如何在对等方和订购方中使用TLS设置区块链网络? | 如何在对等方和订购方中使用TLS设置区块链网络

本文介绍了如何在对等方和订购方中使用TLS设置区块链网络?的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

超级账本文档中的此页面显示应使用哪个环境变量来设置对等方和订购者: https://hyperledger-fabric.readthedocs.io/en/release-1.3/enable_tls.html

This page in hyperledger documentation shows which enviroment variable should be used to setup peers and orderers: https://hyperledger-fabric.readthedocs.io/en/release-1.3/enable_tls.html

在同龄人中:

并在订购者中:

问题是，我不知道我应该在那些env变量中使用哪种加密材料证书.

The problem is, I don't know which certificate from the crypto materal I should use in those env variables.

例如，在创建通道时，我不知道应使用每个env变量，该命令需要一个用于tls连接的以下参数:

And I don't know each env variable should be used when, for example, when creating the channel, a command that requires the following arguments for a tls connection:

1)在启动对等方和订购者时，应该使用生成的加密材料中的哪个证书?

1) Which certificate from the crypto material generated I should use in while starting the peer and orderer?

2)我应该在对等通道create命令中将哪个证书作为参数传递?

2) Which certificate should I pass as arguments in the peer channel create command?

推荐答案

这就是我正在做的(对我有用):

This is what I'm doing (and works for me):

订购者:

          (....)
          - ORDERER_GENERAL_TLS_ENABLED=true
          - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
          - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
          - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
        working_dir: /opt/gopath/src/github.com/hyperledger/fabric
        command: orderer
        volumes:
        - ./crypto-config/ordererOrganizations/org1.example.com/orderers/orderer.org1.example.com/tls/:/var/hyperledger/orderer/tls
        (....)

对等:

   (....)
          - CORE_PEER_TLS_ENABLED=true
          - CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
          - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
          - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
        working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
        command: peer node start
        volumes:
            - ./crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls:/etc/hyperledger/fabric/tls
  (....)

CLI:

(....)
          - CORE_PEER_TLS_ENABLED=true
          - CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
          - CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
          - CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
(....)

创建频道命令:

peer channel create -o orderer.org1.example.com:7050 -c channelname --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/org1.example.com/orderers/orderer.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem -f ./channel-artifacts/channelname.tx

这篇关于如何在对等方和订购方中使用TLS设置区块链网络?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！