Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Understanding Various Certificates in Hyperledger fabric

Hello I am tryin to use hyperledger fabric for a block chain implementation. I did the first-network demo and found lot of certificates in it. I have tried arranging them hierarchically in below picture. enter image description here

I Have some questions related to them

  1. Why are all these different categories of certs required. Like different msp tls are they generated once and copied at different locations?
  2. How these different certificates will be used in different scenarios (like enrollment and communication.)
  3. If we dont use cryptogen then can some third party generate all these certificates.
  4. How can fabric-ca or any other third party CA help here.

TIA.

like image 588
Katiyman Avatar asked Sep 28 '17 09:09

Katiyman


People also ask

What is Certificate Authority in Hyperledger fabric?

Every operation in Hyperledger must be signed cryptographically with certificates. You can generate certificates yourself using OpenSSL or by using third party. Before moving further into details of CA lets first explore Hyperledger Fabric a little.

What is CRL certificate revocation list in fabric?

A certificate revocation list (CRL) is a list of digital certificates that have been revoked by the issuing certificate authority (CA) before their actual or assigned expiration date.

What is TLS in Hyperledger fabric?

Fabric supports for secure communication between nodes using TLS. TLS communication can use both one-way (server only) and two-way (server and client) authentication.

What is the difference between registration and enrollment in Hyperledger Fabric?

On Fabric, registration and enrollment are the same for X.509 Certificates and TLS Certificates. Hyperledger Fabric implements two types of certificates: 1) Enrollment Certificates for identities and 2) TLS Certificates for node and client communications.

What is Aha Hyperledger Fabric certification and how to get it?

A Hyperledger Fabric certification can help you prove your skills to the respected authorities. In an interview, you can showcase your certificate and claim that you are skilled on the said topic. As a result, you have a greater chance of landing the job than other participants.

How long does a Hyperledger Fabric CA client certificate last?

Client Certificates expire after one year, using the Hyperledger Fabric CA default settings. Client Certificates can be re-enrolled using either command line Hyperledger Fabric CA utilities or the Fabric CA client SDK.

What is CHFA certification Hyperledger?

Hyperledger partnered with The Linux Foundation to create blockchain professional certification programs. Certified Hyperledger Fabric Administrator The Certified Hyperledger Fabric Administrator (CHFA) will be able to to install, configure, operate, manage, and troubleshoot the nodes on a secure commercial Hyperledger Fabric network.


1 Answers

First of all thanks for creating the tree for the same.

I am a beginner in the hyperledger but what i understand from the hyperledger document that each Organization requires a unique root certificate (ca-cert), that binds specific components (peers and orderers) to that organization. Transactions and communications within Fabric are signed by an entity's private key (keystore), and then verified by means of a public key (signcerts).

As different organization also required to communicate or share their ledger so there is need of CA or MSP on organization level. Within each organization we can have multiple peers so we need certification for these peers too. Even peers from different organizations can join each other so signcerts(for authenticating) and TLScerts(for a secure handshake).

To have a look how these are generate i suggest you to Manually generate the artifacts

http://hyperledger-fabric.readthedocs.io/en/latest/build_network.html

and see the different certs in the folders inside as you created them.

like image 152
kots Avatar answered Oct 12 '22 21:10

kots