Fabric-CA 学习笔记

服务器的启动docker-compose.yaml

version: '2'

networks:
   fabric-ca:

services:
   ca-tls:
      container_name: ca-tls
      image: hyperledger/fabric-ca:1.4.0
      command: sh -c 'fabric-ca-server start -d -b tls-ca-admin:tls-ca-adminpw --port 7052'
      environment:
         - FABRIC_CA_SERVER_HOME=/tmp/hyperledger/fabric-ca/crypto
         - FABRIC_CA_SERVER_TLS_ENABLED=true
         - FABRIC_CA_SERVER_CSR_CN=tls-ca
         - FABRIC_CA_SERVER_CSR_HOSTS=192.168.4.32
         - FABRIC_CA_SERVER_DEBUG=true
      volumes:
         - /opt/hyperledger/tls-ca:/tmp/hyperledger/fabric-ca
      networks:
         - fabric-ca
      ports:
         - 7052:7052

1、启动tls服务端服务

docker-compose -f docker-compose.yaml up -d

###2、客户端注册与登记

#创建客户端目录
mkdir -p /root/services/tlsca/client/admin/tls-ca
#将根证书拷贝到客户端的指定目录下
cp /opt/hyperledger/tls-ca/crypto/ca-cert.pem /root/services/tlsca/client/admin/tls-ca/tls-ca-cert.pem
#设置客户端目录
export FABRIC_CA_CLIENT_HOME=/root/services/tlsca/client/admin
#设置客户端tls证书路径
export FABRIC_CA_CLIENT_TLS_CERTFILES=/root/services/tlsca/client/admin/tls-ca/tls-ca-cert.pem
#系统管理员
./fabric-ca-client enroll -d -u https://tls-ca-admin:[email protected]:7052

###3、注册两个账户

export FABRIC_CA_CLIENT_HOME=/root/services/tlsca/client/admin
#设置客户端tls证书路径
export FABRIC_CA_CLIENT_TLS_CERTFILES=/root/services/tlsca/client/admin/tls-ca/tls-ca-cert.pem

./fabric-ca-client register -d --id.name peer1-org1 --id.secret peer1PW --id.type peer -u https://192.168.4.32:7052
./fabric-ca-client register -d --id.name peer2-org1 --id.secret peer2PW --id.type peer -u https://192.168.4.32:7052

###4、登记这两个账户，获得账户和私钥。

mkdir -p /root/services/tlsca/client/org1/peer1/assets/tls-ca/
cp /opt/hyperledger/tls-ca/crypto/ca-cert.pem /root/services/tlsca/client/org1/peer1/assets/tls-ca/tls-ca-cert.pem
export FABRIC_CA_CLIENT_HOME=/root/services/tlsca/client/org1/peer1
export FABRIC_CA_CLIENT_MSPDIR=tls-msp
export FABRIC_CA_CLIENT_TLS_CERTFILES=/root/services/tlsca/client/org1/peer1/assets/tls-ca/tls-ca-cert.pem
./fabric-ca-client enroll -d -u https://peer1-org1:[email protected]:7052 --enrollment.profile tls --csr.hosts org1-peer1

mkdir -p /root/services/tlsca/client/org1/peer2/assets/tls-ca/
cp /opt/hyperledger/tls-ca/crypto/ca-cert.pem  /root/services/tlsca/client/org1/peer2/assets/tls-ca/tls-ca-cert.pem
export FABRIC_CA_CLIENT_HOME=/root/services/tlsca/client/org1/peer2
export FABRIC_CA_CLIENT_MSPDIR=tls-msp
export FABRIC_CA_CLIENT_TLS_CERTFILES=/root/services/tlsca/client/org1/peer2/assets/tls-ca/tls-ca-cert.pem
./fabric-ca-client enroll -d -u https://peer2-org1:[email protected]:7052 --enrollment.profile tls --csr.hosts org1-peer2