前置条件
- unbuntu 18.04
- fabric-ca-server 1.4.6
安装
- 源码安装
- 二进制安装
我直接用二进制,方便点。
hyperledger-fabric-ca-linux-amd64-1.4.6.tar.gz下载地址
下载完后得到
bin/
├── fabric-ca-client
└── fabric-ca-server
将这两个可执行文件加入环境变量 PATH.
设置fabric ca server的HOME目录
1.通过 --home参数设置
2.如果设置了FABRIC_CA_SERVER_HOME环境变量,则使用该环境变量作为主文件夹。
3.如果设置了FABRIC_CA_HOME环境变量,则使用该环境变量作为主文件夹。
4.如果设置了CA_CFG_PATH环境变量,则使用该环境变量作为主文件夹。
如果以上方法都没有设置,则将当前工作目录作为主文件夹。
启动fabric-ca-server
直接运行
fabric-ca-server start -b admin:adminpw --tls.enabled
因为tls证书问题,请运行下面这条命令
fabric-ca-server start -b admin:adminpw --tls.enabled --csr.hosts 192.168.128.129
打印如下日志。
2020/04/27 01:51:57 [INFO] Created default configuration file at /home/t/ca02_demo/fabric-ca-server-config.yaml
2020/04/27 01:51:57 [INFO] Starting server in home directory: /home/t/ca02_demo
2020/04/27 01:51:57 [INFO] Server Version: 1.4.6
2020/04/27 01:51:57 [INFO] Server Levels: &{Identity:2 Affiliation:1 Certificate:1 Credential:1 RAInfo:1 Nonce:1}
2020/04/27 01:51:57 [WARNING] &{69 The specified CA certificate file /home/t/ca02_demo/ca-cert.pem does not exist}
2020/04/27 01:51:57 [INFO] generating key: &{A:ecdsa S:256}
2020/04/27 01:51:57 [INFO] encoded CSR
2020/04/27 01:51:57 [INFO] signed certificate with serial number 596481663851329572374858418792394216370550593268
2020/04/27 01:51:57 [INFO] The CA key and certificate were generated for CA
2020/04/27 01:51:57 [INFO] The key was stored by BCCSP provider 'SW'
2020/04/27 01:51:57 [INFO] The certificate is at: /home/t/ca02_demo/ca-cert.pem
2020/04/27 01:51:58 [INFO] Initialized sqlite3 database at /home/t/ca02_demo/fabric-ca-server.db
2020/04/27 01:51:58 [INFO] The issuer key was successfully stored. The public key is at: /home/t/ca02_demo/IssuerPublicKey, secret key is at: /home/t/ca02_demo/msp/keystore/IssuerSecretKey
2020/04/27 01:51:58 [INFO] Idemix issuer revocation public and secret keys were generated for CA ''
2020/04/27 01:51:58 [INFO] The revocation key was successfully stored. The public key is at: /home/t/ca02_demo/IssuerRevocationPublicKey, private key is at: /home/t/ca02_demo/msp/keystore/IssuerRevocationPrivateKey
2020/04/27 01:51:58 [INFO] Home directory for default CA: /home/t/ca02_demo
2020/04/27 01:51:58 [INFO] Operation Server Listening on 127.0.0.1:9443
2020/04/27 01:51:58 [INFO] generating key: &{A:ecdsa S:256}
2020/04/27 01:51:58 [INFO] encoded CSR
2020/04/27 01:51:58 [INFO] signed certificate with serial number 329534585106560547893187291685042549776140207184
2020/04/27 01:51:58 [INFO] Listening on https://0.0.0.0:7054
我开启了tls,https服务已启动。
好像旧版本需要 运行初始化这个命令。
fabric-ca-server init -b admin:adminpw
得到目录结构
├── ca-cert.pem CA根证书
├── fabric-ca-server-config.yaml 自动生成的一个配置
├── fabric-ca-server.db 存储CA服务器的用户名,密码。默认用sqllite3,刚刚的admin,adminpw就存在这
├── IssuerPublicKey 零时证明文件,不知有啥用
├── IssuerRevocationPublicKey 零时证明文件,不知有啥用
├── msp
│ ├── cacerts
│ ├── keystore 这里存放的私钥,暂时没用到。一个是根证书的,有一个应该是tls-cert的。
│ │ ├── 251d980426e6406042f82553d123dd640ac3b63faaba490430eb73b8f023d840_sk
│ │ ├── fabeb56f55f65503c1ec6e91c8163b29607a51d710c5afb65dd62efd93918455_sk
│ │ ├── IssuerRevocationPrivateKey
│ │ └── IssuerSecretKey
│ ├── signcerts
│ └── user
└── tls-cert.pem tls加密通信根证书。不加--tls.enable不会生成。
sdk代码
主要代码。
//设置 ca tls根证书,需在ca-server 开启--tls-enable.
Properties properties = new Properties()