1. enroll a new users:
fabric-ca-client enroll --id.name admin2 -u https://tongli:tonglipw@u1804:7054 --tls.certfiles $(pwd)/cakeys/ca.org1-cert.pem
Notice that the cert pem file at the end has to be the ca certificate
2. Once a user is enrolled, the admin can register the user which will provide a password for the user:
fabric-ca-client register --id.name admin2 --id.attrs 'hf.Revoker=true,admin=true:ecert' -u https://tongli:tonglipw@u1804:7054 --tls.certfiles $(pwd)/cakeys/ca.org1-cert.pem
3. You can also add affiliation by doing the following:
a) enroll a new user:
fabric-ca-client enroll --id.name admin -u https://tongli:tonglipw@u1804:7054 --tls.certfiles $(pwd)/cakeys/ca.org1-cert.pem
b) register the new user
fabric-ca-client register --id.name admin --id.attrs 'hf.Revoker=true,admin=true:ecert' -u https://tongli:tonglipw@u1804:7054 --tls.certfiles $(pwd)/cakeys/ca.org1-cert.pem
c) now add the new affiliation
fabric-ca-client affiliation add org1 -u https://admin:qxuPwzKYVFAn@u1804:7054 --tls.certfiles $(pwd)/cakeys/ca.org1-cert.pem
d) nested affiliation just need to use dot, for example
fabric-ca-client affiliation add org1.department1.department1 -u https://admin:qxuPwzKYVFAn@u1804:7054 --tls.certfiles $(pwd)/cakeys/ca.org1-cert.pem
One can enroll many ids, the difference for user, peer, orderer is how these id get registered. When register the id, you will need to specify a type for example:
export FABRIC_CA_CLIENT_HOME=$HOME/fabric-ca/clients/admin fabric-ca-client register --id.name client1 --id.type client \
--id.affiliation bu1.department1.Team1
The created user signcerts should be named <id>@<org name>-cert.pem
Otherwise, gosdk can not find the certificate, the access will fail.
No comments:
Post a Comment