2

I am confused about how fabric-ca works. Its my first time working with CA. I have followed official fabric-ca documentation and have following question.

This is how i approach starting up a CA server and then enroll and register a client identity.

1- I start fabric ca server via docker, my docker

fabric-ca:
  image: hyperledger/fabric-ca
  container_name: fabric-ca
  ports:
    - "7054:7054"
  environment:
    - FABRIC_CA_SERVER_HOME=/etc/hyperledger/fabric-ca-server
    - FABRIC_CA_CLIENT_HOME=/etc/hyperledger/fabric-ca-client
    - FABRIC_CA_LOGLEVEL=debug
    - FABRIC_CA_SERVER_CA_NAME=fabric-ca
  volumes:
    - "./fabric-ca-server:/etc/hyperledger/fabric-ca-server"
    - "./fabric-ca-client:/etc/hyperledger/fabric-ca-client"
  command: sh -c 'fabric-ca-server start -b rootadmin:rootadminpw'

2- Now docker container starts successfully and i have following files/certs generated in my PWD.

▶ tree .
.
├── fabric-ca-client
├── fabric-ca-dokcer-compose.yaml
└── fabric-ca-server
    ├── ca-cert.pem
    ├── fabric-ca-server-config.yaml
    ├── fabric-ca-server.db
    └── msp
        └── keystore
            └── 45eed6744814fc8f2055ead83036b9bb15e5b9c5c5fd2b36db2419a7e585b8c3_sk

4 directories, 5 files
  1. I have followed this tutorial about OpenSSL (https://jamielinux.com/docs/openssl-certificate-authority/), according to which we need a self signed root certificate.
    * I understand that certificates generated above are self signed root certificates.

4- Now according to fabric-ca documentation we need to enroll a bootstrap identity 

fabric-ca-client enroll -u http://rootadmin:rootadminpw@localhost:7054

This command generates crypto files and config file in fabric-ca-client directory as follow

▶ tree .                                                                
.
├── fabric-ca-client-config.yaml
└── msp
    ├── cacerts
    │   └── localhost-7054.pem
    ├── intermediatecerts
    │   └── localhost-7054.pem
    ├── keystore
    │   └── b06fc324d2176a14db0fde95a951f846b57e533ea34bf94ab231345bdf3b13a5_sk
    └── signcerts
        └── cert.pem

5 directories, 5 files

So what is diffrence between these crypto and cryptos generated on server, especiall .pem files.

And also what is relation between server and client crypto files? Are these client cryptos are signed by server?

And also if i run above fabric-ca-client command multiple times, .pem files remain same but i get multiple files in keystore folder, which i understand are private keys.

Lastly, what exactly is diffrence between enroll and register command?

Asad Hayat
  • 123
  • 1
  • 6

0 Answers0