Search code examples
node.jshyperledger-fabrichyperledger-fabric-caconvector

Can I deploy a rest api to Hyperledger Fabric without ca-server?

I have successfully follow the instructions of this repository fabric-network-on-swarm and created a swarm network and successfully install and instantiate my own chaincode that I had already created with convector.

I have also created a convector-rest-api based on this repository.

In my setup I have created the certs with cryptogen and I can't find the way to inject the rest api to my containers without using a fabric-ca-server & fabric-ca-client

-- Edited --

(1) Can I create my own network-profile.yaml like this?:

name: "Network"
version: "1.0"

channels:
  mychannel:
    orderers:
      - orderer.example.com
    peers:
      peer0.org1.example.com:
        endorsingPeer: true
        chaincodeQuery: true
        ledgerQuery: true
        eventSource: true

organizations:
  Org1:
    mspid: Org1MSP
    peers:
      - peer0.org1.example.com
    adminPrivateKey:
      path: test/fixtures/channel/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/keystore/9022d671ceedbb24af3ea69b5a8136cc64203df6b9920e26f48123fcfcb1d2e9_sk
    signedCert:
      path: test/fixtures/channel/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/signcerts/Admin@org1.example.com-cert.pem


orderers:
  orderer.example.com:
    url: grpcs://localhost:7050
    grpcOptions:
      ssl-target-name-override: orderer.example.com
      grpc-max-send-message-length: 4194304
    tlsCACerts:
      path: test/fixtures/channel/crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tlscacerts/example.com-cert.pem

peers:
  peer0.org1.example.com:
    url: grpcs://localhost:7051
    grpcOptions:
      ssl-target-name-override: peer0.org1.example.com
      grpc.keepalive_time_ms: 600000
    tlsCACerts:
      path: test/fixtures/channel/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tlscacerts/org1.example.com-cert.pem

Without adding information about my certificateAuthorities?

(2) With crytogen I generate crypto materials for orderer and my peer. Which certificate should I use as my keyStore to connect my api?

Solution

  • The fabric-ca is required when you want also to registry identities and issue certificates. However, if you use your own CA as cryptogen, it is not required the use of fabric-ca at the API. Instead of it, you should define the certificates that you will use for the connection, as well as the url of the Blockchain network. You have an example at the following link.

    --- Edited ---

    The following answers have been added to response to the two new questions asked by @StPaulis.

    1. Yes, you can create your own network-profile.yaml. It's more, you must do it.
    2. The credentials that you should use are those related to one of the users that you generate for the organization that own peers, for example, the admin keystore and signcert.