In the context of Fabric CA, there are two steps to generate the private key and certificate for a user: "register" and "enroll".
However, it seems that the meaning of "register" and "enroll" is not clearly stated in the official document of Fabric CA. Can any expert tell me what they mean respectively? Thank you.
"Registration" is done by the CA admin. A username and password is assigned to an identity, along with attributes (will the identity be an admin or a node, for example?). This registration places the username and password, along with the relevant other information about the identity, in the database of the CA. No certificates have been generated at this point. The identity has simply been registered.
"Enrollment" is the process where certificates are created and given to the user of the identity. The username and password is given to this user out of band, and they use the name and password as part of a fabric-ca-client call to the CA. The public and private keys --- encoded with the relevant attributes registered with the CA --- are then generated.
The reason for the separate between registration and enrollment is to ensure that only the user of an identity receives their private key.
