I have deployed a CA and generated identities. I would like to be able to get information about identities that are registered with the CA. Specifically, given a certificate, I would like to verify that it is valid.
I've tried to get general identity information using fabric-ca-client using the following commands
$ fabric-ca-client --caname caname identity list
Error: Failed to get client TLS config: No trusted root certificates for TLS were provided
$ fabric-ca-client --caname caname --tls.certfiles ./artifacts/crypto/org/ca/caname-cert.pem identity list
Error: Failed to get client TLS config: Failed to read 'C:\Users\user\artifacts\artifacts/crypto/org/ca/caname-cert.pem': open C:\Users\user\artifacts/crypto/org/ca/caname-cert.pem: The system cannot find the path specified.
$ fabric-ca-client --caname caname --tls.certfiles /etc/hyperledger/fabric-ca-server/ca/caname-cert.pem identity list
Error: Failed to get client TLS config: Failed to read 'C:/Users/user/AppData/Local/Programs/Git/etc/hyperledger/fabric-ca-server/ca/caname-cert.pem': open C:/Users/user/AppData/Local/Programs/Git/etc/hyperledger/fabric-ca-server/ca/caname-cert.pem: The system cannot find the path specified.
$ winpty docker exec -ti 6e2d0d75cc38 fabric-ca-client --caname caname --tls.certfiles /etc/hyperledger/fabric-ca-server/ca/caname-cert.pem identity list
2023/09/13 23:13:29 [ERROR] Enrollment check failed: Idemix enrollment information does not exist
Error: Enrollment information does not exist. Please execute enroll command first. Example: fabric-ca-client enroll -u http://user:userpw@serverAddr:serverPort
My CA enrollment commands:
fabric-ca-client enroll \
-u https://${ADMIN_NAME}:${ADMIN_PWD}@${CA_ADDRESS} \
--caname caname} \
--tls.certfiles ./tlsca/tls-cert.pem
fabric-ca-client enroll \
-u https://${ADMIN_NAME}:${ADMIN_PWD}@${CA_ADDRESS} \
--caname caname} \
-M ./users/${ADMIN_NAME}@${ORG_NAME_FULL}/msp \
--tls.certfiles ./tlsca/tls-cert.pem
fabric-ca-client enroll \
-u https://${ADMIN_NAME}:${ADMIN_PWD}@${CA_ADDRESS} \
--caname caname \
-M ./users/${ADMIN_NAME}@${ORG_NAME_FULL}/tls \
--enrollment.profile tls \
--csr.hosts ${ADMIN_NAME}@${ORG_NAME_FULL} \
--csr.hosts localhost \
--tls.certfiles ./tlsca/tls-cert.pem
I am using docker to run the CA and am binding artifacts/crypto/fabric-ca/org to /etc/hyperledger/fabric-ca-server in the container. I lack experience doing anything meaningful with fabric-ca, so would appreciate any help.
Update:
I got the fabric-ca-client identity list command to work, and it lists out all identities registered with the CA. Now I want to either get their certs, or, given a cert, validate it is from that CA.