记如何颁发fabric-ca证书

2024-03-06 14:07:26

首先我们开启中间CA4服务器：

../fabric-ca-server start -b admin4:adminpw4 -u http://admin:adminpw@localhost:7054 --home ./intermediaca4 --cfg.affiliations.allowremove --cfg.identities.allowremove

然后我们生成MSP:

../fabric-ca-client register --id.name peer2.org1.food.com --id.type peer --id.affiliation "com.food.org1" --id.attrs '"role=peer",ecert=true' --id.secret=123456 --csr.cn=peer2.org1.food.com --csr.hosts=['peer2.org1.food.com'] -M ./crypto-config/peerOrganizations/org1.food.com/msp -u http://admin4:adminpw4@localhost:7058 --home ./fabric-ca-client

fabric-ca-client enroll -u http://peer2.org1.food.com:123456@localhost:7058 --csr.cn=peer1.org1.food.com --csr.hosts=['peer2.org1.food.com'] -M ./crypto-config/peerOrganizations/org1.food.com/peers/peer2.org1.food.com/msp --home ./fabric-ca-client

mkdir ./fabric-ca-client/crypto-config/peerOrganizations/org1.food.com/peers/peer2.org1.food.com/msp/admincerts

cp ./fabric-ca-client/crypto-config/peerOrganizations/org1.food.com/users/Admin@org1.food.com/msp/signcerts/Admin@org1.food.com-cert.pem ./fabric-ca-client/crypto-config/peerOrganizations/org1.food.com/peers/peer2.org1.foodcom/msp/admincerts

然后生成TLS：

../fabric-ca-client register --id.name peer2.org1.food.com --id.type peer --id.affiliation "com.food.org1" --id.attrs '"role=peer",ecert=true' --id.secret=123456 --csr.cn=peer2.org1.food.com --csr.hosts=['peer2.org1.food.com'] -M ./crypto-config/peerOrganizations/org1.food.com/tls -u http://admin4:adminpw4@localhost:7058 --home ./fabric-ca-client

这里如果注册会报错是正常的，可以直接葫芦哦，因为我们都是用inerrmediaCA4去当MSP服务器和TLS服务器，所以之前注册过相同的名字peer2.org1.food.com，可以直接进行下一步的enroll操作。

../fabric-ca-client enroll -d --enrollment.profile tls -u http://peer2.org1.food.com:123456@localhost:7058 --csr.cn=peer1.org1.food.com --csr.hosts=['peer2.org1.food.com'] -M ./crypto-config/peerOrganizations/org1.food.com/peers/peer2.org1.food.com/tls --home ./fabric-ca-client

cp ./fabric-ca-client/crypto-config/peerOrganizations/org1.food.com/peers/peer2.org1.food.com/tls/tlsintermediatecerts/tls-localhost-7058.pem ./fabric-ca-client/crypto-config/peerOrganizations/org1.food.com/peers/peer2.org1.food.com/tls/ca.crt

cp ./fabric-ca-client/crypto-config/peerOrganizations/org1.food.com/peers/peer2.org1.food.com/tls/signcerts/cert.pem ./fabric-ca-client/crypto-config/peerOrganizations/org1.food.com/peers/peer2.org1.food.com/tls/server.crt

cp ./fabric-ca-client/crypto-config/peerOrganizations/org1.food.com/peers/peer1.org1.food.com/tls/keystore/xxxxxxx_sk ./fabric-ca-client/crypto-config/peerOrganizations/org1.food.com/peers/peer2.org1.food.com/tls/server.key

之后对比之前的peer1的MSP和TLS的结构图，将peer2的MSP和TLS补全。

可以查看peer1的证书文件：

查看peer2少了什么就补全什么，相应的，对应的文件的命名也要进行改动：

如：

把这个文件挪到peer2中去就是对应的改成peer2.org1.food.com-cert-pem

其他文件夹同理。

注意peer2中的这个文件名称要改成如下图所示：

码农公寓

相关文章