fabric-ca部署及证书颁发
1、选择Docker容器方式部署(两种方式部署1、命令行;2、Docker容器),3个根证书ca_org1、ca_org2、ca_orderer:
docker-compose-ca.yaml
# Copyright IBM Corp. All Rights Reserved. # # SPDX-License-Identifier: Apache-2.0 # version: '2' services: ca_org1: image: hyperledger/fabric-ca:1.4 environment: - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server - FABRIC_CA_SERVER_CA_NAME=ca-org1 - FABRIC_CA_SERVER_TLS_ENABLED=true - FABRIC_CA_SERVER_PORT=7054 ports: - "7054:7054" command: sh -c 'fabric-ca-server start -b admin:adminpw -d' volumes: - ./organizations/fabric-ca/org1:/etc/hyperledger/fabric-ca-server container_name: ca_org1 ca_org2: image: hyperledger/fabric-ca:1.4 environment: - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server - FABRIC_CA_SERVER_CA_NAME=ca-org2 - FABRIC_CA_SERVER_TLS_ENABLED=true - FABRIC_CA_SERVER_PORT=8054 ports: - "8054:8054" command: sh -c 'fabric-ca-server start -b admin:adminpw -d' volumes: - ./organizations/fabric-ca/org2:/etc/hyperledger/fabric-ca-server container_name: ca_org2 ca_orderer: image: hyperledger/fabric-ca:1.4 environment: - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server - FABRIC_CA_SERVER_CA_NAME=ca-orderer - FABRIC_CA_SERVER_TLS_ENABLED=true - FABRIC_CA_SERVER_PORT=9054 ports: - "9054:9054" command: sh -c 'fabric-ca-server start -b admin:adminpw -d' volumes: - ./organizations/fabric-ca/ordererOrg:/etc/hyperledger/fabric-ca-server container_name: ca_orderer
2、修改配置文件fabric-ca-server-config.yaml,将数据库改成mysql,配置文件路径见docker-compose volumes。
修改ca_org1示例,ca_org2与ca_orderer同下:
db:
type: mysql
datasource: root:password@tcp(10.20.31.113:3306)/ca_org1?parseTime=true
tls:
enabled: false
certfiles:
client:
certfile:
keyfile:
注意:需要修改数据库配置,不然报– Invalid default value for ‘字段名’错误
sql_mode=ONLY_FULL_GROUP_BY,STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
3、启动fabric-ca命令
docker-compose -f docker-compose-ca.yaml up -d
关闭fabric-ca命令为: docker-compose -f docker-compose-ca.yaml down --volumes --remove-orphans
4、根据fabric网络架构图颁发证书,此示例网络结构如下图
颁发org1组织证书脚本:
function createOrg1 {
echo
echo "Enroll the CA admin"
echo
mkdir -p organizations/peerOrganizations/org1.example.com/
export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/peerOrganizations/org1.example.com/
set -x
fabric-ca-client enroll -u https://admin:adminpw@localhost:7054 --caname ca-org1 --tls.certfiles ${PWD}/organizations/fabric-ca/org1/tls-cert.pem
set +x
echo 'NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/localhost-7054-ca-org1.pem
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/localhost-7054-ca-org1.pem
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/localhost-7054-ca-org1.pem
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/localhost-7054-ca-org1.pem
OrganizationalUnitIdentifier: orderer' > ${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml
echo
echo "Register peer0"
echo
set -x
fabric-ca-client register --caname ca-org1 --id.name peer0 --id.secret peer0pw --id.type peer --id.attrs '"hf.Registrar.Roles=peer"' --tls.certfiles ${PWD}/organizations/fabric-ca/org1/tls-cert.pem
set +x
echo
echo "Register peer1"
echo
set -x
fabric-ca-client register --caname ca-org1 --id.name peer1 --id.secret peer1pw --id.type peer --id.attrs '"hf.Registrar.Roles=peer"' --tls.certfiles ${PWD}/organizations/fabric-ca/org1/tls-cert.pem
set +x
echo
echo "Register user"
echo
set -x
fabric-ca-client register --caname ca-org1 --id.name user1 --id.secret user1pw --id.type client --id.attrs '"hf.Registrar.Roles=client"' --tls.certfiles ${PWD}/organizations/fabric-ca/org1/tls-cert.pem
set +x
echo
echo "Register the org admin"
echo
set -x
fabric-ca-client register --caname ca-org1 --id.name org1admin --id.secret org1adminpw --id.type admin --id.attrs '"hf.Registrar.Roles=admin"' --tls.certfiles ${PWD}/organizations/fabric-ca/org1/tls-cert.pem
set +x
mkdir -p organizations/peerOrganizations/org1.example.com/peers
mkdir -p organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com
mkdir -p organizations/peerOrganizations/org1.example.com/peers/peer1.org1.example.com
echo
echo "## Generate the peer0 msp"
echo
set -x
fabric-ca-client enroll -u https://peer0:peer0pw@localhost:7054 --caname ca-org1 -M ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp --csr.hosts peer0.org1.example.com --tls.certfiles ${PWD}/organizations/fabric-ca/org1/tls-cert.pem
set +x
echo
echo "## Generate the peer1 msp"
echo
set -x
fabric-ca-client enroll -u https://peer1:peer1pw@localhost:7054 --caname ca-org1 -M ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/msp --csr.hosts peer1.org1.example.com --tls.certfiles ${PWD}/organizations/fabric-ca/org1/tls-cert.pem
set +x
cp ${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/config.yaml
cp ${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/msp/config.yaml
echo
echo "## Generate the peer0-tls certificates"
echo
set -x
fabric-ca-client enroll -u https://peer0:peer0pw@localhost:7054 --caname ca-org1 -M ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls --enrollment.profile tls --csr.hosts peer0.org1.example.com--csr.hosts localhost --tls.certfiles ${PWD}/organizations/fabric-ca/org1/tls-cert.pem
set +x
echo
echo "## Generate the peer1-tls certificates"
echo
set -x
fabric-ca-client enroll -u https://peer1:peer1pw@localhost:7054 --caname ca-org1 -M ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/tls --enrollment.profile tls --csr.hosts peer1.org1.example.com--csr.hosts localhost --tls.certfiles ${PWD}/organizations/fabric-ca/org1/tls-cert.pem
set +x
cp ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/tlscacerts/*${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
cp ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/signcerts/*${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
cp ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/keystore/*${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
cp ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/tls/tlscacerts/*${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/tls/ca.crt
cp ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/tls/signcerts/*${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/tls/server.crt
cp ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/tls/keystore/*${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/tls/server.key
mkdir ${PWD}/organizations/peerOrganizations/org1.example.com/msp/tlscacerts
cp ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/tlscacerts/*${PWD}/organizations/peerOrganizations/org1.example.com/msp/tlscacerts/ca.crt
mkdir ${PWD}/organizations/peerOrganizations/org1.example.com/tlsca
cp ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/tlscacerts/*${PWD}/organizations/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem
mkdir ${PWD}/organizations/peerOrganizations/org1.example.com/ca
cp ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/cacerts/*${PWD}/organizations/peerOrganizations/org1.example.com/ca/ca.org1.example.com-cert.pem
mkdir -p organizations/peerOrganizations/org1.example.com/users
mkdir -p organizations/peerOrganizations/org1.example.com/users/User1@org1.example.com
echo
echo "## Generate the user msp"
echo
set -x
fabric-ca-client enroll -u https://user1:user1pw@localhost:7054 --caname ca-org1 -M ${PWD}/organizations/peerOrganizations/org1.example.com/users/User1@org1.example.com/msp --tls.certfiles ${PWD}/organizations/fabric-ca/org1/tls-cert.pem
set +x
mkdir -p organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com
echo
echo "## Generate the org admin msp"
echo
set -x
fabric-ca-client enroll -u https://org1admin:org1adminpw@localhost:7054 --caname ca-org1 -M ${PWD}/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp --tls.certfiles ${PWD}/organizations/fabric-ca/org1/tls-cert.pem
set +x
cp ${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml${PWD}/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/config.yaml
}
颁发org2证书脚本:
function createOrg2 {
echo
echo "Enroll the CA admin"
echo
mkdir -p organizations/peerOrganizations/org2.example.com/
export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/peerOrganizations/org2.example.com/
set -x
fabric-ca-client enroll -u https://admin:adminpw@localhost:8054 --caname ca-org2 --tls.certfiles ${PWD}/organizations/fabric-ca/org2/tls-cert.pem
set +x
echo 'NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/localhost-8054-ca-org2.pem
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/localhost-8054-ca-org2.pem
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/localhost-8054-ca-org2.pem
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/localhost-8054-ca-org2.pem
OrganizationalUnitIdentifier: orderer' > ${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml
echo
echo "Register peer0"
echo
set -x
fabric-ca-client register --caname ca-org2 --id.name peer0 --id.secret peer0pw --id.type peer --id.attrs '"hf.Registrar.Roles=peer"' --tls.certfiles ${PWD}/organizations/fabric-ca/org2/tls-cert.pem
set +x
echo
echo "Register peer1"
echo
set -x
fabric-ca-client register --caname ca-org2 --id.name peer1 --id.secret peer1pw --id.type peer --id.attrs '"hf.Registrar.Roles=peer"' --tls.certfiles ${PWD}/organizations/fabric-ca/org2/tls-cert.pem
set +x
echo
echo "Register user"
echo
set -x
fabric-ca-client register --caname ca-org2 --id.name user1 --id.secret user1pw --id.type client --id.attrs '"hf.Registrar.Roles=client"' --tls.certfiles ${PWD}/organizations/fabric-ca/org2/tls-cert.pem
set +x
echo
echo "Register the org admin"
echo
set -x
fabric-ca-client register --caname ca-org2 --id.name org2admin --id.secret org2adminpw --id.type admin --id.attrs '"hf.Registrar.Roles=admin"' --tls.certfiles ${PWD}/organizations/fabric-ca/org2/tls-cert.pem
set +x
mkdir -p organizations/peerOrganizations/org2.example.com/peers
mkdir -p organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com
mkdir -p organizations/peerOrganizations/org2.example.com/peers/peer1.org2.example.com
echo
echo "## Generate the peer0 msp"
echo
set -x
fabric-ca-client enroll -u https://peer0:peer0pw@localhost:8054 --caname ca-org2 -M ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp --csr.hosts peer0.org2.example.com --tls.certfiles ${PWD}/organizations/fabric-ca/org2/tls-cert.pem
set +x
echo
echo "## Generate the peer1 msp"
echo
set -x
fabric-ca-client enroll -u https://peer1:peer1pw@localhost:8054 --caname ca-org2 -M ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/msp --csr.hosts peer1.org2.example.com --tls.certfiles ${PWD}/organizations/fabric-ca/org2/tls-cert.pem
set +x
cp ${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp/config.yaml
cp ${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/msp/config.yaml
echo
echo "## Generate the peer0-tls certificates"
echo
set -x
fabric-ca-client enroll -u https://peer0:peer0pw@localhost:8054 --caname ca-org2 -M ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls --enrollment.profile tls --csr.hosts peer0.org2.example.com--csr.hosts localhost --tls.certfiles ${PWD}/organizations/fabric-ca/org2/tls-cert.pem
set +x
echo
echo "## Generate the peer1-tls certificates"
echo
set -x
fabric-ca-client enroll -u https://peer1:peer1pw@localhost:8054 --caname ca-org2 -M ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/tls --enrollment.profile tls --csr.hosts peer1.org2.example.com--csr.hosts localhost --tls.certfiles ${PWD}/organizations/fabric-ca/org2/tls-cert.pem
set +x
cp ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/tlscacerts/*${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
cp ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/signcerts/*${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.crt
cp ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/keystore/*${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.key
cp ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/tls/tlscacerts/*${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/tls/ca.crt
cp ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/tls/signcerts/*${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/tls/server.crt
cp ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/tls/keystore/*${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/tls/server.key
mkdir ${PWD}/organizations/peerOrganizations/org2.example.com/msp/tlscacerts
cp ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/tlscacerts/*${PWD}/organizations/peerOrganizations/org2.example.com/msp/tlscacerts/ca.crt
mkdir ${PWD}/organizations/peerOrganizations/org2.example.com/tlsca
cp ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/tlscacerts/*${PWD}/organizations/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem
mkdir ${PWD}/organizations/peerOrganizations/org2.example.com/ca
cp ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp/cacerts/*${PWD}/organizations/peerOrganizations/org2.example.com/ca/ca.org2.example.com-cert.pem
mkdir -p organizations/peerOrganizations/org2.example.com/users
mkdir -p organizations/peerOrganizations/org2.example.com/users/User1@org2.example.com
echo
echo "## Generate the user msp"
echo
set -x
fabric-ca-client enroll -u https://user1:user1pw@localhost:8054 --caname ca-org2 -M ${PWD}/organizations/peerOrganizations/org2.example.com/users/User1@org2.example.com/msp --tls.certfiles ${PWD}/organizations/fabric-ca/org2/tls-cert.pem
set +x
mkdir -p organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com
echo
echo "## Generate the org admin msp"
echo
set -x
fabric-ca-client enroll -u https://org2admin:org2adminpw@localhost:8054 --caname ca-org2 -M ${PWD}/organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp --tls.certfiles ${PWD}/organizations/fabric-ca/org2/tls-cert.pem
set +x
cp ${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml${PWD}/organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp/config.yaml
}
颁发oderer证书脚本:
function createOrderer {
echo
echo "Enroll the CA admin"
echo
mkdir -p organizations/ordererOrganizations/example.com
export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/ordererOrganizations/example.com
set -x
fabric-ca-client enroll -u https://admin:adminpw@localhost:9054 --caname ca-orderer --tls.certfiles ${PWD}/organizations/fabric-ca/ordererOrg/tls-cert.pem
set +x
echo 'NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/localhost-9054-ca-orderer.pem
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/localhost-9054-ca-orderer.pem
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/localhost-9054-ca-orderer.pem
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/localhost-9054-ca-orderer.pem
OrganizationalUnitIdentifier: orderer' > ${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml
echo
echo "Register orderer"
echo
set -x
fabric-ca-client register --caname ca-orderer --id.name orderer --id.secret ordererpw --id.type orderer --id.attrs '"hf.Registrar.Roles=orderer"' --tls.certfiles ${PWD}/organizations/fabric-ca/ordererOrg/tls-cert.pem
set +x
set -x
fabric-ca-client register --caname ca-orderer --id.name orderer2 --id.secret orderer2pw --id.type orderer --id.attrs '"hf.Registrar.Roles=orderer"' --tls.certfiles ${PWD}/organizations/fabric-ca/ordererOrg/tls-cert.pem
set +x
set -x
fabric-ca-client register --caname ca-orderer --id.name orderer3 --id.secret orderer3pw --id.type orderer --id.attrs '"hf.Registrar.Roles=orderer"' --tls.certfiles ${PWD}/organizations/fabric-ca/ordererOrg/tls-cert.pem
set +x
set -x
fabric-ca-client register --caname ca-orderer --id.name orderer4 --id.secret orderer4pw --id.type orderer --id.attrs '"hf.Registrar.Roles=orderer"' --tls.certfiles ${PWD}/organizations/fabric-ca/ordererOrg/tls-cert.pem
set +x
set -x
fabric-ca-client register --caname ca-orderer --id.name orderer5 --id.secret orderer5pw --id.type orderer --id.attrs '"hf.Registrar.Roles=orderer"' --tls.certfiles ${PWD}/organizations/fabric-ca/ordererOrg/tls-cert.pem
set +x
echo
echo "Register the orderer admin"
echo
set -x
fabric-ca-client register --caname ca-orderer --id.name ordererAdmin --id.secret ordererAdminpw --id.type admin --id.attrs '"hf.Registrar.Roles=admin"' --tls.certfiles ${PWD}/organizations/fabric-ca/ordererOrg/tls-cert.pem
set +x
mkdir -p organizations/ordererOrganizations/example.com/orderers
mkdir -p organizations/ordererOrganizations/example.com/orderers/orderer.example.com
mkdir -p organizations/ordererOrganizations/example.com/orderers/orderer2.example.com
mkdir -p organizations/ordererOrganizations/example.com/orderers/orderer3.example.com
mkdir -p organizations/ordererOrganizations/example.com/orderers/orderer4.example.com
mkdir -p organizations/ordererOrganizations/example.com/orderers/orderer5.example.com
echo
echo "## Generate the orderer msp"
echo
set -x
fabric-ca-client enroll -u https://orderer:ordererpw@localhost:9054 --caname ca-orderer -M ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp --csr.hosts orderer.example.com --tls.certfiles ${PWD}/organizations/fabric-ca/ordererOrg/tls-cert.pem
set +x
set -x
fabric-ca-client enroll -u https://orderer2:orderer2pw@localhost:9054 --caname ca-orderer -M ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/msp --csr.hosts orderer2.example.com --tls.certfiles ${PWD}/organizations/fabric-ca/ordererOrg/tls-cert.pem
set +x
set -x
fabric-ca-client enroll -u https://orderer3:orderer3pw@localhost:9054 --caname ca-orderer -M ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/msp --csr.hosts orderer3.example.com --tls.certfiles ${PWD}/organizations/fabric-ca/ordererOrg/tls-cert.pem
set +x
set -x
fabric-ca-client enroll -u https://orderer4:orderer4pw@localhost:9054 --caname ca-orderer -M ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/msp --csr.hosts orderer4.example.com --tls.certfiles ${PWD}/organizations/fabric-ca/ordererOrg/tls-cert.pem
set +x
set -x
fabric-ca-client enroll -u https://orderer5:orderer5pw@localhost:9054 --caname ca-orderer -M ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer5.example.com/msp --csr.hosts orderer5.example.com --tls.certfiles ${PWD}/organizations/fabric-ca/ordererOrg/tls-cert.pem
set +x
cp ${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/config.yaml
cp ${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/msp/config.yaml
cp ${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/msp/config.yaml
cp ${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/msp/config.yaml
cp ${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer5.example.com/msp/config.yaml
echo
echo "## Generate the orderer-tls certificates"
echo
set -x
fabric-ca-client enroll -u https://orderer:ordererpw@localhost:9054 --caname ca-orderer -M ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls --enrollment.profile tls --csr.hosts orderer.example.com --tls.certfiles ${PWD}/organizations/fabric-ca/ordererOrg/tls-cert.pem
set +x
set -x
fabric-ca-client enroll -u https://orderer2:orderer2pw@localhost:9054 --caname ca-orderer -M ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls --enrollment.profile tls --csr.hosts orderer2.example.com --tls.certfiles ${PWD}/organizations/fabric-ca/ordererOrg/tls-cert.pem
set +x
set -x
fabric-ca-client enroll -u https://orderer3:orderer3pw@localhost:9054 --caname ca-orderer -M ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls --enrollment.profile tls --csr.hosts orderer3.example.com --tls.certfiles ${PWD}/organizations/fabric-ca/ordererOrg/tls-cert.pem
set +x
set -x
fabric-ca-client enroll -u https://orderer4:orderer4pw@localhost:9054 --caname ca-orderer -M ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/tls --enrollment.profile tls --csr.hosts orderer4.example.com --tls.certfiles ${PWD}/organizations/fabric-ca/ordererOrg/tls-cert.pem
set +x
set -x
fabric-ca-client enroll -u https://orderer5:orderer5pw@localhost:9054 --caname ca-orderer -M ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer5.example.com/tls --enrollment.profile tls --csr.hosts orderer5.example.com --tls.certfiles ${PWD}/organizations/fabric-ca/ordererOrg/tls-cert.pem
set +x
cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/tlscacerts/*${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/ca.crt
cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/signcerts/*${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/keystore/*${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.key
cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/tlscacerts/*${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/ca.crt
cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/signcerts/*${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/keystore/*${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.key
cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/tlscacerts/*${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/ca.crt
cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/signcerts/*${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/keystore/*${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.key
cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/tlscacerts/*${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/ca.crt
cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/signcerts/*${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt
cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/keystore/*${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.key
cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/tlscacerts/*${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/ca.crt
cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/signcerts/*${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/server.crt
cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/keystore/*${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/server.key
mkdir ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts
cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/tlscacerts/*${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.
mkdir ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/msp/tlscacerts
cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/tlscacerts/*${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
mkdir ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/msp/tlscacerts
cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/tlscacerts/*${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
mkdir ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/msp/tlscacerts
cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/tlscacerts/*${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
mkdir ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer5.example.com/msp/tlscacerts
cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/tlscacerts/*${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer5.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
mkdir ${PWD}/organizations/ordererOrganizations/example.com/msp/tlscacerts
cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/tlscacerts/*${PWD}/organizations/ordererOrganizations/example.com/msp/tlscacerts/tlsca.example.com-cert.pem
mkdir -p organizations/ordererOrganizations/example.com/users
mkdir -p organizations/ordererOrganizations/example.com/users/Admin@example.com
echo
echo "## Generate the admin msp"
echo
set -x
fabric-ca-client enroll -u https://ordererAdmin:ordererAdminpw@localhost:9054 --caname ca-orderer -M ${PWD}/organizations/ordererOrganizations/example.com/users/Admin@example.com/msp --tls.certfiles ${PWD}/organizations/fabric-ca/ordererOrg/tls-cert.pem
set +x
cp ${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml${PWD}/organizations/ordererOrganizations/example.com/users/Admin@example.com/msp/config.yaml
}
5、执行脚本生成证书:
/root/ca目录下执行命令
. organizations/fabric-ca/registerOrg1.sh
createOrg1
. organizations/fabric-ca/registerOrg2.sh
createOrg2
. organizations/fabric-ca/registerOrderer.sh
createOrderer
6、查看生成证书结构:
organizations/peerOrganizations/
├── org1.example.com
│ ├── ca
│ │ └── ca.org1.example.com-cert.pem
│ ├── fabric-ca-client-config.yaml
│ ├── msp
│ │ ├── cacerts
│ │ │ └── localhost-7054-ca-org1.pem
│ │ ├── config.yaml
│ │ ├── IssuerPublicKey
│ │ ├── IssuerRevocationPublicKey
│ │ ├── keystore
│ │ │ └── 7f6bafca12f99f05fee83492cd9c8de936296cdde68f47ac44379754be17cddc_sk
│ │ ├── signcerts
│ │ │ └── cert.pem
│ │ ├── tlscacerts
│ │ │ └── ca.crt
│ │ └── user
│ ├── peers
│ │ ├── peer0.org1.example.com
│ │ │ ├── msp
│ │ │ │ ├── cacerts
│ │ │ │ │ └── localhost-7054-ca-org1.pem
│ │ │ │ ├── config.yaml
│ │ │ │ ├── IssuerPublicKey
│ │ │ │ ├── IssuerRevocationPublicKey
│ │ │ │ ├── keystore
│ │ │ │ │ └── 70d18435f329f0a468e7d391d223b88c093d79ac0132f0d438ef41acd7f6ccd4_sk
│ │ │ │ ├── signcerts
│ │ │ │ │ └── cert.pem
│ │ │ │ └── user
│ │ │ └── tls
│ │ │ ├── cacerts
│ │ │ ├── ca.crt
│ │ │ ├── IssuerPublicKey
│ │ │ ├── IssuerRevocationPublicKey
│ │ │ ├── keystore
│ │ │ │ └── 699e5e42b2cd62bcfccc7a14f507d12b4c6edbe0be94fd7c1572d73d3a161a0a_sk
│ │ │ ├── server.crt
│ │ │ ├── server.key
│ │ │ ├── signcerts
│ │ │ │ └── cert.pem
│ │ │ ├── tlscacerts
│ │ │ │ └── tls-localhost-7054-ca-org1.pem
│ │ │ └── user
│ │ └── peer1.org1.example.com
│ │ ├── msp
│ │ │ ├── cacerts
│ │ │ │ └── localhost-7054-ca-org1.pem
│ │ │ ├── config.yaml
│ │ │ ├── IssuerPublicKey
│ │ │ ├── IssuerRevocationPublicKey
│ │ │ ├── keystore
│ │ │ │ └── 146a09a99fe173aa3e64e0d02c00ff49c55646cc7b1b1ea401090067d8affc80_sk
│ │ │ ├── signcerts
│ │ │ │ └── cert.pem
│ │ │ └── user
│ │ └── tls
│ │ ├── cacerts
│ │ ├── ca.crt
│ │ ├── IssuerPublicKey
│ │ ├── IssuerRevocationPublicKey
│ │ ├── keystore
│ │ │ └── 2c69d1b6e8077026205aab87d12a7fd32123a5bd01618f790fc951369b52ba7f_sk
│ │ ├── server.crt
│ │ ├── server.key
│ │ ├── signcerts
│ │ │ └── cert.pem
│ │ ├── tlscacerts
│ │ │ └── tls-localhost-7054-ca-org1.pem
│ │ └── user
│ ├── tlsca
│ │ └── tlsca.org1.example.com-cert.pem
│ └── users
│ ├── Admin@org1.example.com
│ │ └── msp
│ │ ├── cacerts
│ │ │ └── localhost-7054-ca-org1.pem
│ │ ├── config.yaml
│ │ ├── IssuerPublicKey
│ │ ├── IssuerRevocationPublicKey
│ │ ├── keystore
│ │ │ └── ae921494e7286cf5fda149063e7f29644fb6ef1e85db0ea87025c434699044af_sk
│ │ ├── signcerts
│ │ │ └── cert.pem
│ │ └── user
│ └── User1@org1.example.com
│ └── msp
│ ├── cacerts
│ │ └── localhost-7054-ca-org1.pem
│ ├── IssuerPublicKey
│ ├── IssuerRevocationPublicKey
│ ├── keystore
│ │ └── 1afa111045bc6b44384ff1dfdaa01548e228cda4beafc7a886a0b26afb96a8eb_sk
│ ├── signcerts
│ │ └── cert.pem
│ └── user
└── org2.example.com
├── ca
│ └── ca.org2.example.com-cert.pem
├── fabric-ca-client-config.yaml
├── msp
│ ├── cacerts
│ │ └── localhost-8054-ca-org2.pem
│ ├── config.yaml
│ ├── IssuerPublicKey
│ ├── IssuerRevocationPublicKey
│ ├── keystore
│ │ └── 6dde2d7c539de41202c228f8b744ed4f9fd411470cf8e2e52de581e5130b0cc0_sk
│ ├── signcerts
│ │ └── cert.pem
│ ├── tlscacerts
│ │ └── ca.crt
│ └── user
├── peers
│ ├── peer0.org2.example.com
│ │ ├── msp
│ │ │ ├── cacerts
│ │ │ │ └── localhost-8054-ca-org2.pem
│ │ │ ├── config.yaml
│ │ │ ├── IssuerPublicKey
│ │ │ ├── IssuerRevocationPublicKey
│ │ │ ├── keystore
│ │ │ │ └── cc3567993dfd9c7f8c1065e672cf910af922fdc1c22a456ae75ff596d9fde803_sk
│ │ │ ├── signcerts
│ │ │ │ └── cert.pem
│ │ │ └── user
│ │ └── tls
│ │ ├── cacerts
│ │ ├── ca.crt
│ │ ├── IssuerPublicKey
│ │ ├── IssuerRevocationPublicKey
│ │ ├── keystore
│ │ │ └── 98c00e2995b7066a789d8924103edf7494eaef75fa1702e81c0c245f3ed74486_sk
│ │ ├── server.crt
│ │ ├── server.key
│ │ ├── signcerts
│ │ │ └── cert.pem
│ │ ├── tlscacerts
│ │ │ └── tls-localhost-8054-ca-org2.pem
│ │ └── user
│ └── peer1.org2.example.com
│ ├── msp
│ │ ├── cacerts
│ │ │ └── localhost-8054-ca-org2.pem
│ │ ├── config.yaml
│ │ ├── IssuerPublicKey
│ │ ├── IssuerRevocationPublicKey
│ │ ├── keystore
│ │ │ └── 850f3be4d0fba8e7f5070fc86ad42a46b330e503b7664a922d8a3709b704bdbe_sk
│ │ ├── signcerts
│ │ │ └── cert.pem
│ │ └── user
│ └── tls
│ ├── cacerts
│ ├── ca.crt
│ ├── IssuerPublicKey
│ ├── IssuerRevocationPublicKey
│ ├── keystore
│ │ └── 584595b78f14d9074fc7a199e95b0091322d576cb90aeddd56997211d03ef6be_sk
│ ├── server.crt
│ ├── server.key
│ ├── signcerts
│ │ └── cert.pem
│ ├── tlscacerts
│ │ └── tls-localhost-8054-ca-org2.pem
│ └── user
├── tlsca
│ └── tlsca.org2.example.com-cert.pem
└── users
├── Admin@org2.example.com
│ └── msp
│ ├── cacerts
│ │ └── localhost-8054-ca-org2.pem
│ ├── config.yaml
│ ├── IssuerPublicKey
│ ├── IssuerRevocationPublicKey
│ ├── keystore
│ │ └── a9c1cdf2c7c17af057cd8e20ef036fb8905d5ba4155cd456855edae340fc5719_sk
│ ├── signcerts
│ │ └── cert.pem
│ └── user
└── User1@org2.example.com
└── msp
├── cacerts
│ └── localhost-8054-ca-org2.pem
├── IssuerPublicKey
├── IssuerRevocationPublicKey
├── keystore
│ └── aa39fd219fe02cc59aa334699cc2aba26e90e3c87df9dde1910fd6b4cd4ed103_sk
├── signcerts
│ └── cert.pem
└── user
94 directories, 98 files
[root@C20-13U-10 ca]# tree organizations/ordererOrganizations/
organizations/ordererOrganizations/
└── example.com
├── fabric-ca-client-config.yaml
├── msp
│ ├── cacerts
│ │ └── localhost-9054-ca-orderer.pem
│ ├── config.yaml
│ ├── IssuerPublicKey
│ ├── IssuerRevocationPublicKey
│ ├── keystore
│ │ └── 78853324c9928122b65395659de248f76f1e50f427ed69e6c4f2c5777dbe8956_sk
│ ├── signcerts
│ │ └── cert.pem
│ ├── tlscacerts
│ │ └── tlsca.example.com-cert.pem
│ └── user
├── orderers
│ ├── orderer2.example.com
│ │ ├── msp
│ │ │ ├── cacerts
│ │ │ │ └── localhost-9054-ca-orderer.pem
│ │ │ ├── config.yaml
│ │ │ ├── IssuerPublicKey
│ │ │ ├── IssuerRevocationPublicKey
│ │ │ ├── keystore
│ │ │ │ └── 812364a43d421b9251287aeded116b7a1a8bce0ea1924528875c63b0897add75_sk
│ │ │ ├── signcerts
│ │ │ │ └── cert.pem
│ │ │ ├── tlscacerts
│ │ │ │ └── tlsca.example.com-cert.pem
│ │ │ └── user
│ │ └── tls
│ │ ├── cacerts
│ │ ├── ca.crt
│ │ ├── IssuerPublicKey
│ │ ├── IssuerRevocationPublicKey
│ │ ├── keystore
│ │ │ └── 5862afe1941006e683ca15675feb2aaa872c08e1a702f27331d7cab84e20fbe7_sk
│ │ ├── server.crt
│ │ ├── server.key
│ │ ├── signcerts
│ │ │ └── cert.pem
│ │ ├── tlscacerts
│ │ │ └── tls-localhost-9054-ca-orderer.pem
│ │ └── user
│ ├── orderer3.example.com
│ │ ├── msp
│ │ │ ├── cacerts
│ │ │ │ └── localhost-9054-ca-orderer.pem
│ │ │ ├── config.yaml
│ │ │ ├── IssuerPublicKey
│ │ │ ├── IssuerRevocationPublicKey
│ │ │ ├── keystore
│ │ │ │ └── bf9796e1a0187b8e942f4e96bf6123df6c105f0560f5d3b83d383d2b1d082351_sk
│ │ │ ├── signcerts
│ │ │ │ └── cert.pem
│ │ │ ├── tlscacerts
│ │ │ │ └── tlsca.example.com-cert.pem
│ │ │ └── user
│ │ └── tls
│ │ ├── cacerts
│ │ ├── ca.crt
│ │ ├── IssuerPublicKey
│ │ ├── IssuerRevocationPublicKey
│ │ ├── keystore
│ │ │ └── 4df0689d688e2daa938501d96ebe92d99d7dadb374164e2034968b6160f7b87a_sk
│ │ ├── server.crt
│ │ ├── server.key
│ │ ├── signcerts
│ │ │ └── cert.pem
│ │ ├── tlscacerts
│ │ │ └── tls-localhost-9054-ca-orderer.pem
│ │ └── user
│ ├── orderer4.example.com
│ │ ├── msp
│ │ │ ├── cacerts
│ │ │ │ └── localhost-9054-ca-orderer.pem
│ │ │ ├── config.yaml
│ │ │ ├── IssuerPublicKey
│ │ │ ├── IssuerRevocationPublicKey
│ │ │ ├── keystore
│ │ │ │ └── a7db07091803dc82f4fb167ef6017c5766ec453e0fb753773c95492638c0a45d_sk
│ │ │ ├── signcerts
│ │ │ │ └── cert.pem
│ │ │ ├── tlscacerts
│ │ │ │ └── tlsca.example.com-cert.pem
│ │ │ └── user
│ │ └── tls
│ │ ├── cacerts
│ │ ├── ca.crt
│ │ ├── IssuerPublicKey
│ │ ├── IssuerRevocationPublicKey
│ │ ├── keystore
│ │ │ └── 34d965acb3f82a1ab38c3ae0f1153d52c420910fb1d20b88eb918e029817c1c2_sk
│ │ ├── server.crt
│ │ ├── server.key
│ │ ├── signcerts
│ │ │ └── cert.pem
│ │ ├── tlscacerts
│ │ │ └── tls-localhost-9054-ca-orderer.pem
│ │ └── user
│ ├── orderer5.example.com
│ │ ├── msp
│ │ │ ├── cacerts
│ │ │ │ └── localhost-9054-ca-orderer.pem
│ │ │ ├── config.yaml
│ │ │ ├── IssuerPublicKey
│ │ │ ├── IssuerRevocationPublicKey
│ │ │ ├── keystore
│ │ │ │ └── 436eb6c827c305b94ccdb65b2773841ffd7a159a6821f1120011a97cde964b52_sk
│ │ │ ├── signcerts
│ │ │ │ └── cert.pem
│ │ │ ├── tlscacerts
│ │ │ │ └── tlsca.example.com-cert.pem
│ │ │ └── user
│ │ └── tls
│ │ ├── cacerts
│ │ ├── ca.crt
│ │ ├── IssuerPublicKey
│ │ ├── IssuerRevocationPublicKey
│ │ ├── keystore
│ │ │ └── aba9458924e7b1f561c200e1f1e76a1da86cc79057ce4480e2adf59484bb389e_sk
│ │ ├── server.crt
│ │ ├── server.key
│ │ ├── signcerts
│ │ │ └── cert.pem
│ │ ├── tlscacerts
│ │ │ └── tls-localhost-9054-ca-orderer.pem
│ │ └── user
│ └── orderer.example.com
│ ├── msp
│ │ ├── cacerts
│ │ │ └── localhost-9054-ca-orderer.pem
│ │ ├── config.yaml
│ │ ├── IssuerPublicKey
│ │ ├── IssuerRevocationPublicKey
│ │ ├── keystore
│ │ │ └── d0e5d71caf9daa6fc195816c7060cb6494560f48150430167faf706ca67b94c4_sk
│ │ ├── signcerts
│ │ │ └── cert.pem
│ │ ├── tlscacerts
│ │ │ └── tlsca.example.com-cert.pem
│ │ └── user
│ └── tls
│ ├── cacerts
│ ├── ca.crt
│ ├── IssuerPublicKey
│ ├── IssuerRevocationPublicKey
│ ├── keystore
│ │ └── 3c64e71c7708ac217e30c89836d1484540b09b436ca08f2267a1ea35a89fd0f1_sk
│ ├── server.crt
│ ├── server.key
│ ├── signcerts
│ │ └── cert.pem
│ ├── tlscacerts
│ │ └── tls-localhost-9054-ca-orderer.pem
│ └── user
└── users
└── Admin@example.com
└── msp
├── cacerts
│ └── localhost-9054-ca-orderer.pem
├── config.yaml
├── IssuerPublicKey
├── IssuerRevocationPublicKey
├── keystore
│ └── 0b239b3e233b2095701525f63065e2d3b7b1a630cdc500551a501f2a80b8d82a_sk
├── signcerts
│ └── cert.pem
└── user
80 directories, 89 files
