Introduction

Hyperledger Fabric is a permissioned blockchain, thus, each network participant must have a digital identity (certificate) to convience other participants that it has rights to perform actions in the network or even be part of the network and Fabric CA [1] is used to manage these identities.

Think of a border control. To cross the border, you need to provide your passport. Where do you get that from? Yes, from the government! In our case, the government is Fabric CA [1] and the passport is the certificate.

Fabric CA [1] offers functionalities like registering/renewing/deleting identities, issuing crypto materials for the registered identity, revoking identities, generating CRLs (Certificate Revocation List) [2] and more.

There are 3 types of identities, peer, client, orderer and admin. Each of these identities has its own role in the network. Let’s go through them:

Peer:

A peer identity is used by peer nodes that form consensus in the network. Peers are also responsible for storing the blockchain history (ledger).

Client:

A client identity is used by external applications that are willing to be integrated to the network.

Orderer:

An order identity is used by orderer nodes that ensure transaction ordering and transaction broadcasting.

Admin:

An admin identity used by organization admins that perform administrative tasks in the network, such as adding peers/orderers to a channel, updating network configuration (configtx.yaml [3]), managing chaincodes etc.

[1] (1,2,3)

CA stands for Certificate Authority.

[2]

CRL is a registry that stores list of revoked certificates to prevent eliminated-identity interaction with the network.

[3]

configtx.yaml is the configuratin file of the network. It describes all the participating peer and orderer organizations along with their rights in the network.