fabric-ca-server 提供了一组RESTAPI接口给第三方接口,fabric-ca-client对这些接口进行封装,只需几个参数便可连接server进行账号注册、账号授权
- enroll:登录账号
- gencrl:撤销证书
- gencsr:创建证书签名
- getcacert:获取CA链证书
- reenroll:重新登记账号
- register:注册一个新账号
- revoke:撤销一个账号
- version:版本信息
将fabric-ca-server绑定到现有的项目中
fabric-ca是Fabric的cryptogen模块的有力补充,在实际项目中占有十分重要的作用尤其是动态生成账号文件
- 绑定fabric-ca-server到现有的组织
需要准备两个文件:
(1)原来生成证书文件cryptogen模块的generate命令生成的证书文件(对应的组织文件夹)
(2)fabric-ca-server-config.yaml文件的ca代码段
将(2)修改为(1)对应的name、keyfile、certfile绝对路径就OK了
- 通过客户端从已经绑定的fabric-ca-server中生成账号
==============fabric-ca-server============
mkdir -p /opt/testfabric/fabric-ca-server
fabric-ca-server init -b admin:adminpw
fabric-ca-server start -H /opt/testfabric/fabric-ca-server -b admin:adminpw==============fabric-ca-server============
mkdir -p /opt/testfabric/fabric-ca-client
export FABRIC_CA_CLIENT_HOME=/opt/testfabric/fabric-ca-clientfabric-ca-client enroll -u http://admin:adminpw@localhost:7054 -M /opt/testfabric/fabric-ca-client
fabric-ca-client register --id.name usertest02 --id.type user --id.affiliation org1.department1 --id.secret usertest02pw -u http://localhost:7054
fabric-ca-client enroll -u http://usertest02:usertest02pw@localhost:7054 -M /opt/testfabric/fabric-ca-client/user_pw/usertest02/msp
mkdir /opt/testfabric/fabric-ca-client/user_pw/usertest02/msp/admincerts
cp /opt/testfabric/fabricconfig/crypto-config/peerOrganizations/org1.qklszzn.com/users/Admin@org1.qklszzn.com/msp/signcerts/* /opt/testfabric/fabric-ca-client/user_pw/usertest02/msp/admincerts
mkdir /opt/testfabric/fabric-ca-client/user_pw/usertest02/tls
cp /opt/testfabric/fabricconfig/crypto-config/peerOrganizations/org1.qklszzn.com/peers/peer0.org1.qklszzn.com/tls/* /opt/testfabric/fabric-ca-client/user_pw/usertest02/tls