一、常用命令及例子
fabric-ca-client主要子命令
fabric-ca-client用来管理身份(包括属性管理)和证书(包括续订和回收)。主要子命令如下:
affiliation:管理分支机构
certificate:管理证书
enroll:认证一个账号
gencrl:撤销证书(生成一个CRL:Certificate Revocation Lists,证书撤销表)
gencsr:创建证书签名(生成一个CSR:Certificate Signing Request,认证签名请求)
getcainfo:获取CA证书
identity:管理账号
reenroll:重新认证账号
register:注册新账户
revoke:撤销账号
version:显示版本信息
执行下述命令前,确保fabric-ca-server已经正常启动。
tips:默认客户配置信息文件夹为$HOME/.fabric-ca-client,也可以通过-H参数另外指定,或者通过环境变量指定。(参考1)
注册新账户 register
注册例子。这里输入用户名和密码等信息。
fabric-ca-client register --id.name usertest --id.type user --id.affiliation org1.department1 --id.secret userpwd -u http://localhost:7054
1
载入账户 enroll
enroll这个词在这里没有确切的对应的中文词,有登记在本地之意。暂时叫做“载入”吧。
载入后,会在本地存储存放用户的证书信息,包括用户私钥文件cert.pem和CA认证链文件localhost-7054.pem。
如果载入的身份信息过期或者失效(compromised),需要用reenroll命令重新载入。
sudo mkdir /opt/hyperledger/hxssuser
sudo chmod 777 /opt/hyperledger/hxssuser
fabric-ca-client enroll -u http://usertest:user2pwd@localhost:7054 -M /opt/hyperledger/hxssuser/msp
1
2
3
-M参数表示指定msp目录,这里会存放用户的证书信息。每个用户需要指定自己的msp目录,如果不指定本目录,会将admin的认证信息给覆盖掉。
获取CA服务器证书
获取证书例子。
fabric-ca-client getcacert -u http://localhost:7054 -M /opt/hyperledger/hxssuser/msp
二、注册新账户流程
需要按照下面的顺序进行:
1.载入(enroll)admin账户
2.注册(register)新账户(执行注册的身份如果没有事先enroll的话是不能注册新账户的)
3.载入(enroll)新账户
#1.载入enroll admin账户
fabric-ca-client enroll -u http://admin:adminpw@localhost:7054 -M /opt/hyperledger/fabric-ca-client
#2.注册register 新账户
fabric-ca-client register --id.name usertest --id.type user --id.affiliation org1.department1 --id.secret userpwd -u http://localhost:7054
#3.载入enroll 新账户
fabric-ca-client enroll -u http://usertest:userpwd@localhost:7054 -M /opt/hyperledger/hxssuser/msp
输出例子(执行环境:VMware 15.0.4/Ubuntu 18.04LTS/Fabric 1.2.1 ):
23:19 mark@marklinux hyperledger$ mkdir /opt/hyperledger/fabric-ca-client
23:19 mark@marklinux hyperledger$ export FABRIC_CA_CLIENT_HOME=/opt/hyperledger/fabric-ca-client
23:19 mark@marklinux hyperledger$ fabric-ca-client enroll -u http://admin:adminpw@localhost:7054 -M /opt/hyperledger/fabric-ca-client
2020/02/23 23:19:46 [INFO] Created a default configuration file at /opt/hyperledger/fabric-ca-client/fabric-ca-client-config.yaml
2020/02/23 23:19:46 [INFO] generating key: &{A:ecdsa S:256}
2020/02/23 23:19:46 [INFO] encoded CSR
2020/02/23 23:19:47 [INFO] Stored client certificate at /opt/hyperledger/fabric-ca-client/signcerts/cert.pem
2020/02/23 23:19:47 [INFO] Stored root CA certificate at /opt/hyperledger/fabric-ca-client/cacerts/localhost-7054.pem
23:39 mark@marklinux fabric-ca-client$ fabric-ca-client register --id.name usertest --id.type user --id.affiliation org1.department1 --id.secret userpwd -u http://localhost:7054
2020/02/23 23:40:03 [INFO] Configuration file location: /opt/hyperledger/fabric-ca-client/fabric-ca-client-config.yaml
Password: userpwd
23:43 mark@marklinux fabric-ca-client$ sudo mkdir /opt/hyperledger/hxssuser
23:44 mark@marklinux fabric-ca-client$ sudo chmod 777 /opt/hyperledger/hxssuser
23:44 mark@marklinux fabric-ca-client$ fabric-ca-client enroll -u http://usertest:userpwd@localhost:7054 -M /opt/hyperledger/hxssuser/msp
2020/02/23 23:44:26 [INFO] generating key: &{A:ecdsa S:256}
2020/02/23 23:44:26 [INFO] encoded CSR
2020/02/23 23:44:27 [INFO] Stored client certificate at /opt/hyperledger/hxssuser/msp/signcerts/cert.pem
2020/02/23 23:44:27 [INFO] Stored root CA certificate at /opt/hyperledger/hxssuser/msp/cacerts/localhost-7054.pem
参考1:官网文档>Fabric CA Client
参考2:简书博客>Hyperledger Fabric CA的命令行用法
参考3:CSDN博客,翻译Fabric CA 官方用户指南(中文版)
参考4:Exploring Fabric-CA: Registration and Enrollment
————————————————
版权声明:本文为CSDN博主「SiteBus」的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/sitebus/article/details/104464474