Create member identities

One additional step will be to create certificates for each member’s staff. These certificates will have custom attributes on them containing a list of operations that the staff member is allowed to perform. In this section, each member will create certificates used to verify the identities of each of its personnel and track the operations they perform.

Each member's staff performs different duties and has different chaincode permissions

All members should type the following commands from the Cloud9 terminal. Note that the passwords used in this module are identical for ease of training, but in a production environment, you would want to use unique, randomly-generated passwords for security reasons.

This creates certificates for various personnel, and then copies the certificate public keys for these identities to an S3 bucket where the other members can download them.

# create worker 1 cert
cd
fabric-ca-client register --id.name $WORKER1_NAME --id.affiliation $MEMBER_NAME --tls.certfiles $HOME/managedblockchain-tls-chain.pem --id.type user --id.secret Password123 --id.attrs "permissions=$WORKER1_PERMISSIONS:ecert" -M admin-msp -H $HOME
fabric-ca-client enroll -u https://$WORKER1_NAME:Password123@$CASERVICEENDPOINT --tls.certfiles $HOME/managedblockchain-tls-chain.pem -M $HOME/$WORKER1_NAME-msp -H $HOME
cp -r admin-msp/admincerts/ $WORKER1_NAME-msp

# create worker 2 cert
fabric-ca-client register --id.name $WORKER2_NAME --id.affiliation $MEMBER_NAME --tls.certfiles $HOME/managedblockchain-tls-chain.pem --id.type user --id.secret Password123 --id.attrs "permissions=$WORKER2_PERMISSIONS:ecert" -M admin-msp -H $HOME
fabric-ca-client enroll -u https://$WORKER2_NAME:Password123@$CASERVICEENDPOINT --tls.certfiles $HOME/managedblockchain-tls-chain.pem -M $HOME/$WORKER2_NAME-msp -H $HOME
cp -r admin-msp/admincerts/ $WORKER2_NAME-msp

# upload admin certs to S3 bucket
export cacert=$(ls $HOME/admin-msp/cacerts/ca-*.pem)
aws s3api put-object --bucket $BUCKET_NAME --key ${MEMBER_ABBREVIATION}cacert.pem --body $cacert --acl bucket-owner-full-control
aws s3api put-object --bucket $BUCKET_NAME --key ${MEMBER_ABBREVIATION}admincert.pem --body $HOME/admin-msp/admincerts/cert.pem --acl bucket-owner-full-control