Hyperledger Fabric – Part 3
September 13, 2018
Author: Akarsh Agarwal
This article is about the steps needed to setup your own CA Server and register/enroll new users into your database. The server provides the public/private key pair as a response to enrolling the user into the database. If you need help to configure the requirements to download Hyperledger, check out the first article in this three part tutorial series to learn Hyperledger. If you need help to set up your Hyperledger server check out the second article in this series.
Now, that we have our server setup, we want to enroll existing and register new clients to the database. Let’s move on to it.
Just as we build the fabric-ca-server command in the Fabric-CA directory, we need to do the same for the fabric-ca-client to access commands for the client side. Use the following command in the root directory of your fabric-ca cloned project:
You should see the output similar to the one mentioned below and should see a new executable in the bin directory of fabric-ca.
For this part of the tutorial, we use the FABRIC_CA_CLIENT_HOME variable. Please add the following lines to the end of .bashrc file and reload the file too. The lines are:
You can initialise the variable with any directory you feel like doing. But, we assume that you have already set your FABRIC_CA_CLIENT_HOME variable for the rest of the tutorial.
To check, whether your fabric-ca-client is accessible or not, just type:
And you should see a similar output:
Now, we know that from our server configuration, we have an admin user already registered into the database since the start of the server. So, we will use that credentials to enroll our admin user first and retrieve the public/private key pair to be able to register new users afterwards.
We use the following command:
fabric-ca-client enroll -u “https://admin:adminpw@localhost:7054”
The “admin:adminpw” is actually a “username:password” pair which we need to send to localhost:7054, the default server url and port, our server listens to. If everything goes well, you should see the following output:
Now, that we have successfully enrolled the admin user, we have cert.pem (public key) and key.pem (private key) of the user. Also, as we were using this for the first time, we have the config file, fabric-ca-client-config.yaml, in the directory mentioned in the output.
Let us discuss some important fields in the fabric-ca-client-config.yaml file:
- The “URL” field defines the default URL to connect to the server. It can be custom specified by the “-u” flag in the fabric-ca-client command.
- The “TLS” section defines the tls configuration, required for secure connection to the server and ensure privacy over the internet. But, as we were using localhost in the system, there was no need to tls and so it was disabled by-default.
- The“CSR” field is the “Certificate Signing Request”, which is sent to the server to sign the certificates with the provided details only. By-default, there are some values provided, but can be edited according to the needs.
- The“Id” section defines the defails of a new user we want to register. This field eliminates the need to provide command line arguments as mentioned below in the tutorial. We use command line to ensure no error in the config file.
- The “Enrollment” section as defined in the config file, is used to enroll any user with the appropriate details, stored in the server DB.
Now, we have to create a new user and register it. For that, we need to use the following command:
fabric-ca-client register -u “https://localhost:7054” --id.name “mlgblockchain” --id.secret “mlg” --id.type “client” --id.affiliation “org1.department1”
When you run this command, you should see the following output upon successful execution:
Now, we have registered our new user “mlgblockchain”, with the following values:
- –id.name – The name of the user.
- –id.secret – The password for the user to enroll.
- –id.affiliation – The organization and department the user is affiliated to. Mainly to segregate the user permissions.
- –id.type – The type of the user. We are using “client”, but a user can be peer, validator, auditor, ca, etc.
Now, that we have registered our new user, we need to enroll into the server to get the public / private keys for the user “mlgblockchain”.
So we use the following command:
fabric-ca-client enroll -u “https://mlgblockchain:mlg@localhost:7054”
If all goes well, you should see the following output:
So, upon successful enrollment of the user, you shall receive the keys in the directory mentioned in the output.
Congrats! Finally, you are able to setup your own CA Server for the enrollment and signing of new Users required for your application.
MLG Blockchain is a blockchain development and consulting firm based in Toronto that is focused on building next generation applications using blockchain and smart contract technology. View all our blockchain development tutorials at www.mlgblockchain.com/learn.html.