# 璇佷功绠$悊
## 绠€浠�
ChainMaker鍖哄潡閾剧綉缁滀腑浣跨敤鐨勮瘉涔︾被鍨嬫湁涓夊ぇ绫� `CA璇佷功` `鑺傜偣璇佷功` `鐢ㄦ埛璇佷功`銆�<br>
`CA璇佷功`: 鍙互鏄牴CA璇佷功銆佷腑闂碈A璇佷功銆佽嚜绛綜A璇佷功锛屽叾浣欎袱绫昏瘉涔﹂兘鏄娇鐢╜CA璇佷功`绛惧悕鐢熸垚銆�<br>
`鑺傜偣璇佷功`: 缁嗗垎涓哄叡璇嗚妭鐐广€佸悓姝ヨ妭鐐广€佽交鑺傜偣浣跨敤鐨勮瘉涔︺€傚悓姝ヨ妭鐐瑰拰杞昏妭鐐硅瘉涔︾被鍨嬬浉鍚屻€�<br>
`鐢ㄦ埛璇佷功`: 缁嗗垎涓虹鐞嗗憳鐢ㄦ埛璇佷功銆佹櫘閫氱敤鎴疯瘉涔︺€傚垎鍒搴旂鐞嗗憳鏉冮檺鍜屾櫘閫氱敤鎴锋潈闄愩€�<br>
涓嬮潰璇︾粏浠嬬粛ChainMaker缃戠粶涓悇绫昏瘉涔︺€�
## 璇佷功
- [CA璇佷功](#rootCert)
- [鑺傜偣璇佷功绫籡(#nodeCert)
- [鐢ㄦ埛璇佷功绫籡(#userCert)
<span id="rootCert"></span>
### CA璇佷功
涓€鑸瘡涓粍缁囦竴涓猔CA璇佷功`銆�<br>
`CA璇佷功`鍙€氳繃 [chainmaker-cryptogen](../instructions/璇佷功鐢熸垚宸ュ叿.md) 鎴栬€呰嚜寤虹殑 [CA璇佷功鏈嶅姟](./CA璇佷功鏈嶅姟.md) 鐢熸垚锛屼篃鍙€氳繃鍚戣瘉涔﹂鍙戞満鏋勭敵璇疯幏寰椼€�<br>
鏈粍缁囩殑鎵€鏈塦鑺傜偣璇佷功`浠ュ強`鐢ㄦ埛璇佷功`閮芥槸鐢辨`CA璇佷功`绛惧彂鐢熸垚銆�<br>
<span id="nodeCert"></span>
### 鑺傜偣璇佷功绫�
姣忎釜缁勭粐鑷冲皯鏈変竴涓叡璇嗚妭鐐癸紝涔熷彲浠ラ儴缃插涓€�<br>
姣忎釜缁勭粐鍙互鏈夎嫢骞插悓姝ュ拰杞昏妭鐐癸紝涔熷彲浠ヤ笉閮ㄧ讲銆�<br>
涓嶇浠€涔堢被鍨嬬殑鑺傜偣锛屾瘡涓妭鐐归兘浼氭湁涓€涓猔鑺傜偣TLS璇佷功`鍜屼竴涓猔鑺傜偣SIGN璇佷功`锛屽叾璇佷功瀛楁璇﹁[鑺傜偣璇佷功銆佺敤鎴疯瘉涔﹀瓧娈礭(#certFields)<br><br>
- 鍏辫瘑鑺傜偣
- 鑺傜偣TLS璇佷功
鐢ㄤ簬璺熷鎴风寤虹珛tls閾炬帴锛屼娇鐢╜CA璇佷功`绛惧彂鑾峰緱锛岃瘉涔﹀瓧娈典俊鎭涓嬬ず渚嬶細<br>
```shell
O=wx-org1.chainmaker.org
OU=consensus // 鍏辫瘑鑺傜偣璇佷功蹇呴』涓篶onsensus
CN=consensus1.wx-org1.chainmaker.org
sans=localhost // 鐢ㄤ簬tls鐨勮瘉涔ans瀛楁蹇呭~
```
- 鑺傜偣SIGN璇佷功
鐢ㄤ簬绛惧悕楠岀绛夌瓑锛屼娇鐢╜CA璇佷功`绛惧彂鑾峰緱锛岃瘉涔﹀瓧娈典俊鎭涓嬬ず渚嬶細<br>
```shell
O=wx-org1.chainmaker.org
OU=consensus // 鍏辫瘑鑺傜偣璇佷功蹇呴』涓篶onsensus
CN=consensus1.wx-org1.chainmaker.org
```
- 鍚屾鑺傜偣銆佽交鑺傜偣
鍚屾鑺傜偣涓庤交鑺傜偣鐨勮瘉涔﹁鏍煎畬鍏ㄤ竴鑷达紝浠ヤ笅绀轰緥閮戒簰鐩搁€傜敤锛屼笉鍐嶉噸澶嶄妇渚嬨€�
- 鑺傜偣TLS璇佷功
鐢ㄤ簬璺熷鎴风寤虹珛tls閾炬帴锛屼娇鐢╜CA璇佷功`绛惧彂鑾峰緱锛岃瘉涔﹀瓧娈典俊鎭涓嬬ず渚嬶細<br>
```shell
O=wx-org1.chainmaker.org
OU=common // 鍚屾鑺傜偣/杞昏妭鐐硅瘉涔﹀繀椤讳负common
CN=consensus1.wx-org1.chainmaker.org
sans=localhost // 鐢ㄤ簬tls鐨勮瘉涔ans瀛楁蹇呭~
```
- 鑺傜偣SIGN璇佷功
鐢ㄤ簬绛惧悕楠岀绛夌瓑锛屼娇鐢╜CA璇佷功`绛惧彂鑾峰緱锛岃瘉涔﹀瓧娈典俊鎭涓嬬ず渚嬶細<br>
```shell
O=wx-org1.chainmaker.org
OU=common // 鍚屾鑺傜偣/杞昏妭鐐硅瘉涔﹀繀椤讳负common
CN=consensus1.wx-org1.chainmaker.org
```
<span id="userCert"></span>
### 鐢ㄦ埛璇佷功绫�
鐢ㄦ埛璇佷功绫诲垎涓篳admin璇佷功绫籤鍒嗛厤缁欑鐞嗗憳鐢ㄦ埛浣跨敤鍜宍client璇佷功绫籤鍒嗛厤缁欐櫘閫氱敤鎴蜂娇鐢ㄣ€�<br>
姣忎釜缁勭粐鑷冲皯鏈変竴涓鐞嗗憳鐢ㄦ埛鍜岃嫢骞蹭釜鏅€氱敤鎴�<br>
涓嶇浠€涔堢被鍨嬬殑鐢ㄦ埛锛屾瘡涓敤鎴烽兘浼氭湁涓€涓猔鐢ㄦ埛TLS璇佷功`鍜屼竴涓猔鐢ㄦ埛SIGN璇佷功`锛屽叾璇佷功瀛楁璇﹁[鑺傜偣璇佷功銆佺敤鎴疯瘉涔﹀瓧娈礭(#certFields)<br><br>
- admin璇佷功绫�
- 鐢ㄦ埛TLS璇佷功
鐢ㄤ簬璺熻妭鐐瑰缓绔媡ls閾炬帴锛屼娇鐢╜CA璇佷功`绛惧彂鑾峰緱锛岃瘉涔﹀瓧娈典俊鎭涓嬬ず渚嬶細<br>
```shell
O=wx-org1.chainmaker.org
OU=admin // 绠$悊鍛樼敤鎴峰繀椤讳负admin
CN=admin1.wx-org1.chainmaker.org
```
- 鐢ㄦ埛SIGN璇佷功
鐢ㄤ簬绛惧悕楠岀绛夌瓑锛屼娇鐢╜CA璇佷功`绛惧彂鑾峰緱锛岃瘉涔﹀瓧娈典俊鎭涓嬬ず渚嬶細<br>
```shell
O=wx-org1.chainmaker.org
OU=admin // 绠$悊鍛樼敤鎴峰繀椤讳负admin
CN=admin1.wx-org1.chainmaker.org
```
- client璇佷功绫�
- 鐢ㄦ埛TLS璇佷功
鐢ㄤ簬璺熻妭鐐瑰缓绔媡ls閾炬帴锛屼娇鐢╜CA璇佷功`绛惧彂鑾峰緱锛岃瘉涔﹀瓧娈典俊鎭涓嬬ず渚嬶細<br>
```shell
O=wx-org1.chainmaker.org
OU=client // 鏅€氱敤鎴峰繀椤讳负client
CN=client1.wx-org1.chainmaker.org
```
- 鐢ㄦ埛SIGN璇佷功
鐢ㄤ簬绛惧悕楠岀绛夌瓑锛屼娇鐢╜CA璇佷功`绛惧彂鑾峰緱锛岃瘉涔﹀瓧娈典俊鎭涓嬬ず渚嬶細<br>
```shell
O=wx-org1.chainmaker.org
OU=client // 鏅€氱敤鎴峰繀椤讳负client
CN=client1.wx-org1.chainmaker.org
```
## 閾句笂鍙樻洿
### 缁勭粐CA璇佷功绫�
- [浣跨敤cmc鏂板缁勭粐CA璇佷功](../dev/鍛戒护琛屽伐鍏�.html#chainConfig.addOrgRootCA)
- [浣跨敤cmc鍒犻櫎缁勭粐CA璇佷功](../dev/鍛戒护琛屽伐鍏�.html#chainConfig.delOrgRootCA)
- [浣跨敤cmc鏇存柊缁勭粐CA璇佷功](../dev/鍛戒护琛屽伐鍏�.html#chainConfig.updateOrgRootCA)
## 闄勫綍
<span id="certFields"></span>
### 鑺傜偣璇佷功銆佺敤鎴疯瘉涔﹀瓧娈�
鑺傜偣璇佷功鍜岀敤鎴疯瘉涔﹀瓧娈甸€氱敤
| 瀛楁 | 鍚箟 | 瑙勮寖 |
| :----: | :----: | :----: |
| C | country 鍥藉 | 濡傦細CN |
| L | locality 浣嶇疆(鍩庡競) | 濡傦細Guangzhou |
| ST | state 鐪佷唤(宸�) | 濡傦細Guangdong |
| O | organization 缁勭粐 | 瀵瑰簲chainmaker鐨勭粍缁嘔D锛坥rgId锛夊锛歸x-org1.chainmaker.org |
| OU | organizationalUnit 缁勭粐鍗曚綅 | 瀵瑰簲chainmaker閲岀殑鐢ㄦ埛瑙掕壊锛歝onsensus/common/admin/client |
| CN | commonName 甯哥敤鍚� | chainmaker閲岄€氬父浠ョ敤鎴稩D+缁勭粐ID褰㈠紡锛屽锛歝a.wx-testorg.chainmaker.org銆乤dmin1.wx-org1.chainmaker.org銆乧onsensus1.wx-org1.chainmaker.org銆乧lient1.wx-org1.chainmaker.org |
| expireYear | 璇佷功鏈夋晥鏈� | 浠ュ勾涓哄崟浣� 濡傦細2 |
| sans | 鑺傜偣璇佷功鐨勫湴鍧€淇℃伅 | 鍙负鑺傜偣鍦板潃IP锛屼篃鍙互鏄妭鐐瑰煙鍚� 濡傦細consensus1.wx-org1.chainmaker.org |
<br><br>