Second Admin Enroll to Create Wallet

Q

How can the second admin create his/her own certificate and save it in a wallet?

✍: FYIcenter.com

A

You need to pass the identity name and password of "admin2" and "WSATRHlgxxnk" to the second admin to create his/her own certificate and save it in a wallet.

1. Pass identity "admin2" and "WSATRHlgxxnk" to Amy.

2. Amy installs Fabric CA Client and run "fabric-ca-client enroll" command:

$ export FABRIC_CA_CLIENT_HOME=~/fabric-ca/native-client/amy
$ cd ~/fabric-ca/native-client/amy

$ ~/go/bin/fabric-ca-client enroll -u http://admin2:WSATRHlgxxnk@localhost:7054
[INFO] Created a default configuration file at ./fabric-ca-client-config.yaml
[INFO] generating key: &{A:ecdsa S:256}
[INFO] encoded CSR
[INFO] signed certificate with serial number 497183575063526499977106891241978927849496353524
[INFO] 127.0.0.1:54492 POST /enroll 201 0 "OK"
[INFO] Stored client certificate at ./msp/signcerts/cert.pem
[INFO] Stored root CA certificate at ./msp/cacerts/localhost-7054.pem
[INFO] Stored Issuer public key at ./msp/IssuerPublicKey
[INFO] Stored Issuer revocation public key at ./msp/IssuerRevocationPublicKey

3. Amy checks her certificate:

$ ~/go/bin/fabric-ca-client certificate list

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 22673016... (0x27b6eea6...)
    Signature Algorithm: ECDSA-SHA256
        Issuer: C=US,ST=North Carolina,O=Hyperledger,OU=Fabric,CN=fabric-ca-server
        Subject: C=US,ST=North Carolina,O=Hyperledger,OU=client,OU=org1,\
            OU=department1,CN=admin2
        Subject Public Key Info:
            Public Key Algorithm: ECDSA
                Public-Key: (256 bit)
                X:
                    69:98:1b:b0:c5:0f:ba:71:88:e3:95:1a:d6:10:d4:
                    69:b6:9d:2b:d4:e6:78:dc:49:ac:2b:46:4e:55:50:
                    a1:1b
                Y:
                    db:fa:4e:37:d2:a3:fb:cf:dc:fc:de:01:df:28:e4:
                    72:23:b5:ef:da:b7:9b:36:c7:dc:ea:d5:49:96:2d:
                    dc:83
                Curve: P-256
...

4. Amy tries to list all identities:

$ ~/go/bin/fabric-ca-client identity list
[INFO] 127.0.0.1:55850 GET /identities 403 42 "'admin2' is not a registrar"
Error: &{Code:71 Message:Authorization failure}

As you can see, Amy, as "admin2", got her certificate in her wallet. But her identity does not have permission to list all identities.

 

Register Identity of "user" Type

"fabric-ca-client register" - Register Second Admin

Fabric CA (Certificate Authority)

⇑⇑ Hyperledger Tutorials

2019-09-16, 334👍, 0💬