CAs,Enrollment,Registration for HyperLedger Fabric

5
votes

I was studying Hyperledger Fabric and running sample codes . I am still trying to get the correct picture of how things work ,especially in the user/admin registration and enrollment using certificates and crypt materials.

I want to know how the following work .

1)Register

2)enrollment

3)user and admincontext .

Another thing i am confused about is the certificates or CAs. To use the blockchain network how to use my own/3rd party certificates of x509 type . Is it even possible . ?

In the BYFN sample in hyperledger fabric docs ,certificate is generated using the cryptogen tool and used to verify with the MSP for blockchain participation.

How does it work in a real world or a business application scenario .

THANKS

1
x509certificatehyperledger-fabricblockchainhyperledgerca

1 Answers

4
votes

The cryptogen tool is not production ready, it is advised to use the Fabric CA or certificates from a 3rd party tool, like you mentioned.

Below our steps to take to register and enroll a new user using the default parameters for the Fabric CA:

Make sure your CA is deployed and started using:

fabric-ca-server start -b admin:adminpw -d

Then you can enroll the default admin identity using: 

fabric-ca-client enroll -u "http://admin:adminpw@localhost:7054"

With the admin now enrolled, we can register our first user:

fabric-ca-client register -u "http://localhost:7054" --id.name "demoblockchain" --id.secret "demo" --id.type "client" --id.affiliation "org1.department1"
  • -u is the shorthand flag for the url of our CA.
  • --id.name is the name of our user
  • --id.secret is the password for the user
  • --id.type is the type of user. (client, peer, orderer, validator, auditor, ca)
  • --id.affiliation is to determine who the user belongs to

Now that we have the user registered with the CA, we need to enroll the new user.

fabric-ca-client enroll -u "http://demoblockchain:demo@localhost:7054"

The output of this command will give you the list of certificates and where they have been stored.

I hope this helps with the flow of registration and enrollment!