Re: Revoke User certificate


Nye Liu <nye@...>
 

You have to update each applicable channel configuration with the new crls. The peer/orderer MSP would then be checked to make sure the entity making the channel configuration update has permission to do so (depending on whether the update is to an orderer system channel or an application channel). This is my understanding but I could be very wrong.


On Tue, Dec 31, 2019, 9:02 AM Hojjat Jashnniloofar <h.niloofar@...> wrote:
Hello,
We are a team worked KYC solution on heyperledger fabric for last 2 years. We register each user and enroll certificate for each user and install keyPairs on user mobiles. In case of lost or theft, we want to revoke user certificate and reenroll them. We find sdk functions for revoke and reenroll but we want to ban old certificates to access the chaincode methods. We can generate ca crl but we don't know where we must place this CRLs or how to enforce peers to check certificate status before submit or evaluate transaction. 

We place this CRL (generated by ca) on peer in this path:
/etc/hyperledger/msp/peer/crls
but still user can submit transaction by revoked certificate.

anyone can help us in this case? 

Best Regards
Hojjat Jashnniloofar

Join fabric@lists.hyperledger.org to automatically receive all group messages.