Closed feknall closed 7 months ago
feknall
commented
2 years ago It seems that there isn't any kind of communication between Fabric and Fabric-CA. They use a simple approach. The general idea is to put the private key of CA inside MSP (Or put the private key of MSP in CA!?).
In any case, I was thinking that when a node wants to verify one certificate, it will contact that CA to make sure it is valid. But it is incorrect.
feknall
commented
2 years ago CAs can use OpenSSL or Cryptogen to create valid certificates that Fabric MSP accepts. For now, my focus is on using Fabric CA, because it seems ready to use without any implementation requirements.
feknall
commented
2 years ago According to this tutorial, my current understanding is correct.
For example:
Once the certificate issuance is complete and fabric network setup is done, these CAs are not required in daily operation. They are not participating in joining channels, deploying chaincode, invoking chaincode functions, etc. They are needed only when new components (add one more orderer or one more peer) or new users (add more client applications) are joining the setup and new certificates are generated.
feknall
commented
2 years ago The official guild of fabric-ca does not describe how to install fabric-ca-client and fabric-ca-server. In summary, you should go to fabric-ca repository, then download the binary files, and put them in a location that bash can find them as executable.
Fabric uses MSP (Membership Service Provider). MSP needs some certificates for the authentication of users. Therefore, users must get some kind of Certificate for communication with Fabric. In return, MSP should validate their certificates. As a result, there must be a way for connecting fabric MSP with CAs. Figure out this process should happen.