"cryptogen" Command - Generate Keys and Certificates

Q

How to run "cryptogen" command to generate private keys and public certificates to support organizations and users needed for BYFN (Build Your First Network)?

✍: FYIcenter.com

A

You can follow this tutorial to run "cryptogen" command to generate private keys and public certificates to support organizations and users needed for BYFN.

The "cryptogen" command file is located in the ../bin directory. It takes the crypto-config.yaml file as the input:

$ cd hyperledger-binaries/fabric-samples/first-network

$ ../bin/cryptogen generate --config=./crypto-config.yaml
org1.example.com
org2.example.com

Private keys and public certificates are generated in the ./crypto-config sub-directory:

$ ls -l ./crypto-config

drwxr-xr-x 3 fyicenter 4096 Apr  1 21:13 ordererOrganizations
drwxr-xr-x 4 fyicenter 4096 Apr  1 21:13 peerOrganizations

If you look at each sub-directory listed above, you will see:

./crypto-config
   ordererOrganizations
      example.com
         ca
            c2db251e..._sk
            ca.example.com-cert.pem
         msp
            admincerts
               Admin@example.com-cert.pem
            cacerts
               ca.example.com-cert.pem
            tlscacerts
               tlsca.example.com-cert.pem
         orderers
            orderer.example.com
               msp
                  admincerts
                     Admin@example.com-cert.pem
                  cacerts
                     ca.example.com-cert.pem
                  keystore
                     bb109a4c..._sk
                  signcerts
                     orderer.example.com-cert.pem
                  tlscacerts
                     tlsca.example.com-cert.pem
               tls
                  ca.crt
                  server.crt
                  server.key
         tlsca
            98ee0920..._sk
            tlsca.example.com-cert.pem
         users
            Admin@example.com
               msp
                  admincerts
                     ...
                  cacerts
                     ...
                  keystore
                     ...
                  signcerts
                     ...
                  tlscacerts
                     ...
               tls
                  ca.crt
                  client.crt
                  client.key
   peerOrganizations
      org1.example.com/
         ca
            ...
         msp
            ...
         peers
            ...
         tlsca
            ...
         users
            ...
      org2.example.com/
         ca
            ...
         msp
            ...
         peers
            ...
         tlsca
            ...
         users
            ...

As you can see, we got enough private keys and certificates for orders and peers to run TLS secured communications, for orders and peers to identify themselves, and administrators and users to access the network remotely.

 

BYFN Root CA Certificates

BYFN crypto-config.yaml Configuration File

Hyperledger Fabric Sample Networks

⇑⇑ Hyperledger Tutorials

2019-05-04, 303👍, 0💬