我无法为结构“用户”类型的身份提供允许TLS Web客户端身份验证的结构证书。
在用户身份的注册过程中,将传递CSR并返回签名的结构证书。在此过程中,我需要用户身份证书具有X.509属性:
X509v3扩展密钥用法: TLS Web客户端身份验证
这将允许证书使用与另一个结构签名服务器的相互TLS进行身份验证。问题是,如何说服面料添加此属性?
当前,用户是使用对fabric-ca-client的api调用来注册和注册的。
registerRequestJson, err := json.Marshal(FabricCARegisterRequest{
Id: newFabricUserId,
Type: "user",
Secret: registerSecret.String(),
MaxEnrollments: 1,
})
regRequest, err := http.NewRequest("POST",
fmt.Sprintf("https://%s%s", os.Getenv(FABRIC_CA_SERVER_ADDR), FABRIC_CA_SERVER_API_REGISTER_PATH),
bytes.NewBuffer(registerRequestJson))
enrollRequestJson, err := json.Marshal(FabricCAEnrollRequest{
Request: csr,
})
enrollRequest, err := http.NewRequest("POST",
fmt.Sprintf("https://%s:%s@%s%s", newFabricUserId, registerSecret.String(), os.Getenv(FABRIC_CA_SERVER_ADDR), FABRIC_CA_SERVER_API_ENROLL_PATH),
bytes.NewBuffer(enrollRequestJson))
一个示例结果证书(已由结构签名)是:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
66:ad:8a:4d:b2:0f:c3:4a:89:3e:50:2f:09:08:8a:2b:0e:05:d7:cc
Signature Algorithm: ecdsa-with-SHA256
Issuer: C=US, ST=California, L=San Francisco, O=omitted, CN=ca.omitted
Validity
Not Before: Jul 10 18:35:00 2018 GMT
Not After : Jul 10 18:35:00 2019 GMT
Subject: CN=abe7d015-fe68-4265-8612-3b038f94360e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
omitted
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Certificate Sign
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
omitted
X509v3 Authority Key Identifier:
omitted
Signature Algorithm: ecdsa-with-SHA256
omitted
任何帮助将不胜感激!