mirror of
https://github.com/hyperledger/fabric-samples.git
synced 2026-06-17 15:35:09 +00:00
652f0744cd
Currently client authentication is not enabled on any peers and orderer in the fabric-ca sample. This change set will enable client authentication on all the peers and orderer. Change-Id: If3c6a5dc6d1dc3a38096608617971945bde359c0 Signed-off-by: Anil Ambati <aambati@us.ibm.com>
41 lines
1.4 KiB
Bash
Executable file
41 lines
1.4 KiB
Bash
Executable file
#!/bin/bash
|
|
#
|
|
# Copyright IBM Corp. All Rights Reserved.
|
|
#
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
#
|
|
|
|
set -e
|
|
|
|
source $(dirname "$0")/env.sh
|
|
|
|
awaitSetup
|
|
|
|
# Although a peer may use the same TLS key and certificate file for both inbound and outbound TLS,
|
|
# we generate a different key and certificate for inbound and outbound TLS simply to show that it is permissible
|
|
|
|
# Generate server TLS cert and key pair for the peer
|
|
fabric-ca-client enroll -d --enrollment.profile tls -u $ENROLLMENT_URL -M /tmp/tls --csr.hosts $PEER_HOST
|
|
|
|
# Copy the TLS key and cert to the appropriate place
|
|
TLSDIR=$PEER_HOME/tls
|
|
mkdir -p $TLSDIR
|
|
cp /tmp/tls/signcerts/* $CORE_PEER_TLS_CERT_FILE
|
|
cp /tmp/tls/keystore/* $CORE_PEER_TLS_KEY_FILE
|
|
rm -rf /tmp/tls
|
|
|
|
# Generate client TLS cert and key pair for the peer
|
|
genClientTLSCert $PEER_NAME $CORE_PEER_TLS_CLIENTCERT_FILE $CORE_PEER_TLS_CLIENTKEY_FILE
|
|
|
|
# Generate client TLS cert and key pair for the peer CLI
|
|
genClientTLSCert $PEER_NAME /$DATA/tls/$PEER_NAME-cli-client.crt /$DATA/tls/$PEER_NAME-cli-client.key
|
|
|
|
# Enroll the peer to get an enrollment certificate and set up the core's local MSP directory
|
|
fabric-ca-client enroll -d -u $ENROLLMENT_URL -M $CORE_PEER_MSPCONFIGPATH
|
|
finishMSPSetup $CORE_PEER_MSPCONFIGPATH
|
|
copyAdminCert $CORE_PEER_MSPCONFIGPATH
|
|
|
|
# Start the peer
|
|
log "Starting peer '$CORE_PEER_ID' with MSP at '$CORE_PEER_MSPCONFIGPATH'"
|
|
env | grep CORE
|
|
peer node start
|