Hyperledger Fabric:fabric-ca-client使用的默认enrollment.profile是什么?

时间:2018-12-06 18:58:48

标签: hyperledger-fabric

Fabric-ca-client页未提及fabric-ca-client使用的默认enrollment.profile是什么。 

$ fabric-ca-client enroll --help
Enroll identity with Fabric CA server

Usage:
  fabric-ca-client enroll -u http://user:userpw@serverAddr:serverPort [flags]

Global Flags:
      --caname string                  Name of CA
      --csr.cn string                  The common name field of the certificate signing request
      --csr.hosts stringSlice          A list of space-separated host names in a certificate signing request
      --csr.keyrequest.algo string     Specify key algorithm
      --csr.keyrequest.size int        Specify key size
      --csr.names stringSlice          A list of comma-separated CSR names of the form <name>=<value> (e.g. C=CA,O=Org1)
      --csr.serialnumber string        The serial number in a certificate signing request
  -d, --debug                          Enable debug level logging
      --enrollment.attrs stringSlice   A list of comma-separated attribute requests of the form <name>[:opt] (e.g. foo,bar:opt)
      --enrollment.label string        Label to use in HSM operations
      --enrollment.profile string      Name of the signing profile to use in issuing the certificate
      --enrollment.type string         The type of enrollment request: 'x509' or 'idemix' (default "x509")
  -H, --home string                    Client's home directory (default "/Users/sjain68/.fabric-ca-client")
      --id.affiliation string          The identity's affiliation
      --id.attrs stringSlice           A list of comma-separated attributes of the form <name>=<value> (e.g. foo=foo1,bar=bar1)
      --id.maxenrollments int          The maximum number of times the secret can be reused to enroll (default CA's Max Enrollment)
      --id.name string                 Unique name of the identity
      --id.secret string               The enrollment secret for the identity being registered
      --id.type string                 Type of identity being registered (e.g. 'peer, app, user') (default "client")
  -M, --mspdir string                  Membership Service Provider directory (default "msp")
  -m, --myhost string                  Hostname to include in the certificate signing request during enrollment (default "WITSC02X6385JGH")
  -a, --revoke.aki string              AKI (Authority Key Identifier) of the certificate to be revoked
  -e, --revoke.name string             Identity whose certificates should be revoked
  -r, --revoke.reason string           Reason for revocation
  -s, --revoke.serial string           Serial number of the certificate to be revoked
      --tls.certfiles stringSlice      A list of comma-separated PEM-encoded trusted certificate files (e.g. root1.pem,root2.pem)
      --tls.client.certfile string     PEM-encoded certificate file when mutual authenticate is enabled
      --tls.client.keyfile string      PEM-encoded key file when mutual authentication is enabled
  -u, --url string                     URL of fabric-ca-server (default "http://localhost:7054")

我们想知道:

  • fabric-ca-client使用的默认enrollment.profile是什么?
  • 这有什么关系?

1 个答案:

答案 0 :(得分:0)

默认情况下,Fabric CA有3个配置文件:

signing:
    default:
      usage:
        - digital signature
      expiry: 8760h
    profiles:
      ca:
         usage:
           - cert sign
           - crl sign
         expiry: 43800h
         caconstraint:
           isca: true
           maxpathlen: 0
      tls:
         usage:
            - signing
            - key encipherment
            - server auth
            - client auth
            - key agreement
         expiry: 8760h

它们之间的区别是密钥用法和扩展密钥用法。默认配置文件(用于注册)为数字签名颁发证书。

ca配置文件用于根证书(允许您签署证书)。

tls配置文件用于TLS ...请注意,它不包含数字签名作为用途

相关问题
最新问题