Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Understanding Various Certificates in Hyperledger fabric

Tags:

ca

hyperledger-fabric

hyperledger

hyperledger-composer

Hello I am tryin to use hyperledger fabric for a block chain implementation. I did the first-network demo and found lot of certificates in it. I have tried arranging them hierarchically in below picture. enter image description here

I Have some questions related to them

  1. Why are all these different categories of certs required. Like different msp tls are they generated once and copied at different locations?
  2. How these different certificates will be used in different scenarios (like enrollment and communication.)
  3. If we dont use cryptogen then can some third party generate all these certificates.
  4. How can fabric-ca or any other third party CA help here.

TIA.

like image 588
Katiyman Avatar asked Sep 28 '17 09:09

Katiyman

People also ask

What is Certificate Authority in Hyperledger fabric?

Every operation in Hyperledger must be signed cryptographically with certificates. You can generate certificates yourself using OpenSSL or by using third party. Before moving further into details of CA lets first explore Hyperledger Fabric a little.

What is CRL certificate revocation list in fabric?

A certificate revocation list (CRL) is a list of digital certificates that have been revoked by the issuing certificate authority (CA) before their actual or assigned expiration date.

What is TLS in Hyperledger fabric?

Fabric supports for secure communication between nodes using TLS. TLS communication can use both one-way (server only) and two-way (server and client) authentication.

What is the difference between registration and enrollment in Hyperledger Fabric?

On Fabric, registration and enrollment are the same for X.509 Certificates and TLS Certificates. Hyperledger Fabric implements two types of certificates: 1) Enrollment Certificates for identities and 2) TLS Certificates for node and client communications.

What is Aha Hyperledger Fabric certification and how to get it?

A Hyperledger Fabric certification can help you prove your skills to the respected authorities. In an interview, you can showcase your certificate and claim that you are skilled on the said topic. As a result, you have a greater chance of landing the job than other participants.

How long does a Hyperledger Fabric CA client certificate last?

Client Certificates expire after one year, using the Hyperledger Fabric CA default settings. Client Certificates can be re-enrolled using either command line Hyperledger Fabric CA utilities or the Fabric CA client SDK.

What is CHFA certification Hyperledger?

Hyperledger partnered with The Linux Foundation to create blockchain professional certification programs. Certified Hyperledger Fabric Administrator The Certified Hyperledger Fabric Administrator (CHFA) will be able to to install, configure, operate, manage, and troubleshoot the nodes on a secure commercial Hyperledger Fabric network.

1 Answers

First of all thanks for creating the tree for the same.

I am a beginner in the hyperledger but what i understand from the hyperledger document that each Organization requires a unique root certificate (ca-cert), that binds specific components (peers and orderers) to that organization. Transactions and communications within Fabric are signed by an entity's private key (keystore), and then verified by means of a public key (signcerts).

As different organization also required to communicate or share their ledger so there is need of CA or MSP on organization level. Within each organization we can have multiple peers so we need certification for these peers too. Even peers from different organizations can join each other so signcerts(for authenticating) and TLScerts(for a secure handshake).

To have a look how these are generate i suggest you to Manually generate the artifacts

http://hyperledger-fabric.readthedocs.io/en/latest/build_network.html

and see the different certs in the folders inside as you created them.

like image 152
kots Avatar answered Oct 12 '22 21:10

kots
Sign in to Comment

Related questions

Hyperledger Fabric scalability
Error: Cannot find module './api' (Hyperledger composer)
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running? inside a Dockerfile
Hyperledger Fabric Difference between user's privileges
Hyperledger Fabric Composer - restricting access rights of system administrators
Hyperledger Fabric - Core.yaml
How do we enforce privacy while providing tracing of provenance using multiple channels in Hyperledger Fabric v1.0?
Hyperledger Fabric CLI docker container
panic: http: multiple registrations for /debug/requests
Error when try to instantiate chain-code on Hyperledger Fabric
What are reasons for the deprecation of Hyperledger Composer?
Hyperledger Fabric GOSSIP_BOOTSTRAP & GOSSIP_EXTERNALENDPOINTS
Error: got unexpected status: FORBIDDEN -- Failed to reach implicit threshold of 1 sub-policies, required 1 remaining: permission denied
measuring Hyperledger Composer performance using Hyperledger Caliper
How to get all transaction history against a chaincode in Hyperledger fabric
What exactly are Channel in Hyperledger Fabric v1?
How can I set up hyperledger fabric with multiple hosts using Docker?
ERROR: manifest for hyperledger/fabric-orderer:latest not found
How do I resolve the error on hyperledger fabric?
How to add more orderer nodes to a running hyperledger fabric network

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!