Reputation: 37
Hyperledger Fabric Caliper is not using Certificate Authority (CA) server to submit transaction
In Hperledger caliper for benchmarking of fabric network, I have provided the connection profile with detail of CA. The transaction is successfully submitted to the network which is in the remote machine. I have checked the logs on peers, orderers, and CA. Only CA didn't have a log of requests to the CA server. In my assumption, while submitting the transaction using fabric gateway the invoker identity must be verified by the CA. But this is not happing as a result of my configuration.
In which case CA server does not need to be enabled while submitting the transactions?
Edit: The question is edited to make the question specific to the involvement of CA while submitting the secure transaction on TLS enabled system.
Thank you!
Upvotes: 1
Views: 151
Answers (1)
Reputation: 2576
It seems necessary to study the PKI and certificate(X.509) structure. Fabric-CA acts as an organization's CA and manages the identifiers of the each organization's member(orderer, peer, client...).
The authentication/authorization process for an identifier can be performed based on a certificate issued to a CA, but it does not need to be associated with a CA during the process.
In other words, during the P2P verification process, the CA is independent.
Taking the legacy system as an example, Facebook has issued a certificate from digicert, and the browser can verify the identifier through that certificate. (For Root CA verification, it is provided whitelisted at your browser or OS level level.)
It's like asking why you don't use digicert (Fabric-CA) when you say you do a transaction throughput benchmark for Facebook (peer/orderer).
Fabric-CA does not have a ledger and is not support for reading or storing transactions in the blockchain. it is just CA in Fabric Network, independent of the transaction processing benchmark.
- If authentication/authorization for a resource has to be performed in the form of a live stream to a CA, it will have dependencies and cause big problems
(e.g. ifdigicert's system is paralyzed,Facebookwill be paralyzed too)
in process, Fabric-CA issues an identifier on the network at the bootstrap stage before performing the benchmark, rather than verifying in the transaction processing process (if it has been created in advance through cryptogen, issuance. It can be seen as being.)
Upvotes: 0
Related Questions
- fabric-ca request register failed with errors [[ { code: 71, message: 'Authorization failure' } ]]
- fabric-ca-client enroll with error: post http:/localhost:7054/enroll x509: certificate is valid for someip not localhost
- fabric-ca request register failed | fabric-samples release-1.4 | balance-transfer network
- fabric-ca-client enroll with error Failed to read response of request: POST http://localhost:7054
- Run intermediate CA with TLS enabled: connection to root CA refused
- Hyperlegder Fabric: CA certificate does not have CA attribute even though it does
- Hyperledger Fabric CA Authorization failure
- Hyperledger fabric: fabric-ca request register failed with errors [[{"code":20,"message":"Authorization failure"}]]
- Error while Initializating Fabric-CA server
- Fabric-Ca server setup issue