证书要求:
1.数字证书的格式遵循X.509标准
2.版本V3
3.签名算法sha256ECDSA
FABRIC-JAVA-SDK中使用到的CA:
./e2e-2Orgs/channel/crypto-config/peerOrganizations/org1.example.com/users/
[email protected]/msp/signcerts
./e2e-2Orgs/channel/crypto-config/peerOrganizations/org1.example.com/users/
[email protected]/msp/keystore
docker-compose.yaml配置文件中用到的CA:
1、Orderer节点
./e2e-2Orgs/channel/crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp(文件夹下所有)
./e2e-2Orgs/channel/crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls(文件夹下所有)
2、CA节点
./e2e-2Orgs/channel/crypto-config/peerOrganizations/org1.example.com/ca/(文件夹下所有)
3、PEER节点
./e2e-2Orgs/channel/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp(文件夹下所有)
./e2e-2Orgs/channel/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls(文件夹下所有)
PEER配置文件需要替换的证书:
PEER的CA根证书
.pem格式替换crypto-config/peerOrganizations/org1.example.com/ca/ca.org1.example.com-cert.pem
crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/tlscacerts/ca.org1.example.com-cert.pem
crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/cacerts/ca.org1.example.com-cert.pem
crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
CA根证书的私钥
.pem格式替换crypto-config/peerOrganizations/org1.example.com/ca/fcf776b02a05600408d0be9d9752afc59f64950b721cacb363b5b95a0fea6216_sk
PEER的CA根证书生成3套子证书
第一套的证书用来替换crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/signcerts/peer.org1.example.com-cert.pem
第一套的私钥用来替换crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/keystore/46c70c47d10e70d2a8a4711eb3b766d3621927ad045691dcd258fa9e93bc2c2c_sk
第二套的证书用来替换crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/admincerts/
[email protected]
crypto-config/peerOrganizations/org1.example.com/users/
[email protected]/msp/signcerts/
[email protected]
第二套的私钥用来替换crypto-config/peerOrganizations/org1.example.com/users/
[email protected]/msp/keystore/6b32e59640c594cf633ad8c64b5958ef7e5ba2a205cfeefd44a9e982ce624d93_sk
第三套的证书用来替换crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
第三套的私钥用来替换crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
ORDERER配置文件需要替换的证书:
ORDERER的CA根证书(注意ORDERER的根证书与PEER的根证书是平级的)
.pem格式替换crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/ca.example.com-cert.pem
crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/ca.crt
ORDERER的CA根证书生成3套子证书
第一套的证书用来替换crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp/signcerts/orderer.example.com-cert.pem
第一套的私钥用来替换crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp/keystore/30652478a0678558e8573fa33246175b33997226b63fa40503290187e0f99144_sk
第二套的证书用来替换crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp/admincerts/
[email protected]
第三套的证书用来替换crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
第三套的私钥用来替换crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.key