fabric-ca服务搭建

最新推荐文章于 2023-03-01 21:43:53 发布
最新推荐文章于 2023-03-01 21:43:53 发布
阅读量1.1k 收藏 10
点赞数 1
分类专栏: 区块链 # fabric
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/ory001/article/details/108378217
版权

fabric-ca服务搭建

文章目录

一、Fabric CA概述

fabric-ca

Fabric Server端由一个服务器集群组成,以树形架构组织CA Server节点,包含一个Root 节点和多个中间节点。每个CA要么是根CA,要么是中间CA。每个中间CA都有一个父CA,它要么是根CA,要么是另一个中间CA。

可以通过Client或SDK与服务器集群中的CA服务器进行交互。客户端首先路由到HA代理,由代理进行负载均衡,将客户端连接至某一服务器的集群成员。

包括前端的一个高可用的代理服务器,连接着若干个CA Server集群,这些集群将数据共同存放在同一个数据服务器上。数据库可能是MySQL、LDAP、PostgresSQL或者SQLite(集群环境中不推荐使用SQLite)。

集群中的所有CA服务器都共享相同的数据库,以跟踪身份和证书。如果配置了LDAP,则将标识信息保存在LDAP中而不是数据库中。

Fabric CA再Fabric网络中主要起到提供安全证书以及通道加密的作用。

二、基础环境搭建

docker环境搭建

防火墙设置

firewall-cmd --zone=public --add-port=7054/tcp  --permanent
firewall-cmd --reload

三、fabric-ca服务搭建

1.ca_orderer
vim docker-ca-orderer.yaml

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'

networks:
  ca:
services:
  ca_orderer:
    image: hyperledger/fabric-ca
    environment:
      - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
      - FABRIC_CA_SERVER_CA_NAME=ca-orderer
      - FABRIC_CA_SERVER_TLS_ENABLED=true
      - FABRIC_CA_SERVER_PORT=7054
      - FABRIC_CA_SERVER_CSR_CN=ca-orderer
      - FABRIC_CA_SERVER_CSR_HOSTS=ca.orderer.example.com
    ports:
      - "7054:7054"
    command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
    volumes:
      - ./fabric-ca/ordererOrg:/etc/hyperledger/fabric-ca-server
    container_name: ca_orderer
    networks:
      - ca

说明:FABRIC_CA_SERVER_CSR_HOSTS后的ca.orderer.example.com需要对应本机ip地址配置到DNS服务器

docker-compose -f docker-ca-orderer.yaml up

目录结构

[root@chain4 fabric-ca]# pwd
/opt/gopath/src/github.com/hyperledger/fabric-ca

[root@chain4 fabric-ca]# tree ordererOrg/
ordererOrg/
├── ca-cert.pem
├── fabric-ca-server-config.yaml
├── fabric-ca-server.db
├── IssuerPublicKey
├── IssuerRevocationPublicKey
├── msp
│   ├── cacerts
│   ├── keystore
│   │   ├── 2a908549620d44aee2d800e3b2ffa803cf2748b4825b1ff36f2e140f29c74d16_sk
│   │   ├── 9ac46a1d71b16f2e646bd58d3d97cab3da3501af07668c2c44c3974efd355b33_sk
│   │   ├── IssuerRevocationPrivateKey
│   │   └── IssuerSecretKey
│   ├── signcerts
│   └── user
└── tls-cert.pem

5 directories, 10 files
2.ca_org1
vim docker-ca-org1.yaml

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'

networks:
  ca:

services:
  ca_org1:
    image: hyperledger/fabric-ca
    environment:
      - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
      - FABRIC_CA_SERVER_CA_NAME=ca-org1
      - FABRIC_CA_SERVER_TLS_ENABLED=true
      - FABRIC_CA_SERVER_PORT=7054
      - FABRIC_CA_SERVER_CSR_CN=ca-org1
      - FABRIC_CA_SERVER_CSR_HOSTS=ca.org1.example.com
    ports:
      - "7054:7054"
    command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
    volumes:
      - ./fabric-ca/org1:/etc/hyperledger/fabric-ca-server
    container_name: ca_org1
    networks:
      - ca

说明:FABRIC_CA_SERVER_CSR_HOSTS后的ca.org1.example.com需要对应本机ip地址配置到DNS服务器

docker-compose -f docker-ca-org1.yaml up
3.ca_org2
vim docker-ca-org2.yaml

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#

version: '2'

networks:
  ca:

services:
  ca_org2:
    image: hyperledger/fabric-ca
    environment:
      - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
      - FABRIC_CA_SERVER_CA_NAME=ca-org2
      - FABRIC_CA_SERVER_TLS_ENABLED=true
      - FABRIC_CA_SERVER_PORT=7054
      - FABRIC_CA_SERVER_CSR_CN=ca-org2
      - FABRIC_CA_SERVER_CSR_HOSTS=ca.org2.example.com
    ports:
      - "7054:7054"
    command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
    volumes:
      - ./fabric-ca/org2:/etc/hyperledger/fabric-ca-server
    container_name: ca_org2
    networks:
      - ca

说明:FABRIC_CA_SERVER_CSR_HOSTS后的ca.org2.example.com需要对应本机ip地址配置到DNS服务器

docker-compose -f docker-ca-org2.yaml up

四、证书生成

首先需要将上面三个机器启动时生成的文件夹orderOrg、org1、org2放到同一台机器上,因为这些都是证书签发所需要的验证文件。

参照官方案例test-network,根据实际需求定制shell脚本

cd $FABRIC/scripts/fabric-samples/test-network/organizations/fabric-ca
cat registerEnroll.sh
cd $FABRIC/scripts/fabric-samples/test-network/addOrg3/fabric-ca
cat registerEnroll.sh

TODO 参照addOrg3目录下的脚本,编写可动态传参的shell脚本。

cd /opt/gopath/src/github.com/hyperledger/fabric-ca
vim register.sh

function createOrg1 {

  echo
   echo "Enroll the CA admin"
  echo
   mkdir -p organizations/peerOrganizations/org1.example.com/

   export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/peerOrganizations/org1.example.com/
#  rm -rf $FABRIC_CA_CLIENT_HOME/fabric-ca-client-config.yaml
#  rm -rf $FABRIC_CA_CLIENT_HOME/msp

  set -x
  fabric-ca-client enroll -u https://admin:adminpw@ca.org1.example.com:7054 --caname ca-org1 --tls.certfiles ${PWD}/org1/tls-cert.pem
  set +x

  echo 'NodeOUs:
  Enable: true
  ClientOUIdentifier:
    Certificate: cacerts/ca-org1-example-com-7054-ca-org1.pem
    OrganizationalUnitIdentifier: client
  PeerOUIdentifier:
    Certificate: cacerts/ca-org1-example-com-7054-ca-org1.pem
    OrganizationalUnitIdentifier: peer
  AdminOUIdentifier:
    Certificate: cacerts/ca-org1-example-com-7054-ca-org1.pem
    OrganizationalUnitIdentifier: admin
  OrdererOUIdentifier:
    Certificate: cacerts/ca-org1-example-com-7054-ca-org1.pem
    OrganizationalUnitIdentifier: orderer' > ${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml

  echo
   echo "Register peer0"
  echo
  set -x
   fabric-ca-client register --caname ca-org1 --id.name peer0 --id.secret peer0pw --id.type peer --tls.certfiles ${PWD}/org1/tls-cert.pem
  set +x

  echo
  echo "Register user"
  echo
  set -x
  fabric-ca-client register --caname ca-org1 --id.name user1 --id.secret user1pw --id.type client --tls.certfiles ${PWD}/org1/tls-cert.pem
  set +x

  echo
  echo "Register the org admin"
  echo
  set -x
  fabric-ca-client register --caname ca-org1 --id.name org1admin --id.secret org1adminpw --id.type admin --tls.certfiles ${PWD}/org1/tls-cert.pem
  set +x

   mkdir -p organizations/peerOrganizations/org1.example.com/peers
  mkdir -p organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com

  echo
  echo "## Generate the peer0 msp"
  echo
  set -x
   fabric-ca-client enroll -u https://peer0:peer0pw@ca.org1.example.com:7054 --caname ca-org1 -M ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp --csr.hosts peer0.org1.example.com --tls.certfiles ${PWD}/org1/tls-cert.pem
  set +x

  cp ${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/config.yaml

  echo
  echo "## Generate the peer0-tls certificates"
  echo
  set -x
  fabric-ca-client enroll -u https://peer0:peer0pw@ca.org1.example.com:7054 --caname ca-org1 -M ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls --enrollment.profile tls --csr.hosts peer0.org1.example.com --csr.hosts localhost --tls.certfiles ${PWD}/org1/tls-cert.pem
  set +x


  cp ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/tlscacerts/* ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
  cp ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/signcerts/* ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
  cp ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/keystore/* ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key

  mkdir -p ${PWD}/organizations/peerOrganizations/org1.example.com/msp/tlscacerts
  cp ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/tlscacerts/* ${PWD}/organizations/peerOrganizations/org1.example.com/msp/tlscacerts/ca.crt

  mkdir -p ${PWD}/organizations/peerOrganizations/org1.example.com/tlsca
  cp ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/tlscacerts/* ${PWD}/organizations/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem

  mkdir -p ${PWD}/organizations/peerOrganizations/org1.example.com/ca
  cp ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/cacerts/* ${PWD}/organizations/peerOrganizations/org1.example.com/ca/ca.org1.example.com-cert.pem

  mkdir -p organizations/peerOrganizations/org1.example.com/users
  mkdir -p organizations/peerOrganizations/org1.example.com/users/User1@org1.example.com

  echo
  echo "## Generate the user msp"
  echo
  set -x
   fabric-ca-client enroll -u https://user1:user1pw@ca.org1.example.com:7054 --caname ca-org1 -M ${PWD}/organizations/peerOrganizations/org1.example.com/users/User1@org1.example.com/msp --tls.certfiles ${PWD}/org1/tls-cert.pem
  set +x

  cp ${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml ${PWD}/organizations/peerOrganizations/org1.example.com/users/User1@org1.example.com/msp/config.yaml

  mkdir -p organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com

  echo
  echo "## Generate the org admin msp"
  echo
  set -x
   fabric-ca-client enroll -u https://org1admin:org1adminpw@ca.org1.example.com:7054 --caname ca-org1 -M ${PWD}/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp --tls.certfiles ${PWD}/org1/tls-cert.pem
  set +x

  cp ${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml ${PWD}/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/config.yaml

}


function createOrg2 {

  echo
   echo "Enroll the CA admin"
  echo
   mkdir -p organizations/peerOrganizations/org2.example.com/

   export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/peerOrganizations/org2.example.com/
#  rm -rf $FABRIC_CA_CLIENT_HOME/fabric-ca-client-config.yaml
#  rm -rf $FABRIC_CA_CLIENT_HOME/msp

  set -x
  fabric-ca-client enroll -u https://admin:adminpw@ca.org2.example.com:7054 --caname ca-org2 --tls.certfiles ${PWD}/org2/tls-cert.pem
  set +x

  echo 'NodeOUs:
  Enable: true
  ClientOUIdentifier:
    Certificate: cacerts/ca-org2-example-com-7054-ca-org2.pem
    OrganizationalUnitIdentifier: client
  PeerOUIdentifier:
    Certificate: cacerts/ca-org2-example-com-7054-ca-org2.pem
    OrganizationalUnitIdentifier: peer
  AdminOUIdentifier:
    Certificate: cacerts/ca-org2-example-com-7054-ca-org2.pem
    OrganizationalUnitIdentifier: admin
  OrdererOUIdentifier:
    Certificate: cacerts/ca-org2-example-com-7054-ca-org2.pem
    OrganizationalUnitIdentifier: orderer' > ${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml

  echo
   echo "Register peer0"
  echo
  set -x
   fabric-ca-client register --caname ca-org2 --id.name peer0 --id.secret peer0pw --id.type peer --tls.certfiles ${PWD}/org2/tls-cert.pem
  set +x

  echo
  echo "Register user"
  echo
  set -x
  fabric-ca-client register --caname ca-org2 --id.name user1 --id.secret user1pw --id.type client --tls.certfiles ${PWD}/org2/tls-cert.pem
  set +x

  echo
  echo "Register the org admin"
  echo
  set -x
  fabric-ca-client register --caname ca-org2 --id.name org2admin --id.secret org2adminpw --id.type admin --tls.certfiles ${PWD}/org2/tls-cert.pem
  set +x

   mkdir -p organizations/peerOrganizations/org2.example.com/peers
  mkdir -p organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com

  echo
  echo "## Generate the peer0 msp"
  echo
  set -x
   fabric-ca-client enroll -u https://peer0:peer0pw@ca.org2.example.com:7054 --caname ca-org2 -M ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp --csr.hosts peer0.org2.example.com --tls.certfiles ${PWD}/org2/tls-cert.pem
  set +x

  cp ${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp/config.yaml

  echo
  echo "## Generate the peer0-tls certificates"
  echo
  set -x
  fabric-ca-client enroll -u https://peer0:peer0pw@ca.org2.example.com:7054 --caname ca-org2 -M ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls --enrollment.profile tls --csr.hosts peer0.org2.example.com --csr.hosts localhost --tls.certfiles ${PWD}/org2/tls-cert.pem
  set +x


  cp ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/tlscacerts/* ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
  cp ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/signcerts/* ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.crt
  cp ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/keystore/* ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.key

  mkdir -p ${PWD}/organizations/peerOrganizations/org2.example.com/msp/tlscacerts
  cp ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/tlscacerts/* ${PWD}/organizations/peerOrganizations/org2.example.com/msp/tlscacerts/ca.crt

  mkdir -p ${PWD}/organizations/peerOrganizations/org2.example.com/tlsca
  cp ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/tlscacerts/* ${PWD}/organizations/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem

  mkdir -p ${PWD}/organizations/peerOrganizations/org2.example.com/ca
  cp ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp/cacerts/* ${PWD}/organizations/peerOrganizations/org2.example.com/ca/ca.org2.example.com-cert.pem

  mkdir -p organizations/peerOrganizations/org2.example.com/users
  mkdir -p organizations/peerOrganizations/org2.example.com/users/User1@org2.example.com

  echo
  echo "## Generate the user msp"
  echo
  set -x
   fabric-ca-client enroll -u https://user1:user1pw@ca.org2.example.com:7054 --caname ca-org2 -M ${PWD}/organizations/peerOrganizations/org2.example.com/users/User1@org2.example.com/msp --tls.certfiles ${PWD}/org2/tls-cert.pem
  set +x

  cp ${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml ${PWD}/organizations/peerOrganizations/org2.example.com/users/User1@org2.example.com/msp/config.yaml

  mkdir -p organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com

  echo
  echo "## Generate the org admin msp"
  echo
  set -x
   fabric-ca-client enroll -u https://org2admin:org2adminpw@ca.org2.example.com:7054 --caname ca-org2 -M ${PWD}/organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp --tls.certfiles ${PWD}/org2/tls-cert.pem
  set +x

  cp ${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml ${PWD}/organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp/config.yaml

}

function createOrderer {

  echo
  echo "Enroll the CA admin"
  echo
  mkdir -p organizations/ordererOrganizations/example.com

  export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/ordererOrganizations/example.com
#  rm -rf $FABRIC_CA_CLIENT_HOME/fabric-ca-client-config.yaml
#  rm -rf $FABRIC_CA_CLIENT_HOME/msp

  set -x
  fabric-ca-client enroll -u https://admin:adminpw@ca.orderer.example.com:7054 --caname ca-orderer --tls.certfiles ${PWD}/ordererOrg/tls-cert.pem
  set +x

  echo 'NodeOUs:
  Enable: true
  ClientOUIdentifier:
    Certificate: cacerts/ca-orderer-example-com-7054-ca-orderer.pem
    OrganizationalUnitIdentifier: client
  PeerOUIdentifier:
    Certificate: cacerts/ca-orderer-example-com-7054-ca-orderer.pem
    OrganizationalUnitIdentifier: peer
  AdminOUIdentifier:
    Certificate: cacerts/ca-orderer-example-com-7054-ca-orderer.pem
    OrganizationalUnitIdentifier: admin
  OrdererOUIdentifier:
    Certificate: cacerts/ca-orderer-example-com-7054-ca-orderer.pem
    OrganizationalUnitIdentifier: orderer' > ${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml


  echo
  echo "Register orderer"
  echo
  set -x
  fabric-ca-client register --caname ca-orderer --id.name orderer0 --id.secret orderer0pw --id.type orderer --tls.certfiles ${PWD}/ordererOrg/tls-cert.pem
  fabric-ca-client register --caname ca-orderer --id.name orderer1 --id.secret orderer1pw --id.type orderer --tls.certfiles ${PWD}/ordererOrg/tls-cert.pem
  fabric-ca-client register --caname ca-orderer --id.name orderer2 --id.secret orderer2pw --id.type orderer --tls.certfiles ${PWD}/ordererOrg/tls-cert.pem

    set +x

  echo
  echo "Register the orderer admin"
  echo
  set -x
  fabric-ca-client register --caname ca-orderer --id.name ordererAdmin --id.secret ordererAdminpw --id.type admin --tls.certfiles ${PWD}/ordererOrg/tls-cert.pem
  set +x

  mkdir -p organizations/ordererOrganizations/example.com/orderers
  mkdir -p organizations/ordererOrganizations/example.com/orderers/example.com

  mkdir -p organizations/ordererOrganizations/example.com/orderers/orderer0.example.com
  mkdir -p organizations/ordererOrganizations/example.com/orderers/orderer1.example.com
  mkdir -p organizations/ordererOrganizations/example.com/orderers/orderer2.example.com

  echo
  echo "## Generate the orderer msp"
  echo
  set -x
  fabric-ca-client enroll -u https://orderer0:orderer0pw@ca.orderer.example.com:7054 --caname ca-orderer -M ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer0.example.com/msp --csr.hosts orderer0.example.com --csr.hosts localhost --tls.certfiles ${PWD}/ordererOrg/tls-cert.pem
  fabric-ca-client enroll -u https://orderer1:orderer1pw@ca.orderer.example.com:7054 --caname ca-orderer -M ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer1.example.com/msp --csr.hosts orderer1.example.com --csr.hosts localhost --tls.certfiles ${PWD}/ordererOrg/tls-cert.pem
  fabric-ca-client enroll -u https://orderer2:orderer2pw@ca.orderer.example.com:7054 --caname ca-orderer -M ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/msp --csr.hosts orderer2.example.com --csr.hosts localhost --tls.certfiles ${PWD}/ordererOrg/tls-cert.pem

  set +x

  cp ${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/config.yaml
  cp ${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer1.example.com/msp/config.yaml
  cp ${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/msp/config.yaml


  echo
  echo "## Generate the orderer-tls certificates"
  echo
  set -x
  fabric-ca-client enroll -u https://orderer0:orderer0pw@ca.orderer.example.com:7054 --caname ca-orderer -M ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer0.example.com/tls --enrollment.profile tls --csr.hosts orderer0.example.com --csr.hosts localhost --tls.certfiles ${PWD}/ordererOrg/tls-cert.pem
  fabric-ca-client enroll -u https://orderer1:orderer1pw@ca.orderer.example.com:7054 --caname ca-orderer -M ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer1.example.com/tls --enrollment.profile tls --csr.hosts orderer1.example.com --csr.hosts localhost --tls.certfiles ${PWD}/ordererOrg/tls-cert.pem
  fabric-ca-client enroll -u https://orderer2:orderer2pw@ca.orderer.example.com:7054 --caname ca-orderer -M ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls --enrollment.profile tls --csr.hosts orderer2.example.com --csr.hosts localhost --tls.certfiles ${PWD}/ordererOrg/tls-cert.pem
  set +x

  cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/tlscacerts/* ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/ca.crt
  cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/signcerts/* ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/server.crt
  cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/keystore/* ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/server.key

  cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/tlscacerts/* ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/ca.crt
  cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/signcerts/* ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/server.crt
  cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/keystore/* ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/server.key

  cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/tlscacerts/* ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/ca.crt
  cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/signcerts/* ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
  cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/keystore/* ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.key

  mkdir -p ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/tlscacerts
  cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/tlscacerts/* ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
 mkdir -p ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer1.example.com/msp/tlscacerts
  cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/tlscacerts/* ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer1.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
 mkdir -p ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/msp/tlscacerts
  cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/tlscacerts/* ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/msp/tlscacerts/tlsca.example.com-cert.pem

  mkdir -p ${PWD}/organizations/ordererOrganizations/example.com/msp/tlscacerts
  cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/tlscacerts/* ${PWD}/organizations/ordererOrganizations/example.com/msp/tlscacerts/tlsca.example.com-cert.pem

  mkdir -p organizations/ordererOrganizations/example.com/users
  mkdir -p organizations/ordererOrganizations/example.com/users/Admin@example.com

  echo
  echo "## Generate the admin msp"
  echo
  set -x
  fabric-ca-client enroll -u https://ordererAdmin:ordererAdminpw@ca.orderer.example.com:7054 --caname ca-orderer -M ${PWD}/organizations/ordererOrganizations/example.com/users/Admin@example.com/msp --tls.certfiles ${PWD}/ordererOrg/tls-cert.pem
  set +x

  cp ${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml ${PWD}/organizations/ordererOrganizations/example.com/users/Admin@example.com/msp/config.yaml
}
createOrg1
createOrg2
createOrderer

注意:上面脚本中的文件都指定为相对路径,需要根据实际情况调整为自己需要的路径;生成的organizations文件夹需要分发到每个orderer节点和peer节点的工作目录下。

搬山境KL攻城狮
关注
专栏目录
fabric-ca 搭建sdk使用
个人主页 animeirl.top
11-06 193
hyperledger fabric-ca的使用,sdk的使用
Hyperledger Fabric手动生成CA证书搭建Fabric网络-Raft.pdf
07-29
模拟线上环境, 搭建Fabirc网络,使用Fabric2.0 , TLS手动生成证书, Raft共识协议
fabric-ca 部署环境
xxzjwdnlwx的专栏
06-20 2420
fabric 中证书的生成可以采用官方提供的工具cryptogen命令生成,一种是通过fabric-ca服务生成。准备:fabric 环境中有一个order,两个org,每个org 中有两个peer(同fabric exmaples/e2e-cli)开启fabric-ca编译fabric-ca$ go get -u github.com/hyperledger/fabric-ca $ cd $GO...
Fabric-CA1.0模块的搭建与使用
馒 的技术空间
12-18 382
最近在看CA的内容,这个文章感觉不错,转过来。 https://gitee.com/mimori1994/FabricJavaSDKExamples/blob/master/doc/1.2.Fabric-CA1.0%E6%A8%A1%E5%9D%97%E7%9A%84%E6%90%AD%E5%BB%BA%E4%B8%8E%E4%BD%BF%E7%94%A8.md# 本篇主要介绍`Fabric-CA`模块的搭建与使用,本篇使用的版本是`Fabric-CA1.0.6`版本,由于官方的项目还处在不断的快速迭代
hyperledger-fabric第五天 -Fabric-CA和多机多节点部署
fegus的博客
04-23 1001
1. Fabric梳理 1.1 fabric网络的搭建过程 生成节点证书 # 1. 编写组织信息的配置文件, 该文件中声明每个组织有多少个节点, 多少用户 # 在这个配置文件中声明了每个节点访问的地址(域名) # 一般命名为crypto-config.yaml $ cryptogen generate --config=xxx.yaml 生成创始块文件和通道文件 编写配置文件 - configtx.yaml 配置组织信息 name ID msp anchor peer
fabric-ca 部署
纵横四海的博客
04-01 2201
fabric-ca是hyperledger的一个开源项目,基本架构就不多说,本文主要是讲述部署方式 1.环境准备: 系统版本信息 [root@k8s01 server]# uname -a Linux k8s01 3.10.0-693.21.1.el7.x86_64 #1 SMP Wed Mar 7 19:03:37 UTC 2018 x86_64 x86_64 x86_64 GNU/Lin...
hyperledger-fabric-ca-windows-amd64-1.4.7.tar.gz
07-07
总之,`hyperledger-fabric-ca-windows-amd64-1.4.7.tar.gz`是搭建Hyperledger Fabric 1.4网络中不可或缺的组件,它提供的CA服务对于保障网络的安全运行至关重要。理解并正确使用CA服务,是成功部署和管理Fabric网络...
hyperledger-fabric-ca-linux-amd64-1.4.6.tar.gz
03-16
该工具为fabric2.0 环境搭建过程中的二进制文件。 官方下载地址为: https://github.com/hyperledger/fabric-ca/releases/download/v1.4.6/hyperledger-fabric-ca-linux-amd64-1.4.6.tar.gz 不过官方下载速度较慢...
hyperledger-fabric-ca-darwin-amd64-1.4.0.tar.gz
03-04
在本文中,我们将详细讲解如何在 macOS 系统(Darwin 平台)上,利用提供的 "hyperledger-fabric-ca-darwin-amd64-1.4.0.tar.gz" 压缩包,进行 Hyperledger Fabric 1.4 的环境搭建。 一、下载与解压 首先,我们...
hyperledger-fabric-ca-darwin-amd64-1.4.3.tar.gz
12-06
hyperledger-fabric-ca-darwin-amd64-1.4.3.tar hyperledger-fabric 私有链搭建,必备的工具包。在执行sh bootstrap.sh 会用到。但由于国内网络环境,下载起来特别慢,导致sh bootstrap.sh 执行失败。 使用方法,...
Hyperledger Fabric 超级账本 CA搭建使用
littleshenyue的博客
04-06 457
Fabric CA User’s Guide 开始 安装 go get -u github.com/hyperledger/fabric-ca/cmd/... 本地开启CA服务fabric-ca-server start -b admin:adminpw 创建了一个fabric-ca-server-config.yaml,这个文件用于配置 使用docker开启,创建docker-compose.yml fabric-ca-server: image: hyperledger/fabric-ca:
启动带Fabric-CA服务网络
水上铁的专栏
05-23 437
这部分在第二章入门-运行第一个测试网络中有详细讲解,这里简单温习一下 # 定位到test-network目录 cd $GOPATH/src/github.com/hyperledger/fabric-samples/test-network # 先删除之前的网络信息 ./network.sh down # 启动网络 ./network.sh up # 创建通道 ./network.sh createChannel # 部署Fabcar链码,这次部署的是js版本的合约 ./net..
Fabric2.3分布式部署(fabric-ca)
大伟的博客
03-30 6550
1、前提 生成一下文件,可以把单机启动后的文件全部赋值过来。 创建组织及证书 和 Fabric CA 配置3台服务器 IP 节点名称 192.168.31.8 orderer.example.com 192.168.31.70 peer0.org1.example.com 192.168.31.11 peer0.org2.example.com 在3台主机修改hosts文件 vim /etc/hosts 2、配置docker文件 编写创..
fabric服务发现
weixin_44267448的博客
08-15 240
./discover peers --userKey=crypto/peerOrganizations/org1.3hmis.com/users/Admin@org1.3hmis.com/msp/keystore/8c0375c37193953f86b216df3f270707273f2ad0ec826d94025c6ca6b2b959ba_sk --userCert=crypto/peerOrganizations/org1.3hmis.com/users/Admin@org1.3hmis.com/msp
Fabric-CA服务配置教程
水上铁的专栏
05-25 757
初始化服务端 启动服务配置数据库 配置LDAP 设置集群 设置多个CA 注册中间CA 升级服务服务端运维 本文由小韦云原创,转载请注明出处:https://www.bctos.cn/doc/4/1838,否则追究其法律责任 ...
Hyperledger Fabric 2.2.5_CA方式_搭建生产网络
屋卢狸卡
10-08 654
CA服务搭建Fabric生产网络
Hyperledger Fabric 1.0 快速搭建 -------- 多机部署 Fabric CA节点服务
09-30 2775
前言 在这里我推荐两位大神的博客,可以参考或者直接跟着这两位大神学习,我是阅读这两位大神的博客和《深度探索区块链Hyperledger技术与应用》一书部署的 《深度探索区块链Hyperledger技术与应用》作者:张增骏、董宁、朱轩彤、陈剑雄  著。 深蓝大大:https://www.cnblogs.com/studyzy/category/1024666.html Aberic大神:ht...
Fabric CA 官方用户指南(中文版)
热门推荐
一颗贪婪的星
05-20 2万+
目录 一、Fabric CA概述 ​二、开始使用 (一)先决条件 (二)安装Fabric-ca (三)启动服务方式 三、Fabric CA Server (一)初始化Server (二)启动Server (三)配置数据库 1. PostgreSQL 2. MySQL (四)配置LDAP (五)配置多个CAs 四、Fabric CA Client (一)登记引导身份 ...
Fabric学习九)部署Fabric CA以及出现问题的相关记录
Wannabe_hacker的博客
03-01 1299
本实验将继续采用从我之前的FabricCA单机多节点为目标构建,在学习七中我使用三个orderer节点,两个组织以及组织下各有两个peer节点组成网络。所以在容器配置中我们会设定一个tlsCA和一个orderer的CA(我这里设置为组织0),以及两个普通组织(内有peer节点)的CA,共四个CA
hyperledger-fabric-linux-amd64-2.2.0.tar.gz
最新发布
06-25
用户可以通过下载该软件包并按照相关文档进行安装和部署来使用Hyperledger Fabric平台搭建自己的区块链网络。 Hyperledger Fabric平台是一个开放且可扩展的企业级区块链解决方案,它提供了高度灵活的合约机制和身份...
评论 6
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

搬山境KL攻城狮

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值