How to create the orderer and peer key and certificates using Hyperledger fabric

Question

I need to know about Hyperledger fabric and fabric CA

1. How to create the orderer and peer certificate and key pair using fabric-ca

2. How to query the affiliation and CA name using fabric, do we need to write chain code and query them, or can I query them without using chain code through fabric node js.

3. I see Domain in crypto-config file. Do I need run any domain service or need to buy some domain name. If I am using fabric ca is there anything equivalent to a cryoto-config domain?

4. Is it possible to update the member details once it's created? If it's possible, if I change the password of the member or affiliation of the member does the certificate will get reflect to?

Answer 1

1. By registering entities, enrolling both MSP and TLS profiles, and copying missing stuff between folders. Make your own scripts if you wish. https://hyperledger-fabric-ca.readthedocs.io/en/release-1.4/users-guide.html#fabric-ca-client https://hyperledger-fabric-ca.readthedocs.io/en/latest/clientcli.html

2. https://fabric-sdk-node.github.io/release-1.4/FabricCAServices.html https://godoc.org/github.com/hyperledger/fabric-sdk-go/pkg/client/msp

3. That domain in crypto-config is used to compound peer and orderer domain/names, as you should have observed. As always, you can buy a domain, use docker internal name services or work directly with IP addresses if you wish. Everything works if you configure it correctly. Be careful that TLS certificates include the domain name or IP used in CN or SAN fields (--csr.hosts parameter in fabric-ca-client).

4. You can edit an identity, enroll the new certificates that reflect those changes and update your nodes with them whenever you want. Be careful that certificates inside admin folder define which certificates are recognised as admin (the admin role is per certificate, not per identity), so re-enrolling an admin certificate can be tiresome.