2021-04-15-fabric-ca详解

---

title: fabric-ca详解
date: 2021-04-15 14:30:23
categories:

• Hyperledger Fabric
  tags:
• Hyperledger Fabric
• fabric-ca

---

MSP

msp定义

MSP是hyperleger fabric对网络中的组成成员进行身份管理与验证的模块组件。

作用：

管理用户ID

验证想要加入网络的节点

为客户发起的交易提供凭证

MSP 在Hyperledger Fabric中按级别分类如下：

网络MSP：对整个hyperledger fabric网络中的成员进行管理；定义参与组织的MSP，以及组织成员中的那些成员被授权执行管理任务（如创建通道）

通道MSP：对一个通道中的成员进行管理，通道在特定的一组组织之间提供私有通信；在该通道的MSP环境中（通道策略）定义了谁有权限参与通道上的某些行为（如添加组织或实例化链码）。

Peer MSP：每个Peer节点都有一个单独的MSP实例，执行与通道MSP完全相同的功能，其限制是它仅适用于定义它的Peer节点。

Orderer MSP：与Peer MSP相同，Orederer节点的本地MSP也在其节点的文件系统上定义，仅适用于该Orderer节点。

User MSP：每个组织都可以拥有多个不同的用户，都在其Organization节点的文件系统上定义，仅适用于定义它的Peer节点。

在Hyperledger Fabric中，各个网络参与者之间的通信安全依赖于PKI（Public Key Infrastructure,公钥基础结构）标准实现，并确保在区块链上发布的消息得到相应的认证。

PKI只是一个体系结构，负责生成及颁发证书。在H yperledger fabric 中，默认MSP实际上使用符合X.509标准的证书作为身份，采用传统的PKI分层模型来实现。

PKI的四个关键要素：

数字证书：最常见的证书类型符合X.509标准的证书。

公钥和私钥：

证书颁发机构：这些证书由CA进行数字签名，CA是为组织的参与者提供可验证的数字身份的基础。

证书撤销列表：

MSP的组成结构

MSP

• RCA 根CA ：文件夹包含根CA的自签名X.509证书列表，用于自签名及给中间CA证书签名。
• ICA 中间CA ：包含根CA颁发的证书列表。
• OU 组织单位：这些单位列在$FABRIC_CFG_PATH/msp/config.yaml文件中，包含一个组织单位列表，其成员被视为该MSP所代表的组织的一部分。
• B 管理页：此文件夹包含一个标识列表，用于定义具有此组织管理员角色的角色。
• ReCA 撤销证书：保存已被撤销参与者身份的信息。
• SCA 签名证书：背书节点在交易提案响应中的签名证书。
• KeyStore 私钥：
• TLS RCA TLS根CA
• TLS ICA TLS中间CA

Fabric-ca

fabric-ca 项目是专门为了解决Fabric账号问题而发起的一个开源项目, 它非常完美的解决了fabric账号生成的问题。fabric-ca项目由 fabric-server 和fabric-client这两个模块组成。其中fabric-server在 fabric中占有非常重要的作用。我们使用cryptogen命令可以同配置文件生成一些账号信息, 但是如果有动态添加账号的需求, 就无法满足, 所以这个时候我们就应该在项目中引入fabric-ca。

上图中Fabric CA提供了两种访问方式调用Server服务

• 通过Fabric-Client调用
• 通过SDK调用 （node.js，java， go）

通常情况下， 一个组织会对应一个fabric-server服务器，

• 要在每个组织中部署一个fabric-ca服务器, 给当前组织注册新用户
• Hyperledger fabric CA客户端或SDK可以连接到Hyperledger fabric CA服务器集群，集群由HA Proxy等实现负载均衡。
• 服务器可能包含多个CA，每个CA都是根CA或者中间CA，每个中间CA都有一个父CA。

初始化ca

• 确定hyperleger fabric CA服务器的主目录

  • 检查命令行，有-home 则使用-home的值为主目录
  • 检查FABRIC_CA_SERVER_CA_HOME
  • 检查FABRIC_CA_HOME
  • 检查CA_CFG_PATH
  • 否则使用当前工作目录作为服务器端的主目录

• 初始化hyperledger fabric ca

  fabric-ca-server init -b admin:pass //初始化命令

  执行命令后生成如下文件：

  • fabric-ca-server-config.yaml：默认配置文件
  • ca-cert.pem: PEM格式的CA证书文件，自签名；
  • fabric-ca-server.db: 存放数据的SQLite3数据库；
  • map/keystore/: 路径下存放个人身份的私钥文件，对应签名证书；

• 快速启动ca

  fabric-ca-server start -b admin:pass 如果没有初始化，启动过程会自动初始化

Hyperledger fabric ca 客户端命令

五个子命令

执行这些命令都是通过服务端RESTful接口来进行操作

enroll : 注册获取ECert

register : 登记用户

getcainfo : 获取CA服务的证书链

reenroll : 重新注册

revoke : 撤销签发的证书身份

version ：Hyperledger fabric CA 客户端版本信息

docker-compose文件中ca配置

  ca.org1.example.com:                       //服务器名
    image: hyperledger/fabric-ca:1.4.9       //fabric-ca镜像文件
    container_name: ca.org1.example.com
    environment:               
      - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server  //fabric-ca容器中的home目录
      - FABRIC_CA_SERVER_CA_NAME=ca.org1.example.com     //服务器名 自己起
      - FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem              //明确当前fabric-ca属于那个组织
      - FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/priv_sk //私钥
      - FABRIC_CA_SERVER_TLS_ENABLED=true
      - FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem      //覆盖配置文件中的cert.pem设置：
      - FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/priv_sk
    ports:
      - 7054:7054      //fabric-ca服务器绑定的端口
    command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
    volumes:                                //用户名：密码
      - ./crypto-config/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
    networks:
      - test

 fabric-ca-client enroll -u https://admin:[email protected]:7054 --tls.certfiles /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
 

hyperledger fabric CA 实操

1.初始化

2.启动fabric-ca服务

这两个都不用操作  应为你在启动ca.org1.example.com容器的时候已经做了
    ports:
      - 7054:7054      //fabric-ca服务器绑定的端口
    command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
    volumes:                                //用户名：密码
记住这个密码 

3.配置数据库

我用的默认的 其他的以后用到再学 所以这块也不用管

4.配置LDAP

这块也暂时不用管，还没用到

5.实用CA客户端命令

注册用户

$docker exec -it ca.org1.example.com bash     //进入容器终端
$export PATH=$PATH:$GOPATH/bin
$export FABRIC_CA_CLIENT_HOME=$HOME/fabric-ca/clients/admin
$fabric-ca-client enroll -u https://admin:[email protected]:7054 --tls.certfiles /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem

如果成功会出现一下结果：  不成功自行解决
2021/04/17 09:44:54 [INFO] Created a default configuration file at /root/fabric-ca/clients/admin/fabric-ca-client-config.yaml
2021/04/17 09:44:54 [INFO] TLS Enabled
2021/04/17 09:44:54 [INFO] generating key: &{A:ecdsa S:256}
2021/04/17 09:44:54 [INFO] encoded CSR
2021/04/17 09:44:54 [INFO] Stored client certificate at /root/fabric-ca/clients/admin/msp/signcerts/cert.pem
2021/04/17 09:44:54 [INFO] Stored root CA certificate at /root/fabric-ca/clients/admin/msp/cacerts/ca-org1-example-com-7054.pem
2021/04/17 09:44:54 [INFO] Stored Issuer public key at /root/fabric-ca/clients/admin/msp/IssuerPublicKey
2021/04/17 09:44:54 [INFO] Stored Issuer revocation public key at /root/fabric-ca/clients/admin/msp/IssuerRevocationPublicKey

登记用户

暂时没用 以后补充

登记节点

$export FABRIC_CA_CLIENT_HOME=$HOME/fabric-ca/clients/admin
$fabric-ca-client register --id.name peer1.org1.example.com --id.type peer --id.affiliation org1.department1 --id.secret peer1pw --tls.certfiles /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem

如果成功：则显示
2021/04/17 09:53:56 [INFO] Configuration file location: /root/fabric-ca/clients/admin/fabric-ca-client-config.yaml
2021/04/17 09:53:56 [INFO] TLS Enabled
2021/04/17 09:53:56 [INFO] TLS Enabled
Password: peer2pw

注册节点

$export FABRIC_CA_CLIENT_HOME=$HOME/fabric-ca/clients/peer1.org1.example.com
$fabric-ca-client enroll -u https://peer1.org1.example.com:[email protected]:7054 -M $FABRIC_CA_CLIENT_HOME/msp --tls.certfiles /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem

如果成功：
2021/04/17 09:59:05 [INFO] TLS Enabled
2021/04/17 09:59:05 [INFO] generating key: &{A:ecdsa S:256}
2021/04/17 09:59:05 [INFO] encoded CSR
2021/04/17 09:59:05 [INFO] Stored client certificate at /root/fabric-ca/clients/peer2.org1.example.com/msp/signcerts/cert.pem
2021/04/17 09:59:05 [INFO] Stored root CA certificate at /root/fabric-ca/clients/peer2.org1.example.com/msp/cacerts/ca-org1-example-com-7054.pem
2021/04/17 09:59:05 [INFO] Stored Issuer public key at /root/fabric-ca/clients/peer2.org1.example.com/msp/IssuerPublicKey
2021/04/17 09:59:05 [INFO] Stored Issuer revocation public key at /root/fabric-ca/clients/peer2.org1.example.com/msp/IssuerRevocationPublicKey

注册TLS CA的管理员

$docker exec -it ca.org1.example.com bash     //进入容器终端
$export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/tls-ca/crypto/tls-ca-cert.pem
$export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/tls-ca/admin
$fabric-ca-client enroll -d -u https://admin:[email protected]:7054 --tls.certfiles /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem

成功后终端显示
2021/04/28 08:50:50 [DEBUG] Set log level: 
2021/04/28 08:50:50 [DEBUG] Home directory: /etc/hyperledger/fabric-ca-server
2021/04/28 08:50:50 [INFO] Created a default configuration file at /etc/hyperledger/fabric-ca-server/fabric-ca-client-config.yaml
2021/04/28 08:50:50 [DEBUG] Client configuration settings: &{URL:https://admin:[email protected]:7054 MSPDir:msp TLS:{Enabled:true CertFiles:[/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem] Client:{KeyFile: CertFile:}} Enrollment:{ Name: Secret:**** CAName: AttrReqs:[] Profile: Label: CSR: Type:x509  } CSR:{CN:admin Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[18ed2407e2d5] KeyRequest:0xc00037f3c0 CA: SerialNumber:} ID:{Name: Type:client Secret: MaxEnrollments:0 Affiliation: Attributes:[] CAName:} Revoke:{Name: Serial: AKI: Reason: CAName: GenCRL:false} CAInfo:{CAName:} CAName: CSP:0xc00037ee00 Debug:true LogLevel:}
2021/04/28 08:50:50 [DEBUG] Entered runEnroll
2021/04/28 08:50:50 [DEBUG] Enrolling { Name:admin Secret:**** CAName: AttrReqs:[] Profile: Label: CSR:&{admin [{US North Carolina  Hyperledger Fabric }] [18ed2407e2d5] 0xc00037f3c0  } Type:x509  }
2021/04/28 08:50:50 [DEBUG] Initializing client with config: &{URL:https://ca.org1.example.com:7054 MSPDir:msp TLS:{Enabled:true CertFiles:[/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem] Client:{KeyFile: CertFile:}} Enrollment:{ Name:admin Secret:**** CAName: AttrReqs:[] Profile: Label: CSR:&{admin [{US North Carolina  Hyperledger Fabric }] [18ed2407e2d5] 0xc00037f3c0  } Type:x509  } CSR:{CN:admin Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[18ed2407e2d5] KeyRequest:0xc00037f3c0 CA: SerialNumber:} ID:{Name: Type:client Secret: MaxEnrollments:0 Affiliation: Attributes:[] CAName:} Revoke:{Name: Serial: AKI: Reason: CAName: GenCRL:false} CAInfo:{CAName:} CAName: CSP:0xc00037ee00 Debug:true LogLevel:}
2021/04/28 08:50:50 [DEBUG] Initializing BCCSP: &{ProviderName:SW SwOpts:0xc00040c480 PluginOpts:}
2021/04/28 08:50:50 [DEBUG] Initializing BCCSP with software options &{SecLevel:256 HashFamily:SHA2 Ephemeral:false FileKeystore:0xc00018d870 DummyKeystore: InmemKeystore:}
2021/04/28 08:50:50 [INFO] TLS Enabled
2021/04/28 08:50:50 [DEBUG] CA Files: [/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem]
2021/04/28 08:50:50 [DEBUG] Client Cert File: 
2021/04/28 08:50:50 [DEBUG] Client Key File: 
2021/04/28 08:50:50 [DEBUG] Client TLS certificate and/or key file not provided
2021/04/28 08:50:50 [DEBUG] GenCSR &{CN:admin Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[18ed2407e2d5] KeyRequest:0xc00037f3c0 CA: SerialNumber:}
2021/04/28 08:50:50 [INFO] generating key: &{A:ecdsa S:256}
2021/04/28 08:50:50 [DEBUG] generate key from request: algo=ecdsa, size=256
2021/04/28 08:50:50 [INFO] encoded CSR
2021/04/28 08:50:50 [DEBUG] Sending request
POST https://ca.org1.example.com:7054/enroll
{"hosts":["18ed2407e2d5"],"certificate_request":"-----BEGIN CERTIFICATE REQUEST-----\nMIIBQjCB6QIBADBdMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xp\nbmExFDASBgNVBAoTC0h5cGVybGVkZ2VyMQ8wDQYDVQQLEwZGYWJyaWMxDjAMBgNV\nBAMTBWFkbWluMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVY8JVsLawCBbIK0A\nj18kxycolPQwOcuRLOHAmiH0ZCkW3pJq29g2Y+FvrNAQPyePh46i5O6uBJoTeIzU\n1ZlqfaAqMCgGCSqGSIb3DQEJDjEbMBkwFwYDVR0RBBAwDoIMMThlZDI0MDdlMmQ1\nMAoGCCqGSM49BAMCA0gAMEUCIQCHB2aVKIYFY//Q/8ObCnhbtN1zy7CsccX2VdAF\nq/aGggIgYLdJeWef/Kix3dMhLRFYK7R7RRylK3ORJYhLcqrTFjE=\n-----END CERTIFICATE REQUEST-----\n","profile":"","crl_override":"","label":"","NotBefore":"0001-01-01T00:00:00Z","NotAfter":"0001-01-01T00:00:00Z","CAName":""}
2021/04/28 08:50:50 [DEBUG] Received response
statusCode=201 (201 Created)
2021/04/28 08:50:50 [DEBUG] Response body result: map[Cert:LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNXVENDQWYrZ0F3SUJBZ0lVSGRuSjZUT1VaczlDWWlhRURNWnlYZmhtcGhrd0NnWUlLb1pJemowRUF3SXcKY3pFTE1Ba0dBMVVFQmhNQ1ZWTXhFekFSQmdOVkJBZ1RDa05oYkdsbWIzSnVhV0V4RmpBVUJnTlZCQWNURFZOaApiaUJHY21GdVkybHpZMjh4R1RBWEJnTlZCQW9URUc5eVp6RXVaWGhoYlhCc1pTNWpiMjB4SERBYUJnTlZCQU1UCkUyTmhMbTl5WnpFdVpYaGhiWEJzWlM1amIyMHdIaGNOTWpFd05ESTRNRGcwTmpBd1doY05Nakl3TkRJNE1EZzEKTVRBd1dqQmRNUXN3Q1FZRFZRUUdFd0pWVXpFWE1CVUdBMVVFQ0JNT1RtOXlkR2dnUTJGeWIyeHBibUV4RkRBUwpCZ05WQkFvVEMwaDVjR1Z5YkdWa1oyVnlNUTh3RFFZRFZRUUxFd1pqYkdsbGJuUXhEakFNQmdOVkJBTVRCV0ZrCmJXbHVNRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUVWWThKVnNMYXdDQmJJSzBBajE4a3h5Y28KbFBRd09jdVJMT0hBbWlIMFpDa1czcEpxMjlnMlkrRnZyTkFRUHllUGg0Nmk1TzZ1QkpvVGVJelUxWmxxZmFPQgpoakNCZ3pBT0JnTlZIUThCQWY4RUJBTUNCNEF3REFZRFZSMFRBUUgvQkFJd0FEQWRCZ05WSFE0RUZnUVU3ODhyClZ3dHZBSDNzSnFqTTFEaG5ZVTAzMVlzd0t3WURWUjBqQkNRd0lvQWczWWRpbk4yZVE4eURpSUhRc0xOSGZCV2oKMWF2cS9MQVRoa2s1SE1qSkpac3dGd1lEVlIwUkJCQXdEb0lNTVRobFpESTBNRGRsTW1RMU1Bb0dDQ3FHU000OQpCQU1DQTBnQU1FVUNJUUQ4RVliK1FSS2dWdlZZdEE5dXFEcVlrL3VmOTlha0daLzUyVlNDNUxTVEF3SWdFNkFuCmJCcSt2QjNsOGxYTENMKzFhaktvNlhuNnZiQ2hka2VzV0pEa3pkbz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= ServerInfo:map[CAChain:LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNVVENDQWZpZ0F3SUJBZ0lSQUtBbUp0ZTR6b3F5ZFBCTFBscHBHVGN3Q2dZSUtvWkl6ajBFQXdJd2N6RUwKTUFrR0ExVUVCaE1DVlZNeEV6QVJCZ05WQkFnVENrTmhiR2xtYjNKdWFXRXhGakFVQmdOVkJBY1REVk5oYmlCRwpjbUZ1WTJselkyOHhHVEFYQmdOVkJBb1RFRzl5WnpFdVpYaGhiWEJzWlM1amIyMHhIREFhQmdOVkJBTVRFMk5oCkxtOXlaekV1WlhoaGJYQnNaUzVqYjIwd0hoY05NakV3TWpBMU1UQXpNakF3V2hjTk16RXdNakF6TVRBek1qQXcKV2pCek1Rc3dDUVlEVlFRR0V3SlZVekVUTUJFR0ExVUVDQk1LUTJGc2FXWnZjbTVwWVRFV01CUUdBMVVFQnhNTgpVMkZ1SUVaeVlXNWphWE5qYnpFWk1CY0dBMVVFQ2hNUWIzSm5NUzVsZUdGdGNHeGxMbU52YlRFY01Cb0dBMVVFCkF4TVRZMkV1YjNKbk1TNWxlR0Z0Y0d4bExtTnZiVEJaTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEEwSUEKQkRtZkpBaWpWWldCa0xLbi9ORlhUL2Y1bVQwZ1NwQVF3RTlvaE1zWlp0L2wwdkhvMXFpMmM4Z2dkTTdIQkppSQpMOGVjMG8vUVo2c3hIR0J4WG1pSXUzU2piVEJyTUE0R0ExVWREd0VCL3dRRUF3SUJwakFkQmdOVkhTVUVGakFVCkJnZ3JCZ0VGQlFjREFnWUlLd1lCQlFVSEF3RXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QXBCZ05WSFE0RUlnUWcKM1lkaW5OMmVROHlEaUlIUXNMTkhmQldqMWF2cS9MQVRoa2s1SE1qSkpac3dDZ1lJS29aSXpqMEVBd0lEUndBdwpSQUlnRnc2MzZkR0hnM3lGSU8xZVhXNXdoNjNwNzc0aUZ6VWR4TEhrakg0U0NQWUNJSGZ1Y2JHWXhkSmRwMUJWClpKUkd3QzBFTWV5VXFjYmZYcFV1akkxS2tZNzMKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= CAName:ca.org1.example.com IssuerPublicKey:CgJPVQoEUm9sZQoMRW5yb2xsbWVudElEChBSZXZvY2F0aW9uSGFuZGxlEkQKIMgw1E4Z4WSJARR04GCv3lgl8l3hX6RLTLj5c/8lxBkgEiD4L9X26aRPniH3SWAGSUZIywBdR8APC5Q6UMd4oDwrkBpECiDxWFxxb5IxT+mgQbILQ3YZHDAAnsSscNvByUAckvnutxIgw1eQ8qTmltVLyA/4gtinC5zbLiCYbKMBaKnunWI6ClMiRAogo/u/AXrC55W1Gkohgj6JrSpNCLrth5O7a2GAaj0+0ooSIE5xmdTV6EEcMrAkRQ4Hjq1JAn27N5zyQcJ5gZ13w+YIIkQKIJ1JPUC+iH74r8xqWeAL0ieAduLXYYd7LOJj4unYepH+EiCfSn7tCRDj/ofAVam/jGJqd8wjK1hmPbyJG0BvV1+F8CJECiDRi11o96kTqYgeQQUeuPWDT24S9r2J2Lutfc8s9L6lmBIgrqS8o6CPoVWTq4obqBxQZ1LeLPHpfTK0lR8vi9rmk1MiRAognknvm1L2etcNrcJHK9IrDlC0qzs8UC1ha/Xm/jLSEg0SIMPSZZHUjM8xYcBN72GIFTD4QF6CVFnzJfakXMbPwigJKogBCiDpbe0h96TE30xCH6cnbkY1sZent9Srz6h52MS96qogfRIgDROHC88L/71g+5eJlaC3GwzNCResxzHRVF8zanslRN4aIGsOhtun32eqvHYQgOKpWYxR6FUKt7PvQRj80+DMzWqYIiDTab3Wrr5OsJqFcUeIBTQkm6kSITPO1Qb7fE13cCni7TJECiCSijrzATGkfSnI9ozDUfbhVZX+KOsLKiCMvgpLp6VomBIgroOBa/9M5C/Oxjaee/hUNvMun5K9ekBazBAEwbg4+lY6RAogKNY56fu1lhSP6cz54CeB6N/0RGMHW/7zdmkXNj7LNlwSIM+ourO94xrXU4c5z3tzfrKkdjo2Idl0Wf5tPcweNRqOQiAKbR1SLLsJZDFdV22qSwGeqpAKRDD0NyKuaebhOAm210ogDCsGYwpymg6Fj9ITaRwFfxY0W9/WX8lxw+jVVSvU8dNSIMiWEigoXf9B8vLPsF9w0YYjq6g4Ug6iMfr4dfeP0kyX IssuerRevocationPublicKey:LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUhZd0VBWUhLb1pJemowQ0FRWUZLNEVFQUNJRFlnQUVpd2F0MXJSTDRlM0xSZVAyZ0x2RGRtZ3JqZmtKSGFSTApaSEZLKzVXTExKVndmNFJ3SFJzN0hlUUljemEzams0bFAvS1lOVUtKSjFEV0UwT2VyeTljdzlOUnpQM3oxb2wxCktTQ2ExWmEydDJ1VmY0VURIYVhPUVBwd2dySXNMZ2pCCi0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo= Version:]]
2021/04/28 08:50:50 [DEBUG] newEnrollmentResponse admin
2021/04/28 08:50:50 [INFO] Stored client certificate at /etc/hyperledger/fabric-ca-server/msp/signcerts/cert.pem
2021/04/28 08:50:50 [INFO] Stored root CA certificate at /etc/hyperledger/fabric-ca-server/msp/cacerts/ca-org1-example-com-7054.pem
2021/04/28 08:50:50 [INFO] Stored Issuer public key at /etc/hyperledger/fabric-ca-server/msp/IssuerPublicKey
2021/04/28 08:50:50 [INFO] Stored Issuer revocation public key at /etc/hyperledger/fabric-ca-server/msp/IssuerRevocationPublicKey

//fabric-ca-client register -d --id.name peer1-org1 --id.secret peer1PW --id.type peer -u https://0.0.0.0:7052
$fabric-ca-client register -d --id.name peer2.org1.example.com --id.secret peer2PW --id.type peer -u https://ca.org1.example.com:7054 --tls.certfiles /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem

//fabric-ca-client register -d --id.name peer1-org2 --id.secret peer1PW --id.type peer -u https://0.0.0.0:7052
//fabric-ca-client register -d --id.name peer2-org2 --id.secret peer2PW --id.type peer -u https://0.0.0.0:7052
//fabric-ca-client register -d --id.name orderer1-org0 --id.secret ordererPW --id.type orderer -u https://0.0.0.0:7052

成功后终端显示
2021/04/28 08:55:25 [DEBUG] Set log level: 
2021/04/28 08:55:25 [DEBUG] Home directory: /etc/hyperledger/fabric-ca-server
2021/04/28 08:55:25 [INFO] Configuration file location: /etc/hyperledger/fabric-ca-server/fabric-ca-client-config.yaml
2021/04/28 08:55:25 [DEBUG] Checking for enrollment
2021/04/28 08:55:25 [DEBUG] Initializing client with config: &{URL:https://ca.org1.example.com:7054 MSPDir:msp TLS:{Enabled:true CertFiles:[/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem] Client:{KeyFile: CertFile:}} Enrollment:{ Name: Secret:**** CAName: AttrReqs:[] Profile: Label: CSR: Type:x509  } CSR:{CN:admin Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[18ed2407e2d5] KeyRequest:0xc000451920 CA: SerialNumber:} ID:{Name:peer2.org1.example.com Type:peer Secret:peer2PW MaxEnrollments:0 Affiliation: Attributes:[] CAName:} Revoke:{Name: Serial: AKI: Reason: CAName: GenCRL:false} CAInfo:{CAName:} CAName: CSP:0xc000451cc0 Debug:true LogLevel:}
2021/04/28 08:55:25 [DEBUG] Initializing BCCSP: &{ProviderName:SW SwOpts:0xc0003f2300 PluginOpts:}
2021/04/28 08:55:25 [DEBUG] Initializing BCCSP with software options &{SecLevel:256 HashFamily:SHA2 Ephemeral:false FileKeystore:0xc000169050 DummyKeystore: InmemKeystore:}
2021/04/28 08:55:25 [INFO] TLS Enabled
2021/04/28 08:55:25 [DEBUG] CA Files: [/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem]
2021/04/28 08:55:25 [DEBUG] Client Cert File: 
2021/04/28 08:55:25 [DEBUG] Client Key File: 
2021/04/28 08:55:25 [DEBUG] Client TLS certificate and/or key file not provided
2021/04/28 08:55:25 [DEBUG] CheckIdemixEnrollment - ipkFile: /etc/hyperledger/fabric-ca-server/msp/IssuerPublicKey, idemixCredFrile: /etc/hyperledger/fabric-ca-server/msp/user/SignerConfig
2021/04/28 08:55:25 [DEBUG] Client configuration settings: &{URL:https://ca.org1.example.com:7054 MSPDir:/etc/hyperledger/fabric-ca-server/msp TLS:{Enabled:true CertFiles:[/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem] Client:{KeyFile: CertFile:}} Enrollment:{ Name: Secret:**** CAName: AttrReqs:[] Profile: Label: CSR: Type:x509  } CSR:{CN:admin Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[18ed2407e2d5] KeyRequest:0xc000451920 CA: SerialNumber:} ID:{Name:peer2.org1.example.com Type:peer Secret:peer2PW MaxEnrollments:0 Affiliation: Attributes:[] CAName:} Revoke:{Name: Serial: AKI: Reason: CAName: GenCRL:false} CAInfo:{CAName:} CAName: CSP:0xc000451cc0 Debug:true LogLevel:}
2021/04/28 08:55:25 [DEBUG] Entered runRegister
2021/04/28 08:55:25 [DEBUG] Initializing client with config: &{URL:https://ca.org1.example.com:7054 MSPDir:/etc/hyperledger/fabric-ca-server/msp TLS:{Enabled:true CertFiles:[/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem] Client:{KeyFile: CertFile:}} Enrollment:{ Name: Secret:**** CAName: AttrReqs:[] Profile: Label: CSR: Type:x509  } CSR:{CN:admin Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[18ed2407e2d5] KeyRequest:0xc000451920 CA: SerialNumber:} ID:{Name:peer2.org1.example.com Type:peer Secret:peer2PW MaxEnrollments:0 Affiliation: Attributes:[] CAName:} Revoke:{Name: Serial: AKI: Reason: CAName: GenCRL:false} CAInfo:{CAName:} CAName: CSP:0xc000451cc0 Debug:true LogLevel:}
2021/04/28 08:55:25 [DEBUG] Initializing BCCSP: &{ProviderName:SW SwOpts:0xc0003f2300 PluginOpts:}
2021/04/28 08:55:25 [DEBUG] Initializing BCCSP with software options &{SecLevel:256 HashFamily:SHA2 Ephemeral:false FileKeystore:0xc000169050 DummyKeystore: InmemKeystore:}
2021/04/28 08:55:25 [INFO] TLS Enabled
2021/04/28 08:55:25 [DEBUG] CA Files: [/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem]
2021/04/28 08:55:25 [DEBUG] Client Cert File: 
2021/04/28 08:55:25 [DEBUG] Client Key File: 
2021/04/28 08:55:25 [DEBUG] Client TLS certificate and/or key file not provided
2021/04/28 08:55:25 [DEBUG] Loading identity: keyFile=/etc/hyperledger/fabric-ca-server/msp/keystore/key.pem, certFile=/etc/hyperledger/fabric-ca-server/msp/signcerts/cert.pem
2021/04/28 08:55:25 [DEBUG] No credential found at /etc/hyperledger/fabric-ca-server/msp/user/SignerConfig: open /etc/hyperledger/fabric-ca-server/msp/user/SignerConfig: no such file or directory
2021/04/28 08:55:25 [DEBUG] No Idemix credential found at /etc/hyperledger/fabric-ca-server/msp/user/SignerConfig
2021/04/28 08:55:25 [DEBUG] Register { Name:peer2.org1.example.com Type:peer Secret:**** MaxEnrollments:0 Affiliation: Attributes:[] CAName:  }
2021/04/28 08:55:25 [DEBUG] Adding token-based authorization header
2021/04/28 08:55:25 [DEBUG] Sending request
POST https://ca.org1.example.com:7054/register
{"id":"peer2.org1.example.com","type":"peer","secret":"peer2PW","affiliation":""}
2021/04/28 08:55:25 [DEBUG] Received response
statusCode=201 (201 Created)
2021/04/28 08:55:25 [DEBUG] Response body result: map[secret:peer2PW]
2021/04/28 08:55:25 [DEBUG] The register request completed successfully
Password: peer2PW