Hyperledger fabric CA TLS certificate enrolment using fabric node sdk

Question

How i can replicate the following command using the fabric node sdk

fabric-ca-client enroll -d -u https://peer1-org2:peer1PW@0.0.0.0:7052 --enrollment.profile tls --csr.hosts peer1-org2

Below is what i am doing but ca gives me the normal enrolment certificates not the tls ones. When i am using the fabric-ca-client for the tls certificates it gives me the tls certificates and my network runs successfully but when i use the fabric node client for the same it gives me the tls handshake error. I know i have to pass csr.hosts peer1-org2 but csr params in the below request require csr generated by the openssl that i dont want to use i want to rely on the default functionality of the fabric node sdk which generate it by it self.

 let enrollment = await ca.enroll({ enrollmentID: ordererName, enrollmentSecret: admnSecret, profile: `tls` });

Answer 1

@Arun

what you mentioned command is correct for TLS

 let enrollment = await ca.enroll({ enrollmentID: ordererName, enrollmentSecret: admnSecret, profile: `tls` });

Understand the profile TLS:

When a CA sign a particular identity it needs some details like what you are trying to do with the newly generated identity, you need to provide these details and CA will internally use these instructions and make available in the new identities in the form of extensions

How to verify TLS?

Parse the certificate by using an online tool and you should see below information under Extensions Section then you can use this certificate and privcatekey for TLS

TLS Web Server Authentication, TLS Web Client Authentication

keyUsage
Digital Signature, Key Encipherment

extendedKeyUsage
TLS Web Server Authentication, TLS Web Client Authentication

basicConstraints
CA:FALSE

authorityKeyIdentifier
keyid:10:FC:A9:5A:4D:91:7A:5A:58:4E:BC:5A:8F:86:24:DD:B9:54:D3:F2:24:B1:9E:08:75:EC:7E:46:08:8D:28:3B

subjectAltName
DNS:peer0.hype, DNS:peer0, DNS:localhost, DNS:hype-peer0-hype, DNS:hype-peer1-hype