Re: How to add an intermediate CA with Fabric CA and docker #fabric-ca #docker


Kavin Arumugam
 

Hi Famar,

If you are exploring for the first time, I would suggest you to go with Fabric CA Binaries based Deployment by referring to the following link.
If you are comfortable with the above ones, then go ahead for docker based Deployment.

Thanks & Regards
Kavin Arumugam

On Tue, Mar 1, 2022 at 4:07 PM famar <fabrizio.marangio@...> wrote:
Hello everyone, I'm trying to implement a test fabric network by setting 1 TLS-CA, 1 ROOT-CA, 1 ORG, 1 Orderer and 1 Intermediate CA.
I'm having some trouble implementing intermediate CA with docker.
Questa è la sezione del file docker-compose.yaml relativa all'intermediate CA:
 
  ica-org0:
    container_name: ica-org0
    image: hyperledger/fabric-ca:latest
    command: sh -c 'fabric-ca-server start -d -b icaadmin:icaadminpw --port 7054'
    environment:
        - FABRIC_CA_SERVER_HOME=/tmp/hyperledger/fabric-ca/crypto
        - FABRIC_CA_SERVER_TLS_ENABLED=true
        - FABRIC_CA_SERVER_CSR_CN=rca-org2
        - FABRIC_CA_SERVER_CSR_HOSTS=0.0.0.0
        - FABRIC_CA_SERVER_CSR_CN=
        - FABRIC_CA_SERVER_CSR_CA_PATHLENGTH=0
        - FABRIC_CA_SERVER_INTERMEDIATE_PARENTSERVER_CANAME=rca-org0
        - FABRIC_CA_SERVER_INTERMEDIATE_PARENTSERVER_URL=https://rca-org0-admin:rca-org0-adminpw@0.0.0.0:7053
        - FABRIC_CA_SERVER_INTERMEDIATE_PARENTSERVER_INTERMEDIATE_ENROLLMENT_HOSTS=0.0.0.0
        - FABRIC_CA_SERVER_INTERMEDIATE_PARENTSERVER_INTERMEDIATE_ENROLLMENT_PROFILE=ca
        - FABRIC_CA_SERVER_INTERMEDIATE_TLS_CERTFILES=/tmp/hyperledger/ca-tls/ca/crypto/ca-cert.pem
        - FABRIC_CA_SERVER_OPERATIONS_LISTENADDRESS=127.0.0.1:9444
        - FABRIC_CA_SERVER_DEBUG=true
    volumes:
        - /tmp/hyperledger/ica-org0/ca:/tmp/hyperledger/fabric-ca
    networks:
        - fabric-ca
    ports:
        - 7054:7054

I am having trouble registering identities and moving through certificates. Would you know what steps to follow to enter an intermediate CA? Thank you

Join fabric@lists.hyperledger.org to automatically receive all group messages.