From dada89c710c94680a9fb104f252ae1b7d7bfbf43 Mon Sep 17 00:00:00 2001 From: Dave Enyeart Date: Fri, 17 Mar 2023 09:08:03 -0400 Subject: [PATCH] Remove csr.hosts from msp enrollments (#1009) Flag --csr.hosts is only relevant for tls enrollments, it adds the SAN to the TLS cert. For msp enrollments, the cert is only used for identity, therefore there is no need for SAN and no need to pass --csr.hosts. Having --csr.hosts for msp enrollments is misleading, this commit removes it. Signed-off-by: David Enyeart --- .../scripts/generate-hsm-user.sh | 4 ++-- test-network/addOrg3/fabric-ca/registerEnroll.sh | 4 ++-- .../organizations/fabric-ca/registerEnroll.sh | 12 ++++++------ 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/hardware-security-module/scripts/generate-hsm-user.sh b/hardware-security-module/scripts/generate-hsm-user.sh index 46614c93..faeefe82 100755 --- a/hardware-security-module/scripts/generate-hsm-user.sh +++ b/hardware-security-module/scripts/generate-hsm-user.sh @@ -58,6 +58,6 @@ CAADMIN="admin" CAADMIN_PW="adminpw" HSMUSER=$1 -SOFTHSM2_CONF=$HSM2_CONF fabric-ca-client enroll -c $CLIENT_CONFIG -u https://$CAADMIN:$CAADMIN_PW@$CA_URL --mspdir "$CRYPTO_PATH"/$CAADMIN --csr.hosts example.com --tls.certfiles "${TLS_CERT}" +SOFTHSM2_CONF=$HSM2_CONF fabric-ca-client enroll -c $CLIENT_CONFIG -u https://$CAADMIN:$CAADMIN_PW@$CA_URL --mspdir "$CRYPTO_PATH"/$CAADMIN --tls.certfiles "${TLS_CERT}" ! SOFTHSM2_CONF=$HSM2_CONF fabric-ca-client register -c $CLIENT_CONFIG --mspdir "$CRYPTO_PATH"/$CAADMIN --id.name "$HSMUSER" --id.secret "$HSMUSER" --id.type client --caname ca-org1 --id.maxenrollments 0 -m example.com -u https://$CA_URL --tls.certfiles "${TLS_CERT}" && echo user probably already registered, continuing -SOFTHSM2_CONF=$HSM2_CONF fabric-ca-client enroll -c $CLIENT_CONFIG -u https://"$HSMUSER":"$HSMUSER"@$CA_URL --mspdir "$CRYPTO_PATH"/"$HSMUSER" --csr.hosts example.com --tls.certfiles "${TLS_CERT}" \ No newline at end of file +SOFTHSM2_CONF=$HSM2_CONF fabric-ca-client enroll -c $CLIENT_CONFIG -u https://"$HSMUSER":"$HSMUSER"@$CA_URL --mspdir "$CRYPTO_PATH"/"$HSMUSER" --tls.certfiles "${TLS_CERT}" diff --git a/test-network/addOrg3/fabric-ca/registerEnroll.sh b/test-network/addOrg3/fabric-ca/registerEnroll.sh index 6d5b4652..0c43aaf5 100644 --- a/test-network/addOrg3/fabric-ca/registerEnroll.sh +++ b/test-network/addOrg3/fabric-ca/registerEnroll.sh @@ -47,12 +47,12 @@ function createOrg3 { infoln "Generating the peer0 msp" set -x - fabric-ca-client enroll -u https://peer0:peer0pw@localhost:11054 --caname ca-org3 -M "${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/msp" --csr.hosts peer0.org3.example.com --tls.certfiles "${PWD}/fabric-ca/org3/tls-cert.pem" + fabric-ca-client enroll -u https://peer0:peer0pw@localhost:11054 --caname ca-org3 -M "${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/msp" --tls.certfiles "${PWD}/fabric-ca/org3/tls-cert.pem" { set +x; } 2>/dev/null cp "${PWD}/../organizations/peerOrganizations/org3.example.com/msp/config.yaml" "${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/msp/config.yaml" - infoln "Generating the peer0-tls certificates" + infoln "Generating the peer0-tls certificates, use --csr.hosts to specify Subject Alternative Names" set -x fabric-ca-client enroll -u https://peer0:peer0pw@localhost:11054 --caname ca-org3 -M "${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls" --enrollment.profile tls --csr.hosts peer0.org3.example.com --csr.hosts localhost --tls.certfiles "${PWD}/fabric-ca/org3/tls-cert.pem" { set +x; } 2>/dev/null diff --git a/test-network/organizations/fabric-ca/registerEnroll.sh b/test-network/organizations/fabric-ca/registerEnroll.sh index 181c270e..178db6cf 100755 --- a/test-network/organizations/fabric-ca/registerEnroll.sh +++ b/test-network/organizations/fabric-ca/registerEnroll.sh @@ -56,12 +56,12 @@ function createOrg1() { infoln "Generating the peer0 msp" set -x - fabric-ca-client enroll -u https://peer0:peer0pw@localhost:7054 --caname ca-org1 -M "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp" --csr.hosts peer0.org1.example.com --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" + fabric-ca-client enroll -u https://peer0:peer0pw@localhost:7054 --caname ca-org1 -M "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" { set +x; } 2>/dev/null cp "${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/config.yaml" - infoln "Generating the peer0-tls certificates" + infoln "Generating the peer0-tls certificates, use --csr.hosts to specify Subject Alternative Names" set -x fabric-ca-client enroll -u https://peer0:peer0pw@localhost:7054 --caname ca-org1 -M "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls" --enrollment.profile tls --csr.hosts peer0.org1.example.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" { set +x; } 2>/dev/null @@ -142,12 +142,12 @@ function createOrg2() { infoln "Generating the peer0 msp" set -x - fabric-ca-client enroll -u https://peer0:peer0pw@localhost:8054 --caname ca-org2 -M "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp" --csr.hosts peer0.org2.example.com --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" + fabric-ca-client enroll -u https://peer0:peer0pw@localhost:8054 --caname ca-org2 -M "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" { set +x; } 2>/dev/null cp "${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp/config.yaml" - infoln "Generating the peer0-tls certificates" + infoln "Generating the peer0-tls certificates, use --csr.hosts to specify Subject Alternative Names" set -x fabric-ca-client enroll -u https://peer0:peer0pw@localhost:8054 --caname ca-org2 -M "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls" --enrollment.profile tls --csr.hosts peer0.org2.example.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" { set +x; } 2>/dev/null @@ -219,12 +219,12 @@ function createOrderer() { infoln "Generating the orderer msp" set -x - fabric-ca-client enroll -u https://orderer:ordererpw@localhost:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp" --csr.hosts orderer.example.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" + fabric-ca-client enroll -u https://orderer:ordererpw@localhost:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" { set +x; } 2>/dev/null cp "${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml" "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/config.yaml" - infoln "Generating the orderer-tls certificates" + infoln "Generating the orderer-tls certificates, use --csr.hosts to specify Subject Alternative Names" set -x fabric-ca-client enroll -u https://orderer:ordererpw@localhost:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls" --enrollment.profile tls --csr.hosts orderer.example.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" { set +x; } 2>/dev/null