Instructions on TLS enabled external chaincode server

1. Add instructions to generate a chaincode server TLS
parameters.
2. Add instructions on different parameters that peer node
expects and the chaincode expects.
3. Add instructions on steps to be followed in asset-transfer
-basic to work with iTLS enabled exteral chaincode.

Signed-off-by: S m, Aruna <arun.s.m.cse@gmail.com>

asset-transfer-basic/chaincode-external/README.md

@@ -172,3 +172,65 @@ node app.js
 ```
 
 If all goes well, the program should run exactly the same as described in the "Writing Your First Application" tutorial.
+
+## Enabling TLS for chaincode and peer communication
+
+**Note:** This section uses an example of self-signed certificate. You may use your organization hosted CA to issue the certificate and generate a key for production deployment.
+
+In the sample so far, you connected both peers in `test-network` to the single instance of chaincode server. However, if you would like to enable TLS between the peer nodes and the chaincode server, each peer node needs to have its own CA certificate. Enabling TLS is made possible at runtime in the chaincode.
+
+- As a first step generate a keypair that can be used. Run these commands from the `fabric-samples/asset-transfer-basic/chaincode-external` directory.
+
+*Find instructions to install `openssl` in [openssl.org](https://www.openssl.org/)*
+
+For `org1.example.com`
+
+```
+openssl req -nodes -x509 -newkey rsa:4096 -keyout crypto/key1.pem -out crypto/cert1.pem -subj "/C=IN/ST=KA/L=Bangalore/O=example Inc/OU=Developer/CN=asset-transfer-basic.org1.example.com/emailAddress=dev@asset-transfer-basic.org1.example.com"
+```
+
+For `org2.example.com`
+
+```
+openssl req -nodes -x509 -newkey rsa:4096 -keyout crypto/key2.pem -out crypto/cert2.pem -subj "/C=IN/ST=KA/L=Bangalore/O=example Inc/OU=Developer/CN=asset-transfer-basic.org2.example.com/emailAddress=dev@asset-transfer-basic.org2.example.com"
+```
+
+- Copy the CA file contents for both `org1.example.com` & `org2.example.com`
+
+```
+cp ../../test-network/organizations/peerOrganizations/org1.example.com/ca/ca.org1.example.com-cert.pem crypto/rootcert1.pem
+cp ../../test-network/organizations/peerOrganizations/org2.example.com/ca/ca.org2.example.com-cert.pem crypto/rootcert2.pem
+```
+
+- Generate a client key and cert for auth purpose. You need a key and cert generated from the CA of each organization. Peer nodes act as clients to chaincode server.
+
+- Change the `connection.json` with the below contents. The `root_cert` parameter is the root CA certificate which the chaincode server is run with. You may run the below commands to get the certificate file contents as strings and copy them when needed.
+
+```
+awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' crypto/cert1.pem
+awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' crypto/cert2.pem
+```
+
+Similarly, replace the `client_key` and the `client_cert` contents with the values from the previous step.
+
+```
+{
+  "address": "asset-transfer-basic.org1.example.com:9999",
+  "dial_timeout": "10s",
+  "tls_required": true,
+  "client_auth_required": true,
+  "client_key": "-----BEGIN PRIVATE KEY----- ... -----END PRIVATE KEY-----",
+  "client_cert": "-----BEGIN CERTIFICATE---- ... -----END CERTIFICATE-----",
+  "root_cert": "-----BEGIN CERTIFICATE---- ... -----END CERTIFICATE-----"
+}
+```
+
+- Follow the instructions in [Package](#packaging-and-installing-chaincode) and [Install](#installing-the-external-chaincode) steps for each organization. Remember that the chaincode server's address for the second organization is `asset-transfer-basic.org2.example.com:9999`.
+
+- Copy the appropriate `CHAINCODE_ID` to both [chaincode1.env](./chaincode1.env) and [chaincode2.env](./chaincode2.env) files. Bring up the chaincode containers using the docker-compose command below
+
+```
+docker-compose up -f docker-compose-chaincode.yaml up --build -d
+```
+
+- Follow the instructions in [Finish Deployment](#finish-deploying-the-asset-transfer-basic-external-chaincode-) for each organization seperately.