一、常用命令及例子
fabric-ca-client主要子命令
fabric-ca-client用來管理身份(包括屬性管理)和證書(包括續訂和回收)。主要子命令如下:
affiliation:管理分支機構
certificate:管理證書
enroll:認證一個賬號
gencrl:撤銷證書(生成一個CRL:Certificate Revocation Lists,證書撤銷表)
gencsr:創建證書簽名(生成一個CSR:Certificate Signing Request,認證簽名請求)
getcainfo:獲取CA證書
identity:管理賬號
reenroll:重新認證賬號
register:注冊新賬戶
revoke:撤銷賬號
version:顯示版本信息
執行下述命令前,確保fabric-ca-server已經正常啟動。
tips:默認客戶配置信息文件夾為$HOME/.fabric-ca-client,也可以通過-H參數另外指定,或者通過環境變量指定。(參考1)
注冊新賬戶 register
注冊例子。這里輸入用戶名和密碼等信息。
fabric-ca-client register --id.name usertest --id.type user --id.affiliation org1.department1 --id.secret userpwd -u http://localhost:7054
1
載入賬戶 enroll
enroll這個詞在這里沒有確切的對應的中文詞,有登記在本地之意。暫時叫做“載入”吧。
載入后,會在本地存儲存放用戶的證書信息,包括用戶私鑰文件cert.pem和CA認證鏈文件localhost-7054.pem。
如果載入的身份信息過期或者失效(compromised),需要用reenroll命令重新載入。
sudo mkdir /opt/hyperledger/hxssuser
sudo chmod 777 /opt/hyperledger/hxssuser
fabric-ca-client enroll -u http://usertest:user2pwd@localhost:7054 -M /opt/hyperledger/hxssuser/msp
1
2
3
-M參數表示指定msp目錄,這里會存放用戶的證書信息。每個用戶需要指定自己的msp目錄,如果不指定本目錄,會將admin的認證信息給覆蓋掉。
獲取CA服務器證書
獲取證書例子。
fabric-ca-client getcacert -u http://localhost:7054 -M /opt/hyperledger/hxssuser/msp
二、注冊新賬戶流程
需要按照下面的順序進行:
1.載入(enroll)admin賬戶
2.注冊(register)新賬戶(執行注冊的身份如果沒有事先enroll的話是不能注冊新賬戶的)
3.載入(enroll)新賬戶
#1.載入enroll admin賬戶
fabric-ca-client enroll -u http://admin:adminpw@localhost:7054 -M /opt/hyperledger/fabric-ca-client
#2.注冊register 新賬戶
fabric-ca-client register --id.name usertest --id.type user --id.affiliation org1.department1 --id.secret userpwd -u http://localhost:7054
#3.載入enroll 新賬戶
fabric-ca-client enroll -u http://usertest:userpwd@localhost:7054 -M /opt/hyperledger/hxssuser/msp
輸出例子(執行環境:VMware 15.0.4/Ubuntu 18.04LTS/Fabric 1.2.1 ):
23:19 mark@marklinux hyperledger$ mkdir /opt/hyperledger/fabric-ca-client
23:19 mark@marklinux hyperledger$ export FABRIC_CA_CLIENT_HOME=/opt/hyperledger/fabric-ca-client
23:19 mark@marklinux hyperledger$ fabric-ca-client enroll -u http://admin:adminpw@localhost:7054 -M /opt/hyperledger/fabric-ca-client
2020/02/23 23:19:46 [INFO] Created a default configuration file at /opt/hyperledger/fabric-ca-client/fabric-ca-client-config.yaml
2020/02/23 23:19:46 [INFO] generating key: &{A:ecdsa S:256}
2020/02/23 23:19:46 [INFO] encoded CSR
2020/02/23 23:19:47 [INFO] Stored client certificate at /opt/hyperledger/fabric-ca-client/signcerts/cert.pem
2020/02/23 23:19:47 [INFO] Stored root CA certificate at /opt/hyperledger/fabric-ca-client/cacerts/localhost-7054.pem
23:39 mark@marklinux fabric-ca-client$ fabric-ca-client register --id.name usertest --id.type user --id.affiliation org1.department1 --id.secret userpwd -u http://localhost:7054
2020/02/23 23:40:03 [INFO] Configuration file location: /opt/hyperledger/fabric-ca-client/fabric-ca-client-config.yaml
Password: userpwd
23:43 mark@marklinux fabric-ca-client$ sudo mkdir /opt/hyperledger/hxssuser
23:44 mark@marklinux fabric-ca-client$ sudo chmod 777 /opt/hyperledger/hxssuser
23:44 mark@marklinux fabric-ca-client$ fabric-ca-client enroll -u http://usertest:userpwd@localhost:7054 -M /opt/hyperledger/hxssuser/msp
2020/02/23 23:44:26 [INFO] generating key: &{A:ecdsa S:256}
2020/02/23 23:44:26 [INFO] encoded CSR
2020/02/23 23:44:27 [INFO] Stored client certificate at /opt/hyperledger/hxssuser/msp/signcerts/cert.pem
2020/02/23 23:44:27 [INFO] Stored root CA certificate at /opt/hyperledger/hxssuser/msp/cacerts/localhost-7054.pem
參考1:官網文檔>Fabric CA Client
參考2:簡書博客>Hyperledger Fabric CA的命令行用法
參考3:CSDN博客,翻譯Fabric CA 官方用戶指南(中文版)
參考4:Exploring Fabric-CA: Registration and Enrollment
————————————————
版權聲明:本文為CSDN博主「SiteBus」的原創文章,遵循CC 4.0 BY-SA版權協議,轉載請附上原文出處鏈接及本聲明。
原文鏈接:https://blog.csdn.net/sitebus/article/details/104464474