEBUG] Enrolling { Name:admin Secret:**** CAName: AttrReqs:[] Profile: Label: CSR:&{admin [{US North Carolina Hyperledger Fabric }] [18ed2407e2d5] 0xc00037f3c0 <nil> } Type:x509 }
2021/04/28 08:50:50 [DEBUG] Initializing client with config: &{URL:https://ca.org1.example.com:7054 MSPDir:msp TLS:{Enabled:true CertFiles:[/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem] Client:{KeyFile: CertFile:}} Enrollment:{ Name:admin Secret:**** CAName: AttrReqs:[] Profile: Label: CSR:&{admin [{US North Carolina Hyperledger Fabric }] [18ed2407e2d5] 0xc00037f3c0 <nil> } Type:x509 } CSR:{CN:admin Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[18ed2407e2d5] KeyRequest:0xc00037f3c0 CA:<nil> SerialNumber:} ID:{Name: Type:client Secret: MaxEnrollments:0 Affiliation: Attributes:[] CAName:} Revoke:{Name: Serial: AKI: Reason: CAName: GenCRL:false} CAInfo:{CAName:} CAName: CSP:0xc00037ee00 Debug:true LogLevel:}
2021/04/28 08:50:50 [DEBUG] Initializing BCCSP: &{ProviderName:SW SwOpts:0xc00040c480 PluginOpts:<nil>}
2021/04/28 08:50:50 [DEBUG] Initializing BCCSP with software options &{SecLevel:256 HashFamily:SHA2 Ephemeral:false FileKeystore:0xc00018d870 DummyKeystore:<nil> InmemKeystore:<nil>}
2021/04/28 08:50:50 [INFO] TLS Enabled
2021/04/28 08:50:50 [DEBUG] CA Files: [/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem]
2021/04/28 08:50:50 [DEBUG] Client Cert File:
2021/04/28 08:50:50 [DEBUG] Client Key File:
2021/04/28 08:50:50 [DEBUG] Client TLS certificate and/or key file not provided
2021/04/28 08:50:50 [DEBUG] GenCSR &{CN:admin Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[18ed2407e2d5] KeyRequest:0xc00037f3c0 CA:<nil> SerialNumber:}
2021/04/28 08:50:50 [INFO] generating key: &{A:ecdsa S:256}
2021/04/28 08:50:50 [DEBUG] generate key from request: algo=ecdsa, size=256
2021/04/28 08:50:50 [INFO] encoded CSR
2021/04/28 08:50:50 [DEBUG] Sending request
POST https://ca.org1.example.com:7054/enroll
{"hosts":["18ed2407e2d5"],"certificate_request":"-----BEGIN CERTIFICATE REQUEST-----\nMIIBQjCB6QIBADBdMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xp\nbmExFDASBgNVBAoTC0h5cGVybGVkZ2VyMQ8wDQYDVQQLEwZGYWJyaWMxDjAMBgNV\nBAMTBWFkbWluMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVY8JVsLawCBbIK0A\nj18kxycolPQwOcuRLOHAmiH0ZCkW3pJq29g2Y+FvrNAQPyePh46i5O6uBJoTeIzU\n1ZlqfaAqMCgGCSqGSIb3DQEJDjEbMBkwFwYDVR0RBBAwDoIMMThlZDI0MDdlMmQ1\nMAoGCCqGSM49BAMCA0gAMEUCIQCHB2aVKIYFY//Q/8ObCnhbtN1zy7CsccX2VdAF\nq/aGggIgYLdJeWef/Kix3dMhLRFYK7R7RRylK3ORJYhLcqrTFjE=\n-----END CERTIFICATE REQUEST-----\n","profile":"","crl_override":"","label":"","NotBefore":"0001-01-01T00:00:00Z","NotAfter":"0001-01-01T00:00:00Z","CAName":""}
2021/04/28 08:50:50 [DEBUG] Received response
statusCode=201 (201 Created)
2021/04/28 08:50:50 [DEBUG] Response body result: map[Cert:LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNXVENDQWYrZ0F3SUJBZ0lVSGRuSjZUT1VaczlDWWlhRURNWnlYZmhtcGhrd0NnWUlLb1pJemowRUF3SXcKY3pFTE1Ba0dBMVVFQmhNQ1ZWTXhFekFSQmdOVkJBZ1RDa05oYkdsbWIzSnVhV0V4RmpBVUJnTlZCQWNURFZOaApiaUJHY21GdVkybHpZMjh4R1RBWEJnTlZCQW9URUc5eVp6RXVaWGhoYlhCc1pTNWpiMjB4SERBYUJnTlZCQU1UCkUyTmhMbTl5WnpFdVpYaGhiWEJzWlM1amIyMHdIaGNOTWpFd05ESTRNRGcwTmpBd1doY05Nakl3TkRJNE1EZzEKTVRBd1dqQmRNUXN3Q1FZRFZRUUdFd0pWVXpFWE1CVUdBMVVFQ0JNT1RtOXlkR2dnUTJGeWIyeHBibUV4RkRBUwpCZ05WQkFvVEMwaDVjR1Z5YkdWa1oyVnlNUTh3RFFZRFZRUUxFd1pqYkdsbGJuUXhEakFNQmdOVkJBTVRCV0ZrCmJXbHVNRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUVWWThKVnNMYXdDQmJJSzBBajE4a3h5Y28KbFBRd09jdVJMT0hBbWlIMFpDa1czcEpxMjlnMlkrRnZyTkFRUHllUGg0Nmk1TzZ1QkpvVGVJelUxWmxxZmFPQgpoakNCZ3pBT0JnTlZIUThCQWY4RUJBTUNCNEF3REFZRFZSMFRBUUgvQkFJd0FEQWRCZ05WSFE0RUZnUVU3ODhyClZ3dHZBSDNzSnFqTTFEaG5ZVTAzMVlzd0t3WURWUjBqQkNRd0lvQWczWWRpbk4yZVE4eURpSUhRc0xOSGZCV2oKMWF2cS9MQVRoa2s1SE1qSkpac3dGd1lEVlIwUkJCQXdEb0lNTVRobFpESTBNRGRsTW1RMU1Bb0dDQ3FHU000OQpCQU1DQTBnQU1FVUNJUUQ4RVliK1FSS2dWdlZZdEE5dXFEcVlrL3VmOTlha0daLzUyVlNDNUxTVEF3SWdFNkFuCmJCcSt2QjNsOGxYTENMKzFhaktvNlhuNnZiQ2hka2VzV0pEa3pkbz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= ServerInfo:map[CAChain:LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNVVENDQWZpZ0F3SUJBZ0lSQUtBbUp0ZTR6b3F5ZFBCTFBscHBHVGN3Q2dZSUtvWkl6ajBFQXdJd2N6RUwKTUFrR0ExVUVCaE1DVlZNeEV6QVJCZ05WQkFnVENrTmhiR2xtYjNKdWFXRXhGakFVQmdOVkJBY1REVk5oYmlCRwpjbUZ1WTJselkyOHhHVEFYQmdOVkJBb1RFRzl5WnpFdVpYaGhiWEJzWlM1amIyMHhIREFhQmdOVkJBTVRFMk5oCkxtOXlaekV1WlhoaGJYQnNaUzVqYjIwd0hoY05NakV3TWpBMU1UQXpNakF3V2hjTk16RXdNakF6TVRBek1qQXcKV2pCek1Rc3dDUVlEVlFRR0V3SlZVekVUTUJFR0ExVUVDQk1LUTJGc2FXWnZjbTVwWVRFV01CUUdBMVVFQnhNTgpVMkZ1SUVaeVlXNWphWE5qYnpFWk1CY0dBMVVFQ2hNUWIzSm5NUzVsZUdGdGNHeGxMbU52YlRFY01Cb0dBMVVFCkF4TVRZMkV1YjNKbk1TNWxlR0Z0Y0d4bExtTnZiVEJaTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEEwSUEKQkRtZkpBaWpWWldCa0xLbi9ORlhUL2Y1bVQwZ1NwQVF3RTlvaE1zWlp0L2wwdkhvMXFpMmM4Z2dkTTdIQkppSQpMOGVjMG8vUVo2c3hIR0J4WG1pSXUzU2piVEJyTUE0R0ExVWREd0VCL3dRRUF3SUJwakFkQmdOVkhTVUVGakFVCkJnZ3JCZ0VGQlFjREFnWUlLd1lCQlFVSEF3RXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QXBCZ05WSFE0RUlnUWcKM1lkaW5OMmVROHlEaUlIUXNMTkhmQldqMWF2cS9MQVRoa2s1SE1qSkpac3dDZ1lJS29aSXpqMEVBd0lEUndBdwpSQUlnRnc2MzZkR0hnM3lGSU8xZVhXNXdoNjNwNzc0aUZ6VWR4TEhrakg0U0NQWUNJSGZ1Y2JHWXhkSmRwMUJWClpKUkd3QzBFTWV5VXFjYmZYcFV1akkxS2tZNzMKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= CAName:ca.org1.example.com IssuerPublicKey:CgJPVQoEUm9sZQoMRW5yb2xsbWVudElEChBSZXZvY2F0aW9uSGFuZGxlEkQKIMgw1E4Z4WSJARR04GCv3lgl8l3hX6RLTLj5c/8lxBkgEiD4L9X26aRPniH3SWAGSUZIywBdR8APC5Q6UMd4oDwrkBpECiDxWFxxb5IxT+mgQbILQ3YZHDAAnsSscNvByUAckvnutxIgw1eQ8qTmltVLyA/4gtinC5zbLiCYbKMBaKnunWI6ClMiRAogo/u/AXrC55W1Gkohgj6JrSpNCLrth5O7a2GAaj0+0ooSIE5xmdTV6EEcMrAkRQ4Hjq1JAn27N5zyQcJ5gZ13w+YIIkQKIJ1JPUC+iH74r8xqWeAL0ieAduLXYYd7LOJj4unYepH+EiCfSn7tCRDj/ofAVam/jGJqd8wjK1hmPbyJG0BvV1+F8CJECiDRi11o96kTqYgeQQUeuPWDT24S9r2J2Lutfc8s9L6lmBIgrqS8o6CPoVWTq4obqBxQZ1LeLPHpfTK0lR8vi9rmk1MiRAognknvm1L2etcNrcJHK9IrDlC0qzs8UC1ha/Xm/jLSEg0SIMPSZZHUjM8xYcBN72GIFTD4QF6CVFnzJfakXMbPwigJKogBCiDpbe0h96TE30xCH6cnbkY1sZent9Srz6h52MS96qogfRIgDROHC88L/71g+5eJlaC3GwzNCResxzHRVF8zanslRN4aIGsOhtun32eqvHYQgOKpWYxR6FUKt7PvQRj80+DMzWqYIiDTab3Wrr5OsJqFcUeIBTQkm6kSITPO1Qb7fE13cCni7TJECiCSijrzATGkfSnI9ozDUfbhVZX+KOsLKiCMvgpLp6VomBIgroOBa/9M5C/Oxjaee/hUNvMun5K9ekBazBAEwbg4+lY6RAogKNY56fu1lhSP6cz54CeB6N/0RGMHW/7zdmkXNj7LNlwSIM+ourO94xrXU4c5z3tzfrKkdjo2Idl0Wf5tPcweNRqOQiAKbR1SLLsJZDFdV22qSwGeqpAKRDD0NyKuaebhOAm210ogDCsGYwpymg6Fj9ITaRwFfxY0W9/WX8lxw+jVVSvU8dNSIMiWEigoXf9B8vLPsF9w0YYjq6g4Ug6iMfr4dfeP0kyX IssuerRevocationPublicKey:LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUhZd0VBWUhLb1pJemowQ0FRWUZLNEVFQUNJRFlnQUVpd2F0MXJSTDRlM0xSZVAyZ0x2RGRtZ3JqZmtKSGFSTApaSEZLKzVXTExKVndmNFJ3SFJzN0hlUUljemEzams0bFAvS1lOVUtKSjFEV0UwT2VyeTljdzlOUnpQM3oxb2wxCktTQ2ExWmEydDJ1VmY0VURIYVhPUVBwd2dySXNMZ2pCCi0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo= Version:]]
2021/04/28 08:50:50 [DEBUG] newEnrollmentResponse admin
2021/04/28 08:50:50 [INFO] Stored client certificate at /etc/hyperledger/fabric-ca-server/msp/signcerts/cert.pem
2021/04/28 08:50:50 [INFO] Stored root CA certificate at /etc/hyperledger/fabric-ca-server/msp/cacerts/ca-org1-example-com-7054.pem
2021/04/28 08:50:50 [INFO] Stored Issuer public key at /etc/hyperledger/fabric-ca-server/msp/IssuerPublicKey
2021/04/28 08:50:50 [INFO] Stored Issuer revocation public key at /etc/hyperledger/fabric-ca-server/msp/IssuerRevocationPublicKey
//fabric-ca-client register -d --id.name peer1-org1 --id.secret peer1PW --id.type peer -u https://0.0.0.0:7052 $fabric-ca-client register -d --id.name peer2.org1.example.com --id.secret peer2PW --id.type peer -u https://ca.org1.example.com:7054 --tls.certfiles /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem //fabric-ca-client register -d --id.name peer1-org2 --id.secret peer1PW --id.type peer -u https://0.0.0.0:7052 //fabric-ca-client register -d --id.name peer2-org2 --id.secret peer2PW --id.type peer -u https://0.0.0.0:7052 //fabric-ca-client register -d --id.name orderer1-org0 --id.secret ordererPW --id.type orderer -u https://0.0.0.0:7052
Display on the terminal after success
2021/04/28 08:55:25 [DEBUG] Set log level:
2021/04/28 08:55:25 [DEBUG] Home directory: /etc/hyperledger/fabric-ca-server
2021/04/28 08:55:25 [INFO] Configuration file location: /etc/hyperledger/fabric-ca-server/fabric-ca-client-config.yaml
2021/04/28 08:55:25 [DEBUG] Checking for enrollment
2021/04/28 08:55:25 [DEBUG] Initializing client with config: &{URL:https://ca.org1.example.com:7054 MSPDir:msp TLS:{Enabled:true CertFiles:[/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem] Client:{KeyFile: CertFile:}} Enrollment:{ Name: Secret:**** CAName: AttrReqs:[] Profile: Label: CSR:<nil> Type:x509 } CSR:{CN:admin Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[18ed2407e2d5] KeyRequest:0xc000451920 CA:<nil> SerialNumber:} ID:{Name:peer2.org1.example.com Type:peer Secret:peer2PW MaxEnrollments:0 Affiliation: Attributes:[] CAName:} Revoke:{Name: Serial: AKI: Reason: CAName: GenCRL:false} CAInfo:{CAName:} CAName: CSP:0xc000451cc0 Debug:true LogLevel:}
2021/04/28 08:55:25 [DEBUG] Initializing BCCSP: &{ProviderName:SW SwOpts:0xc0003f2300 PluginOpts:<nil>}
2021/04/28 08:55:25 [DEBUG] Initializing BCCSP with software options &{SecLevel:256 HashFamily:SHA2 Ephemeral:false FileKeystore:0xc000169050 DummyKeystore:<nil> InmemKeystore:<nil>}
2021/04/28 08:55:25 [INFO] TLS Enabled
2021/04/28 08:55:25 [DEBUG] CA Files: [/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem]
2021/04/28 08:55:25 [DEBUG] Client Cert File:
2021/04/28 08:55:25 [DEBUG] Client Key File:
2021/04/28 08:55:25 [DEBUG] Client TLS certificate and/or key file not provided
2021/04/28 08:55:25 [DEBUG] CheckIdemixEnrollment - ipkFile: /etc/hyperledger/fabric-ca-server/msp/IssuerPublicKey, idemixCredFrile: /etc/hyperledger/fabric-ca-server/msp/user/SignerConfig
2021/04/28 08:55:25 [DEBUG] Client configuration settings: &{URL:https://ca.org1.example.com:7054 MSPDir:/etc/hyperledger/fabric-ca-server/msp TLS:{Enabled:true CertFiles:[/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem] Client:{KeyFile: CertFile:}} Enrollment:{ Name: Secret:**** CAName: AttrReqs:[] Profile: Label: CSR:<nil> Type:x509 } CSR:{CN:admin Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[18ed2407e2d5] KeyRequest:0xc000451920 CA:<nil> SerialNumber:} ID:{Name:peer2.org1.example.com Type:peer Secret:peer2PW MaxEnrollments:0 Affiliation: Attributes:[] CAName:} Revoke:{Name: Serial: AKI: Reason: CAName: GenCRL:false} CAInfo:{CAName:} CAName: CSP:0xc000451cc0 Debug:true LogLevel:}
2021/04/28 08:55:25 [DEBUG] Entered runRegister
2021/04/28 08:55:25 [DEBUG] Initializing client with config: &{URL:https://ca.org1.example.com:7054 MSPDir:/etc/hyperledger/fabric-ca-server/msp TLS:{Enabled:true CertFiles:[/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem] Client:{KeyFile: CertFile:}} Enrollment:{ Name: Secret:**** CAName: AttrReqs:[] Profile: Label: CSR:<nil> Type:x509 } CSR:{CN:admin Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[18ed2407e2d5] KeyRequest:0xc000451920 CA:<nil> SerialNumber:} ID:{Name:peer2.org1.example.com Type:peer Secret:peer2PW MaxEnrollments:0 Affiliation: Attributes:[] CAName:} Revoke:{Name: Serial: AKI: Reason: CAName: GenCRL:false} CAInfo:{CAName:} CAName: CSP:0xc000451cc0 Debug:true LogLevel:}
2021/04/28 08:55:25 [DEBUG] Initializing BCCSP: &{ProviderName:SW SwOpts:0xc0003f2300 PluginOpts:<nil>}
2021/04/28 08:55:25 [DEBUG] Initializing BCCSP with software options &{SecLevel:256 HashFamily:SHA2 Ephemeral:false FileKeystore:0xc000169050 DummyKeystore:<nil> InmemKeystore:<nil>}
2021/04/28 08:55:25 [INFO] TLS Enabled
2021/04/28 08:55:25 [DEBUG] CA Files: [/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem]
2021/04/28 08:55:25 [DEBUG] Client Cert File:
2021/04/28 08:55:25 [DEBUG] Client Key File:
2021/04/28 08:55:25 [DEBUG] Client TLS certificate and/or key file not provided
2021/04/28 08:55:25 [DEBUG] Loading identity: keyFile=/etc/hyperledger/fabric-ca-server/msp/keystore/key.pem, certFile=/etc/hyperledger/fabric-ca-server/msp/signcerts/cert.pem
2021/04/28 08:55:25 [DEBUG] No credential found at /etc/hyperledger/fabric-ca-server/msp/user/SignerConfig: open /etc/hyperledger/fabric-ca-server/msp/user/SignerConfig: no such file or directory
2021/04/28 08:55:25 [DEBUG] No Idemix credential found at /etc/hyperledger/fabric-ca-server/msp/user/SignerConfig
2021/04/28 08:55:25 [DEBUG] Register { Name:peer2.org1.example.com Type:peer Secret:**** MaxEnrollments:0 Affiliation: Attributes:[] CAName: }
2021/04/28 08:55:25 [DEBUG] Adding token-based authorization header
2021/04/28 08:55:25 [DEBUG] Sending request
POST https://ca.org1.example.com:7054/register
{"id":"peer2.org1.example.com","type":"peer","secret":"peer2PW","affiliation":""}
2021/04/28 08:55:25 [DEBUG] Received response
statusCode=201 (201 Created)
2021/04/28 08:55:25 [DEBUG] Response body result: map[secret:peer2PW]
2021/04/28 08:55:25 [DEBUG] The register request completed successfully
Password: peer2PW