This document describes how to get a certificate to enroll in DLT network.
We basically use CFSSL components for CA server and certificate handling.
- Golang (v1.8+) installation
- openssl installation
- cfssl & cfssljson installation
Generate a private key and a CSR
$ openssl ecparam -name prime256v1 -out prime256v1.pem $ openssl req -new -newkey ec:prime256v1.pem -nodes -keyout client-key.pem.pkcs8 -out client.csr $ openssl ec -in client-key.pem.pkcs8 -out client-key.pem
Get a certificate from a CA Server
cfssl sign -remote "localhost:8888" -profile "client" client.csr | cfssljson -bare client -
-remoteoption is needed to specify the CA endpoint URI
-bareoption for cfssljson is needed to specify a prefix of output key files
You will get a certificate named
client.pem from CA, and are almost ready to execute your contracts.