Fabric CA 配置与应用
通过命令行安装faric-ca,下载源码并编译:
go get -u github.com/hyperledger/fabric-ca/cmd/fabric-ca-server
go get -u github.com/hyperledger/fabric-ca/cmd/fabric-ca-clientgo get命令会自动获取源码并编译至$GOPATH/bin,我的目录是~/go/bin,目录下出现编译好的二进制可执行文件fabric-ca-server和fabric-ca-client
2、配置环境变量
$ export PATH=/opt/gopath/bin:$PATH
$ source /etc/profile接着进入bin目录对CA服务端进行初始化:
fabric-ca-server init -b admin:adminpw 初始化后在目录下生成
- msp :包含keystore,CA服务器的私钥
- ca-cert.pem :CA服务端的证书
- fabric-ca-server.db :CA默认使用的嵌入型数据库 SQLite
- fabric-ca-server-config.yaml :CA服务端的配置文件
接着启动CA服务器
fabric-ca-server start -b admin:adminpwCA server开始监听,默认监听地址为http://0.0.0.0:7054。如果直接执行start命令则会自动先进行初始化init然后启动服务开始监听。配置环境变量:
export FABRIC_CA_CLIENT_HOME=$HOME/svr/client根据用户名、密码登记(enroll)admin用户,登记完成后,admin用户才可以登记(enroll)user
fabric-ca-client enroll -u http://admin:adminpw@localhost:7054[yzapps@00VMDL-FabricCa-172-19-101-64 client]$fabric-ca-client enroll -u http://admin:adminpw@localhost:7054
2019/03/23 15:33:26 [INFO] Created a default configuration file at /home/yzapps/svr/client/fabric-ca-client-config.yaml
2019/03/23 15:33:26 [INFO] generating key: &{A:ecdsa S:256}
2019/03/23 15:33:26 [INFO] encoded CSR
2019/03/23 15:33:26 [INFO] Stored client certificate at /home/yzapps/svr/client/msp/signcerts/cert.pem
2019/03/23 15:33:26 [INFO] Stored root CA certificate at /home/yzapps/svr/client/msp/cacerts/localhost-7054.pem
2019/03/23 15:33:26 [INFO] Stored Issuer public key at /home/yzapps/svr/client/msp/IssuerPublicKey
2019/03/23 15:33:26 [INFO] Stored Issuer revocation public key at /home/yzapps/svr/client/msp/IssuerRevocationPublicKey执行命令后,会在指定的目录 $FABRIC_CA_CLIENT_HOME 下fabric-ca-client-config.yaml文件和msp目录。包含管理员的证书和私钥。
有了已经enroll成功的admin用户,接下来将admin作为登记员(Registrar)来登记(register)一个新用户(User)。
fabric-ca-client register --id.name Jim --id.type user --id.affiliation org1.department1 --id.attrs 'hf.Revoker=true,foo=bar'登记后的用户身份可以采用如下命令来注册一个新的用户Jim:
[yzapps@00VMTL-FabricPeer-172-19-102-61 svr]$ fabric-ca-client register --id.name Jim --id.type user --id.affiliation org1.department1 --id.attrs 'hf.Revoker=true,foo=bar'
2019/03/23 16:05:33 [INFO] Configuration file location: /home/yzapps/svr/client/fabric-ca-client-config.yaml
Password: BXcamKtRAiCV客户端可以接收到一个密码(BXcamKtRAiCV),用这个注册密码来注册(enroll)用户:
fabric-ca-client enroll -u http://Jim:BXcamKtRAiCV@localhost:7054 -M $FABRIC_CA_CLIENT_HOME/Jim这样一个新用户就注册成功了,获取了属于自己的证书和私钥。