堆栈内存溢出
  简体   繁体   English

Fabric-CA根服务器和中间服务器

[英]Fabric-CA Root server and Intermediate server

 原文  2018-01-04 01:03:53       hyperledger-fabric/ ca

问题描述

In reference to this article HYPERLEDGER FABRIC CERTIFICATE AUTHORITY(CA) , I am trying to understand the relationship between the Fabric-CA Root server and the Fabric-CA Intermediate server. 在参考本文HYPERLEDGER FABRIC CERTIFICATE AUTHORITY(CA)时 ,我试图了解Fabric-CA根服务器与Fabric-CA中间服务器之间的关系。 Is it correct to say that, in the entire article, what has been discussed is – How to setup an “Intermediate” server? 在整个文章中,所讨论的是–如何设置“中间”服务器,这是正确的说法吗? If so, where is the Root server located? 如果是这样,根服务器在哪里? How does the Intermediate server discover / communicate with the Root server? 中间服务器如何发现根服务器/与根服务器通信?

[Diagram from the article] [ [文章摘录] 在此处输入图片说明 ] 2 ] 2

1 个解决方案

解决方案1
 1 已采纳  2018-01-04 05:21:07

First and foremost I would suggest you to refer to the Fabric Official documentation : http://hyperledger-fabric-ca.readthedocs.io/en/latest/users-guide.html#overview 首先,我建议您参考Fabric官方文档: http : //hyperledger-fabric-ca.readthedocs.io/en/latest/users-guide.html#overview

Any changes and corrections would be always reflected to the official documentation. 任何更改和更正将始终反映在官方文档中。

The entire article has been explained on how to setup a Hyperledger Fabric CA Server cluster. 整篇文章已经说明了如何设置Hyperledger Fabric CA Server群集。 (Ref: Difference between Fabric CA server and CA Client ) If you look at the diagram closely, you would be able to recognize that there is indeed a Root CA server. (参考: Fabric CA服务器和CA Client之间的区别 )如果仔细查看该图,您将能够识别出确实存在根CA服务器。 The reason the root CA is kept aside is because of security reasons. 根CA被搁置的原因是出于安全原因。 In case the root CA server/Root of Trust is compromised, the entire network will be compromised. 如果根CA服务器/信任根受到破坏,则整个网络都将受到破坏。 Protecting the root of trust is of utmost importance in PKI and this is a standard practice of setting up a PKI (Public Key Infrastructure) 保护信任根在PKI中至关重要,这是建立PKI(公共密钥基础结构)的标准做法

The role of one or more intermediate CA servers is to act as Certification Authorities to register, issue E-Certs/T-Certs, renewal and revocation of certs on behalf of the root CA having the same root of trust. 一台或多台中间CA服务器的作用是充当证书颁发机构,代表具有相同信任根的根CA进行注册,发布E-Certs / T-Certs,续订和吊销证书。

The diagram shows a cluster of Intermediate CA servers in Highly Available configuration using HA-Proxy coupled with a relational database (you can again opt for using a HA cluster of your database) to store all the user information. 该图显示了高可用性配置中的中间CA服务器集群,该集群使用HA-Proxy和关系数据库(您可以再次选择使用数据库的HA集群)来存储所有用户信息。

You can enroll an intermediate CA server just like you would do for normal users (peer/app) : 您可以像注册普通用户(对等/应用程序)一样注册中间CA服务器: 

fabric-ca-server start -b admin:adminpw -u http://<enrollmentID>:<secret>@<parentserver>:<parentport>

For more reference you can refer : http://hyperledger-fabric-ca.readthedocs.io/en/latest/users-guide.html#enrolling-an-intermediate-ca 有关更多参考,请参考: http : //hyperledger-fabric-ca.readthedocs.io/en/latest/users-guide.html#enrolling-an-intermediate-ca

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用 openldap 配置 hyperledger fabric-ca 服务器 - hyperledger fabric-ca server configure with openldap 无法本地启动Fabric-CA服务器 - Cannot start fabric-ca server natively Fabric-Ca服务器设置问题 - Fabric-Ca server setup issue 初始化Fabric-CA服务器时出错 - Error while Initializating Fabric-CA server 使用 Fabric-CA -server 的 Hyperledger Fabric 私钥 - Hyperledger fabric Private key using Fabric-CA -server 如何启用Fabric-CA服务器在证书中添加属性 - How to enable fabric-ca server to add attributes in certificates 如何在启用 tls 的情况下启动 fabric-ca 服务器 - How to start fabric-ca server with tls enabled 使用Cryptogen生成中间CA并启动中间结构CA服务器 - Use Cryptogen to generate intermediate CA and start an intermediate fabric CA server 如何使用Fabric CA详细构建中间CA服务器? - How to build intermediate CA server detailly using fabric ca? 如何使用cli命令检查用户是否在fabric-ca服务器中注册和注册? - How to check whether a user is registered and enrolled in fabric-ca server using cli commands?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM