This material will instruct you on how to connect your peer to the IBM Blockchain Platform within IBM Cloud Private.

Learning objectives

In this tutorial, you’ll learn how to deploy your peer within IBM Cloud Private on the IBM Blockchain Platform.

Prerequisites

Before you begin this tutorial, you’ll need the following:

  • An IBM Cloud account.
  • An IBM Cloud Private Cluster v3.1.:
  • An IBM Blockchain Helm Chart.
  • Fabric CA Client v1.2.1:

    Install by using the following code:

    curl -sSL http://bit.ly/2ysbOFE | bash -s 1.2.1 1.2.1 -d -s
    export PATH=$PATH:<path to /fabric-client/bin>
    export FABRIC_CFG_PATH=<path to /config of fabric-client>
    
  • Go (at least version 1.10.x or higher, but not 1.12.x).

Estimated time

Completing this tutorial should take approximately 60 to 90 minutes.

Steps

  1. Deploy your CA
  2. Operate your CA
  3. Deploy your peer
  4. Operate your peer

Deploy your CA

This is the document that I’m following: https://ibm.co/2PevrUP
I am here: https://ibm.co/2Q4CsNk

Note: Austins-MacBook-Pro: is my prompt. Your prompt will look different, depending on the system you’re using. Additionaly, $HOME path could be different from mine. You could use the tilde (~) as an alternative to $HOME. Just be careful as to where you are making directories in the following commands.

  1. Encode a username and password into base64 format for your CA Kubernetes Secret:

    Austins-MacBook-Pro:~ Austin$ mkdir fabric-ca-client
    Austins-MacBook-Pro:~ Austin$ cd fabric-ca-client
    Austins-MacBook-Pro:fabric-ca-client Austin$ export FLAG=$(if [ "$(uname -s)" == "Linux" ]; then echo "-w 0"; else echo "-b 0"; fi)
    Austins-MacBook-Pro:fabric-ca-client Austin$ echo -n 'admin' | base64 $FLAG
    Austins-MacBook-Pro:fabric-ca-client Austin$ echo -n 'adminpw' | base64 $FLAG
    
  2. Create your Kubernetes Secret for your CA.
    Deploying your CA

  3. Now deploy your CA.
    Deploying your CA

Operate your CA

This is the document that I’m following: https://ibm.co/2RsjKvT
I am here: https://ibm.co/2reNvEO.

The URL of your CA is the Proxy Node of your IBM Cloud Private (ICP) cluster. The next command will grab your port.

  1. Grab the port of your CA:

    Austins-MacBook-Pro:fabric-ca-client Austin$ kubectl get service your-ca-ca
    

    Operating your CA

    Note: I am here.

  2. Make a couple of directories and make an export:

    Austins-MacBook-Pro:fabric-ca-client Austin$ mkdir ca-admin/
    Austins-MacBook-Pro:fabric-ca-client Austin$ mkdir catls/
    Austins-MacBook-Pro:fabric-ca-client Austin$ export FABRIC_CA_CLIENT_HOME=$HOME/fabric-ca-client/ca-admin
    
  3. Now execute step 3 of your Helm Release:

    Austins-MacBook-Pro:fabric-ca-client Austin$ cd catls/
    Austins-MacBook-Pro:catls Austin$ export POD_NAME=$(kubectl get pods --namespace bcaas-usa -l "app=ibm-ibp, release=your-ca" -o jsonpath="{.items[0].metadata.name}")
    Austins-MacBook-Pro:catls Austin$ kubectl exec $POD_NAME -- cat /etc/hyperledger/fabric-ca-server/ca-cert.pem > tls.pem && cat tls.pem | base64 $FLAG
    
    Austins-MacBook-Pro:catls Austin$ cd ..
    Austins-MacBook-Pro:fabric-ca-client Austin$ tree
    .
    ├── ca-admin
    └── catls
       └── tls.pem
    

    Operating your CA - Helm Release

    Note: I am here.

    We are going to generate the certificates for our CA Admin. You’ll notice a .yaml folder and msp directory after this command:

    Austins-MacBook-Pro:fabric-ca-client Austin$ fabric-ca-client enroll -u https://<username for CA secret>:<password for CA secret@<CA URL w/ port> --caname <CA name you deployed for your CA> --tls.certfiles <path to catls/tls.pem file>
    
    Austins-MacBook-Pro:fabric-ca-client Austin$ fabric-ca-client enroll -u https://admin:adminpw@9.12.19.115:31216 --caname SampleOrgCA --tls.certfiles $HOME/fabric-ca-client/catls/tls.pem
    2018/12/03 21:10:24 [INFO] Created a default configuration file at /Users/Austin/fabric-ca-client/ca-admin/fabric-ca-client-config.yaml
    2018/12/03 21:10:24 [INFO] TLS Enabled
    2018/12/03 21:10:24 [INFO] generating key: &{A:ecdsa S:256}
    2018/12/03 21:10:24 [INFO] encoded CSR
    2018/12/03 21:10:25 [INFO] Stored client certificate at /Users/Austin/fabric-ca-client/ca-admin/msp/signcerts/cert.pem
    2018/12/03 21:10:25 [INFO] Stored root CA certificate at /Users/Austin/fabric-ca-client/ca-admin/msp/cacerts/9-12-19-115-31216-SampleOrgCA.pem
    
    Austins-MacBook-Pro:fabric-ca-client Austin$ tree
    .
    ├── ca-admin
    │     ├── fabric-ca-client-config.yaml
    │     └── msp
    │         ├── cacerts
    │         │   └── 9-12-19-115-30969-SampleOrgCA.pem
    │        ├── keystore
    │         │   └── c89f8083a93fed8fb03687bbbccd76f069443faccba9d1a3656adbf6e944142c_sk
    │         ├── signcerts
    │         │   └── cert.pem
    │         └── user
    └── catls
       └── tls.pem
    

Deploy your Peer

This is the document that I’m following: https://ibm.co/2SpPTUD.
I am here: https://ibm.co/2SjcUZs.

Austins-MacBook-Pro:fabric-ca-client Austin$ fabric-ca-client enroll -u https://<username for CA secret>:<password for CA secret@<CA URL w/ port> --caname <CA name you deployed for your CA> --tls.certfiles <path to catls/tls.pem file>

Austins-MacBook-Pro:fabric-ca-client Austin$ fabric-ca-client enroll -u https://admin:adminpw@9.12.19.115:31216 --caname SampleOrgCA --tls.certfiles $HOME/fabric-ca-client/catls/tls.pem
2018/12/03 21:10:24 [INFO] Created a default configuration file at /Users/Austin/fabric-ca-client/ca-admin/fabric-ca-client-config.yaml
2018/12/03 21:10:24 [INFO] TLS Enabled
2018/12/03 21:10:24 [INFO] generating key: &{A:ecdsa S:256}
2018/12/03 21:10:24 [INFO] encoded CSR
2018/12/03 21:10:25 [INFO] Stored client certificate at /Users/Austin/fabric-ca-client/ca-admin/msp/signcerts/cert.pem
2018/12/03 21:10:25 [INFO] Stored root CA certificate at /Users/Austin/fabric-ca-client/ca-admin/msp/cacerts/9-12-19-115-31216-SampleOrgCA.pem

Austins-MacBook-Pro:fabric-ca-client Austin$ tree
.
├── ca-admin
│     ├── fabric-ca-client-config.yaml
│     └── msp
│         ├── cacerts
│         │   └── 9-12-19-115-30969-SampleOrgCA.pem
│        ├── keystore
│         │   └── c89f8083a93fed8fb03687bbbccd76f069443faccba9d1a3656adbf6e944142c_sk
│         ├── signcerts
│         │   └── cert.pem
│         └── user
└── catls
    └── tls.pem

Deploying your CA

Right now, we can fill out our CA Component. You can find this information from the Connection Profile of our IBM Blockchain Platform instance:

cahost: fft-zbc01c.4.secure.blockchain.ibm.com # CA URL without its port
caport: 20260 # CA's port number
caname: PeerOrg2CA # CA name
  1. To fill out the cacert portion run the following commands. You can find the CA TLS Certificate in the Connection Profile of your IBM Blockchain Platform instance: echo -e 'paste in Certificate Authority (CA) TLS Certificate' | base64 $FLAG The output from this command, has to be on one line:

    LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlFbERDQ0EzeWdBd0lCQWdJUUFmMmo2MjdLZGNpSVE0dHlTOCs4a1RBTkJna3Foa2lHOXcwQkFRc0ZBREJoDQpNUXN3Q1FZRFZRUUdFd0pWVXpFVk1CTUdBMVVFQ2hNTVJHbG5hVU5sY25RZ1NXNWpNUmt3RndZRFZRUUxFeEIzDQpkM2N1WkdsbmFXTmxjblF1WTI5dE1TQXdIZ1lEVlFRREV4ZEVhV2RwUTJWeWRDQkhiRzlpWVd3Z1VtOXZkQ0JEDQpRVEFlRncweE16QXpNRGd4TWpBd01EQmFGdzB5TXpBek1EZ3hNakF3TURCYU1FMHhDekFKQmdOVkJBWVRBbFZUDQpNUlV3RXdZRFZRUUtFd3hFYVdkcFEyVnlkQ0JKYm1NeEp6QWxCZ05WQkFNVEhrUnBaMmxEWlhKMElGTklRVElnDQpVMlZqZFhKbElGTmxjblpsY2lCRFFUQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCDQpBTnl1V0pCTndjUXdGWkExVzI0OGdoWDFMRnk5NDl2L2NVUDZaQ1dBMU80WW9rM3dadEFLYzI0Um1EWVhaSzgzDQpuZjM2UVlTdng2K00vaHB6VGM4emw1Q2lsb2RUZ3l1NXBuVklMUjFXTjN2YU1USWExNnlyQnZTcVhVdTNSMGJkDQpLcFBEa0M1NWdJRHZFd1JxRkR1MW01Syt3Z2RsVHZ6YS9QOTZydHhjZmxVeERPZzVCNlRYdmkvVEMyclNzZDlmDQovbGQwVXpzMWdOMnVqa1NZczU4TzA5cmcxL1JyS2F0RXAwdFloRzJTUzRIRDJuT0xFcGRJa0FSRmRScmROekdYDQprdWpOVkEwNzVNRS9PVjR1dVBOY2ZoQ09oa0VBalVWbVI3Q2haYzZncWlrSlR2T1g2K2d1cXc5eXB6QU8rc2YwDQovUlIzdzZSYktGZkNzL21DL2JkRldKc0NBd0VBQWFPQ0FWb3dnZ0ZXTUJJR0ExVWRFd0VCL3dRSU1BWUJBZjhDDQpBUUF3RGdZRFZSMFBBUUgvQkFRREFnR0dNRFFHQ0NzR0FRVUZCd0VCQkNnd0pqQWtCZ2dyQmdFRkJRY3dBWVlZDQphSFIwY0RvdkwyOWpjM0F1WkdsbmFXTmxjblF1WTI5dE1Ic0dBMVVkSHdSME1ISXdONkExb0RPR01XaDBkSEE2DQpMeTlqY213ekxtUnBaMmxqWlhKMExtTnZiUzlFYVdkcFEyVnlkRWRzYjJKaGJGSnZiM1JEUVM1amNtd3dONkExDQpvRE9HTVdoMGRIQTZMeTlqY213MExtUnBaMmxqWlhKMExtTnZiUzlFYVdkcFEyVnlkRWRzYjJKaGJGSnZiM1JEDQpRUzVqY213d1BRWURWUjBnQkRZd05EQXlCZ1JWSFNBQU1Db3dLQVlJS3dZQkJRVUhBZ0VXSEdoMGRIQnpPaTh2DQpkM2QzTG1ScFoybGpaWEowTG1OdmJTOURVRk13SFFZRFZSME9CQllFRkErQVlSeUNNV0hWTHlqbmpVWTR0Q3poDQp4dG5pTUI4R0ExVWRJd1FZTUJhQUZBUGVVRFZXMFV5N1p2Q2o0aHNidzVleVBkRlZNQTBHQ1NxR1NJYjNEUUVCDQpDd1VBQTRJQkFRQWpQdDlMMGpGQ3BiWitRbHdhUk14cDBXaTBYVXZnQkNGc1MrSnR6TEhnbDQrbVV3bk5xaXBsDQo1VGxQSG9PbGJseVlvaVFtNXZ1aDdaUEhMZ0xHVFVxL3NFTGZlTnF6cVBsdC95R0ZVelpnVEhiTzdEamMxbEdBDQo4TVhXNWRSTkoyU3JtOGMrY2Z0SWw3Z3piY2tUQis2V29oc1lGZlpjVEVEdHM4THMvM0hCNDBmLzFMa0F0RGRDDQoyaURKNm02SzdoUUdybjJpV1ppSXFCdHZMZlR5eVJSZkpzOHNqWDd0TjhDcDFUbTVncjhaRE9vMHJ3QWhhUGl0DQpjK0xKTXRvNEpRdFYwNW9kOEdpRzdTNUJOTzk4cFZBZHZ6cjUwOEVJRE9idEhvcFlKZVM0ZDYwdGJ2VlMzYlIwDQpqNnRKTHAwN2t6UW9IM2pPbE9ySHZkUEpiUnplWERMeg0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlEcnpDQ0FwZWdBd0lCQWdJUUNEdmdWcEJDUnJHaGRXckpXWkhIU2pBTkJna3Foa2lHOXcwQkFRVUZBREJoDQpNUXN3Q1FZRFZRUUdFd0pWVXpFVk1CTUdBMVVFQ2hNTVJHbG5hVU5sY25RZ1NXNWpNUmt3RndZRFZRUUxFeEIzDQpkM2N1WkdsbmFXTmxjblF1WTI5dE1TQXdIZ1lEVlFRREV4ZEVhV2RwUTJWeWRDQkhiRzlpWVd3Z1VtOXZkQ0JEDQpRVEFlRncwd05qRXhNVEF3TURBd01EQmFGdzB6TVRFeE1UQXdNREF3TURCYU1HRXhDekFKQmdOVkJBWVRBbFZUDQpNUlV3RXdZRFZRUUtFd3hFYVdkcFEyVnlkQ0JKYm1NeEdUQVhCZ05WQkFzVEVIZDNkeTVrYVdkcFkyVnlkQzVqDQpiMjB4SURBZUJnTlZCQU1URjBScFoybERaWEowSUVkc2IySmhiQ0JTYjI5MElFTkJNSUlCSWpBTkJna3Foa2lHDQo5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBNGp2aEVYTGVxS1RUbzFlcVVLS1BDM2VReWFLbDdoTE9sbHNCDQpDU0RNQVpPblRqQzNVL2REeEdrQVY1M2lqU0xkaHdaQUFJRUp6czRiZzcvZnpUdHhSdUxXWnNjRnMzWW5Gbzk3DQpuaDZWZmU2M1NLTUkydGF2ZWd3NUJtVi9TbDBmdkJmNHE3N3VLTmQwZjNwNG1WbUZhRzVjSXpKTHYwN0E2RnB0DQo0M0MvZHhDLy9BSDJoZG1vUkJCWU1xbDFHTlhSb3I1SDRpZHE5Sm96K0VrSVlJdlVYN1E2aEwraHFrcE1mVDdQDQpUMTlzZGw2Z1N6ZVJudHdpNW0zT0ZCcU9hc3YremJNVVpCZkhXeW1lTXIveTd2clRDMExVcTdkQk10b00xTy80DQpnZFc3alZnL3RSdm9TU2lpY05veEJOMzNzaGJ5VEFwT0I2anRTajFldFgramtNT3ZKd0lEQVFBQm8yTXdZVEFPDQpCZ05WSFE4QkFmOEVCQU1DQVlZd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVUE5NVFOVmJSDQpUTHRtOEtQaUd4dkRsN0k5MFZVd0h3WURWUjBqQkJnd0ZvQVVBOTVRTlZiUlRMdG04S1BpR3h2RGw3STkwVlV3DQpEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBTXVjTjZwSUV4SUsrdDFFbkU5U3NQVGZyZ1QxZVhrSW95UVkvRXNyDQpoTUF0dWRYSC92VEJIMWpMdUcyY2VuVG5tQ21yRWJYamNLQ2h6VXlJbVpPTWtYRGlxdzhjdnBPcC8yUFY1QWRnDQowNk8vblZzSjhkV080MVAwam1QNlA2ZmJ0R2JmWW1iVzBXNUJqZkl0dGVwM1NwK2RXT0lyV2NCQUkrMHRLSUpGDQpQbmxVa2lhWTRJQklxRGZ2OE5aNVlCYmVyT2dPelc2c1JCYzRMMG5hNFVVK0tyazJVODg2VUFiM0x1akVWMGxzDQpZU0VZMVFTdGVEd3NPb0JycCt1dkZSVHAySW5CdVRoczRwRnNpdjlrdVhjbFZ6REFHeVNqNGR6cDMwZDh0YlFrDQpDQVV3N0MyOUM3OUZ2MUM1cWZQcm1BRVNyY2lJeHBnMFg0MEtQTWJwMVpXVmJkND0NCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0NCgo
    

    For our Configuration:

    "catls": { "cacert":"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlFbERDQ0EzeWdBd0lCQWdJUUFmMmo2MjdLZGNpSVE0dHlTOCs4a1RBTkJna3Foa2lHOXcwQkFRc0ZBREJoDQpNUXN3Q1FZRFZRUUdFd0pWVXpFVk1CTUdBMVVFQ2hNTVJHbG5hVU5sY25RZ1NXNWpNUmt3RndZRFZRUUxFeEIzDQpkM2N1WkdsbmFXTmxjblF1WTI5dE1TQXdIZ1lEVlFRREV4ZEVhV2RwUTJWeWRDQkhiRzlpWVd3Z1VtOXZkQ0JEDQpRVEFlRncweE16QXpNRGd4TWpBd01EQmFGdzB5TXpBek1EZ3hNakF3TURCYU1FMHhDekFKQmdOVkJBWVRBbFZUDQpNUlV3RXdZRFZRUUtFd3hFYVdkcFEyVnlkQ0JKYm1NeEp6QWxCZ05WQkFNVEhrUnBaMmxEWlhKMElGTklRVElnDQpVMlZqZFhKbElGTmxjblpsY2lCRFFUQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCDQpBTnl1V0pCTndjUXdGWkExVzI0OGdoWDFMRnk5NDl2L2NVUDZaQ1dBMU80WW9rM3dadEFLYzI0Um1EWVhaSzgzDQpuZjM2UVlTdng2K00vaHB6VGM4emw1Q2lsb2RUZ3l1NXBuVklMUjFXTjN2YU1USWExNnlyQnZTcVhVdTNSMGJkDQpLcFBEa0M1NWdJRHZFd1JxRkR1MW01Syt3Z2RsVHZ6YS9QOTZydHhjZmxVeERPZzVCNlRYdmkvVEMyclNzZDlmDQovbGQwVXpzMWdOMnVqa1NZczU4TzA5cmcxL1JyS2F0RXAwdFloRzJTUzRIRDJuT0xFcGRJa0FSRmRScmROekdYDQprdWpOVkEwNzVNRS9PVjR1dVBOY2ZoQ09oa0VBalVWbVI3Q2haYzZncWlrSlR2T1g2K2d1cXc5eXB6QU8rc2YwDQovUlIzdzZSYktGZkNzL21DL2JkRldKc0NBd0VBQWFPQ0FWb3dnZ0ZXTUJJR0ExVWRFd0VCL3dRSU1BWUJBZjhDDQpBUUF3RGdZRFZSMFBBUUgvQkFRREFnR0dNRFFHQ0NzR0FRVUZCd0VCQkNnd0pqQWtCZ2dyQmdFRkJRY3dBWVlZDQphSFIwY0RvdkwyOWpjM0F1WkdsbmFXTmxjblF1WTI5dE1Ic0dBMVVkSHdSME1ISXdONkExb0RPR01XaDBkSEE2DQpMeTlqY213ekxtUnBaMmxqWlhKMExtTnZiUzlFYVdkcFEyVnlkRWRzYjJKaGJGSnZiM1JEUVM1amNtd3dONkExDQpvRE9HTVdoMGRIQTZMeTlqY213MExtUnBaMmxqWlhKMExtTnZiUzlFYVdkcFEyVnlkRWRzYjJKaGJGSnZiM1JEDQpRUzVqY213d1BRWURWUjBnQkRZd05EQXlCZ1JWSFNBQU1Db3dLQVlJS3dZQkJRVUhBZ0VXSEdoMGRIQnpPaTh2DQpkM2QzTG1ScFoybGpaWEowTG1OdmJTOURVRk13SFFZRFZSME9CQllFRkErQVlSeUNNV0hWTHlqbmpVWTR0Q3poDQp4dG5pTUI4R0ExVWRJd1FZTUJhQUZBUGVVRFZXMFV5N1p2Q2o0aHNidzVleVBkRlZNQTBHQ1NxR1NJYjNEUUVCDQpDd1VBQTRJQkFRQWpQdDlMMGpGQ3BiWitRbHdhUk14cDBXaTBYVXZnQkNGc1MrSnR6TEhnbDQrbVV3bk5xaXBsDQo1VGxQSG9PbGJseVlvaVFtNXZ1aDdaUEhMZ0xHVFVxL3NFTGZlTnF6cVBsdC95R0ZVelpnVEhiTzdEamMxbEdBDQo4TVhXNWRSTkoyU3JtOGMrY2Z0SWw3Z3piY2tUQis2V29oc1lGZlpjVEVEdHM4THMvM0hCNDBmLzFMa0F0RGRDDQoyaURKNm02SzdoUUdybjJpV1ppSXFCdHZMZlR5eVJSZkpzOHNqWDd0TjhDcDFUbTVncjhaRE9vMHJ3QWhhUGl0DQpjK0xKTXRvNEpRdFYwNW9kOEdpRzdTNUJOTzk4cFZBZHZ6cjUwOEVJRE9idEhvcFlKZVM0ZDYwdGJ2VlMzYlIwDQpqNnRKTHAwN2t6UW9IM2pPbE9ySHZkUEpiUnplWERMeg0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlEcnpDQ0FwZWdBd0lCQWdJUUNEdmdWcEJDUnJHaGRXckpXWkhIU2pBTkJna3Foa2lHOXcwQkFRVUZBREJoDQpNUXN3Q1FZRFZRUUdFd0pWVXpFVk1CTUdBMVVFQ2hNTVJHbG5hVU5sY25RZ1NXNWpNUmt3RndZRFZRUUxFeEIzDQpkM2N1WkdsbmFXTmxjblF1WTI5dE1TQXdIZ1lEVlFRREV4ZEVhV2RwUTJWeWRDQkhiRzlpWVd3Z1VtOXZkQ0JEDQpRVEFlRncwd05qRXhNVEF3TURBd01EQmFGdzB6TVRFeE1UQXdNREF3TURCYU1HRXhDekFKQmdOVkJBWVRBbFZUDQpNUlV3RXdZRFZRUUtFd3hFYVdkcFEyVnlkQ0JKYm1NeEdUQVhCZ05WQkFzVEVIZDNkeTVrYVdkcFkyVnlkQzVqDQpiMjB4SURBZUJnTlZCQU1URjBScFoybERaWEowSUVkc2IySmhiQ0JTYjI5MElFTkJNSUlCSWpBTkJna3Foa2lHDQo5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBNGp2aEVYTGVxS1RUbzFlcVVLS1BDM2VReWFLbDdoTE9sbHNCDQpDU0RNQVpPblRqQzNVL2REeEdrQVY1M2lqU0xkaHdaQUFJRUp6czRiZzcvZnpUdHhSdUxXWnNjRnMzWW5Gbzk3DQpuaDZWZmU2M1NLTUkydGF2ZWd3NUJtVi9TbDBmdkJmNHE3N3VLTmQwZjNwNG1WbUZhRzVjSXpKTHYwN0E2RnB0DQo0M0MvZHhDLy9BSDJoZG1vUkJCWU1xbDFHTlhSb3I1SDRpZHE5Sm96K0VrSVlJdlVYN1E2aEwraHFrcE1mVDdQDQpUMTlzZGw2Z1N6ZVJudHdpNW0zT0ZCcU9hc3YremJNVVpCZkhXeW1lTXIveTd2clRDMExVcTdkQk10b00xTy80DQpnZFc3alZnL3RSdm9TU2lpY05veEJOMzNzaGJ5VEFwT0I2anRTajFldFgramtNT3ZKd0lEQVFBQm8yTXdZVEFPDQpCZ05WSFE4QkFmOEVCQU1DQVlZd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVUE5NVFOVmJSDQpUTHRtOEtQaUd4dkRsN0k5MFZVd0h3WURWUjBqQkJnd0ZvQVVBOTVRTlZiUlRMdG04S1BpR3h2RGw3STkwVlV3DQpEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBTXVjTjZwSUV4SUsrdDFFbkU5U3NQVGZyZ1QxZVhrSW95UVkvRXNyDQpoTUF0dWRYSC92VEJIMWpMdUcyY2VuVG5tQ21yRWJYamNLQ2h6VXlJbVpPTWtYRGlxdzhjdnBPcC8yUFY1QWRnDQowNk8vblZzSjhkV080MVAwam1QNlA2ZmJ0R2JmWW1iVzBXNUJqZkl0dGVwM1NwK2RXT0lyV2NCQUkrMHRLSUpGDQpQbmxVa2lhWTRJQklxRGZ2OE5aNVlCYmVyT2dPelc2c1JCYzRMMG5hNFVVK0tyazJVODg2VUFiM0x1akVWMGxzDQpZU0VZMVFTdGVEd3NPb0JycCt1dkZSVHAySW5CdVRoczRwRnNpdjlrdVhjbFZ6REFHeVNqNGR6cDMwZDh0YlFrDQpDQVV3N0MyOUM3OUZ2MUM1cWZQcm1BRVNyY2lJeHBnMFg0MEtQTWJwMVpXVmJkND0NCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0NCgo"
    

    This is what our CA Component looks like now:

    "component": {
    "cahost": "fft-zbc01c.4.secure.blockchain.ibm.com",
    "caport": "20260",
    "caname": "PeerOrg2CA",
    "catls": {
     "cacert": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlFbERDQ0EzeWdBd0lCQWdJUUFmMmo2MjdLZGNpSVE0dHlTOCs4a1RBTkJna3Foa2lHOXcwQkFRc0ZBREJoDQpNUXN3Q1FZRFZRUUdFd0pWVXpFVk1CTUdBMVVFQ2hNTVJHbG5hVU5sY25RZ1NXNWpNUmt3RndZRFZRUUxFeEIzDQpkM2N1WkdsbmFXTmxjblF1WTI5dE1TQXdIZ1lEVlFRREV4ZEVhV2RwUTJWeWRDQkhiRzlpWVd3Z1VtOXZkQ0JEDQpRVEFlRncweE16QXpNRGd4TWpBd01EQmFGdzB5TXpBek1EZ3hNakF3TURCYU1FMHhDekFKQmdOVkJBWVRBbFZUDQpNUlV3RXdZRFZRUUtFd3hFYVdkcFEyVnlkQ0JKYm1NeEp6QWxCZ05WQkFNVEhrUnBaMmxEWlhKMElGTklRVElnDQpVMlZqZFhKbElGTmxjblpsY2lCRFFUQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCDQpBTnl1V0pCTndjUXdGWkExVzI0OGdoWDFMRnk5NDl2L2NVUDZaQ1dBMU80WW9rM3dadEFLYzI0Um1EWVhaSzgzDQpuZjM2UVlTdng2K00vaHB6VGM4emw1Q2lsb2RUZ3l1NXBuVklMUjFXTjN2YU1USWExNnlyQnZTcVhVdTNSMGJkDQpLcFBEa0M1NWdJRHZFd1JxRkR1MW01Syt3Z2RsVHZ6YS9QOTZydHhjZmxVeERPZzVCNlRYdmkvVEMyclNzZDlmDQovbGQwVXpzMWdOMnVqa1NZczU4TzA5cmcxL1JyS2F0RXAwdFloRzJTUzRIRDJuT0xFcGRJa0FSRmRScmROekdYDQprdWpOVkEwNzVNRS9PVjR1dVBOY2ZoQ09oa0VBalVWbVI3Q2haYzZncWlrSlR2T1g2K2d1cXc5eXB6QU8rc2YwDQovUlIzdzZSYktGZkNzL21DL2JkRldKc0NBd0VBQWFPQ0FWb3dnZ0ZXTUJJR0ExVWRFd0VCL3dRSU1BWUJBZjhDDQpBUUF3RGdZRFZSMFBBUUgvQkFRREFnR0dNRFFHQ0NzR0FRVUZCd0VCQkNnd0pqQWtCZ2dyQmdFRkJRY3dBWVlZDQphSFIwY0RvdkwyOWpjM0F1WkdsbmFXTmxjblF1WTI5dE1Ic0dBMVVkSHdSME1ISXdONkExb0RPR01XaDBkSEE2DQpMeTlqY213ekxtUnBaMmxqWlhKMExtTnZiUzlFYVdkcFEyVnlkRWRzYjJKaGJGSnZiM1JEUVM1amNtd3dONkExDQpvRE9HTVdoMGRIQTZMeTlqY213MExtUnBaMmxqWlhKMExtTnZiUzlFYVdkcFEyVnlkRWRzYjJKaGJGSnZiM1JEDQpRUzVqY213d1BRWURWUjBnQkRZd05EQXlCZ1JWSFNBQU1Db3dLQVlJS3dZQkJRVUhBZ0VXSEdoMGRIQnpPaTh2DQpkM2QzTG1ScFoybGpaWEowTG1OdmJTOURVRk13SFFZRFZSME9CQllFRkErQVlSeUNNV0hWTHlqbmpVWTR0Q3poDQp4dG5pTUI4R0ExVWRJd1FZTUJhQUZBUGVVRFZXMFV5N1p2Q2o0aHNidzVleVBkRlZNQTBHQ1NxR1NJYjNEUUVCDQpDd1VBQTRJQkFRQWpQdDlMMGpGQ3BiWitRbHdhUk14cDBXaTBYVXZnQkNGc1MrSnR6TEhnbDQrbVV3bk5xaXBsDQo1VGxQSG9PbGJseVlvaVFtNXZ1aDdaUEhMZ0xHVFVxL3NFTGZlTnF6cVBsdC95R0ZVelpnVEhiTzdEamMxbEdBDQo4TVhXNWRSTkoyU3JtOGMrY2Z0SWw3Z3piY2tUQis2V29oc1lGZlpjVEVEdHM4THMvM0hCNDBmLzFMa0F0RGRDDQoyaURKNm02SzdoUUdybjJpV1ppSXFCdHZMZlR5eVJSZkpzOHNqWDd0TjhDcDFUbTVncjhaRE9vMHJ3QWhhUGl0DQpjK0xKTXRvNEpRdFYwNW9kOEdpRzdTNUJOTzk4cFZBZHZ6cjUwOEVJRE9idEhvcFlKZVM0ZDYwdGJ2VlMzYlIwDQpqNnRKTHAwN2t6UW9IM2pPbE9ySHZkUEpiUnplWERMeg0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlEcnpDQ0FwZWdBd0lCQWdJUUNEdmdWcEJDUnJHaGRXckpXWkhIU2pBTkJna3Foa2lHOXcwQkFRVUZBREJoDQpNUXN3Q1FZRFZRUUdFd0pWVXpFVk1CTUdBMVVFQ2hNTVJHbG5hVU5sY25RZ1NXNWpNUmt3RndZRFZRUUxFeEIzDQpkM2N1WkdsbmFXTmxjblF1WTI5dE1TQXdIZ1lEVlFRREV4ZEVhV2RwUTJWeWRDQkhiRzlpWVd3Z1VtOXZkQ0JEDQpRVEFlRncwd05qRXhNVEF3TURBd01EQmFGdzB6TVRFeE1UQXdNREF3TURCYU1HRXhDekFKQmdOVkJBWVRBbFZUDQpNUlV3RXdZRFZRUUtFd3hFYVdkcFEyVnlkQ0JKYm1NeEdUQVhCZ05WQkFzVEVIZDNkeTVrYVdkcFkyVnlkQzVqDQpiMjB4SURBZUJnTlZCQU1URjBScFoybERaWEowSUVkc2IySmhiQ0JTYjI5MElFTkJNSUlCSWpBTkJna3Foa2lHDQo5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBNGp2aEVYTGVxS1RUbzFlcVVLS1BDM2VReWFLbDdoTE9sbHNCDQpDU0RNQVpPblRqQzNVL2REeEdrQVY1M2lqU0xkaHdaQUFJRUp6czRiZzcvZnpUdHhSdUxXWnNjRnMzWW5Gbzk3DQpuaDZWZmU2M1NLTUkydGF2ZWd3NUJtVi9TbDBmdkJmNHE3N3VLTmQwZjNwNG1WbUZhRzVjSXpKTHYwN0E2RnB0DQo0M0MvZHhDLy9BSDJoZG1vUkJCWU1xbDFHTlhSb3I1SDRpZHE5Sm96K0VrSVlJdlVYN1E2aEwraHFrcE1mVDdQDQpUMTlzZGw2Z1N6ZVJudHdpNW0zT0ZCcU9hc3YremJNVVpCZkhXeW1lTXIveTd2clRDMExVcTdkQk10b00xTy80DQpnZFc3alZnL3RSdm9TU2lpY05veEJOMzNzaGJ5VEFwT0I2anRTajFldFgramtNT3ZKd0lEQVFBQm8yTXdZVEFPDQpCZ05WSFE4QkFmOEVCQU1DQVlZd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVUE5NVFOVmJSDQpUTHRtOEtQaUd4dkRsN0k5MFZVd0h3WURWUjBqQkJnd0ZvQVVBOTVRTlZiUlRMdG04S1BpR3h2RGw3STkwVlV3DQpEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBTXVjTjZwSUV4SUsrdDFFbkU5U3NQVGZyZ1QxZVhrSW95UVkvRXNyDQpoTUF0dWRYSC92VEJIMWpMdUcyY2VuVG5tQ21yRWJYamNLQ2h6VXlJbVpPTWtYRGlxdzhjdnBPcC8yUFY1QWRnDQowNk8vblZzSjhkV080MVAwam1QNlA2ZmJ0R2JmWW1iVzBXNUJqZkl0dGVwM1NwK2RXT0lyV2NCQUkrMHRLSUpGDQpQbmxVa2lhWTRJQklxRGZ2OE5aNVlCYmVyT2dPelc2c1JCYzRMMG5hNFVVK0tyazJVODg2VUFiM0x1akVWMGxzDQpZU0VZMVFTdGVEd3NPb0JycCt1dkZSVHAySW5CdVRoczRwRnNpdjlrdVhjbFZ6REFHeVNqNGR6cDMwZDh0YlFrDQpDQVV3N0MyOUM3OUZ2MUM1cWZQcm1BRVNyY2lJeHBnMFg0MEtQTWJwMVpXVmJkND0NCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0NCgo="
    

    Deploying your Peer - CA Component Note: I am here.

  2. Register your Peer: Registering your Peer - CA Component

  3. For our configuration file, we can fill out a little more:

    enrollid: yourpeer
    enrollsecret: yourpeerpw
    

    Here is what this looks like within our configuration file:

    "enrollid": "yourpeer",
    "enrollsecret": "yourpeerpw",
    

    Note: I am here.

  4. Register your Admin Peer. Registering your Admin Peer

  5. We need to create a couple more directories and make an export:

    Austins-MacBook-Pro:fabric-ca-client Austin$ mkdir peer-admin
    Austins-MacBook-Pro:fabric-ca-client Austin$ mkdir tls-ibp
    Austins-MacBook-Pro:fabric-ca-client Austin$ export FABRIC_CA_CLIENT_HOME=$HOME/fabric-ca-client/peer-admin
    
  6. Now, download your root cert for either your Starter or Enterprise Plan and copy it into your tls-ibp directory: Austins-MacBook-Pro:Downloads Austin$ cp 3.secure.blockchain.ibm.com.rootcert $HOME/fabric-ca-client/tls-ibp/tls.pem

  7. We need to generate certificates for our Peer Admin that we just registered. We will do so with the following command:

    Austins-MacBook-Pro:fabric-ca-client Austin$ fabric-ca-client enroll -u https://<admin peer name>:<admin peer secret>@<CA URL with Port> --caname <CA Name in Connection Profile> --tls.certfiles <path to tls-ibp/tls.pem>
    Austins-MacBook-Pro:fabric-ca-client Austin$ fabric-ca-client enroll -u https://youradminpeer:youradminpeerpw@fft-zbc01c.4.secure.blockchain.ibm.com:20260 --caname PeerOrg2CA --tls.certfiles $HOME/fabric-ca-client/tls-ibp/tls.pem
    2018/12/03 21:30:38 [INFO] Created a default configuration file at /Users/Austin/fabric-ca-client/peer-admin/fabric-ca-client-config.yaml
    2018/12/03 21:30:38 [INFO] TLS Enabled
    2018/12/03 21:30:38 [INFO] generating key: &{A:ecdsa S:256}
    2018/12/03 21:30:38 [INFO] encoded CSR
    2018/12/03 21:30:43 [INFO] Stored client certificate at /Users/Austin/fabric-ca-client/peer-admin/msp/signcerts/cert.pem
    2018/12/03 21:30:43 [INFO] Stored root CA certificate at /Users/Austin/fabric-ca-client/peer-admin/msp/cacerts/fft-zbc01c-4-secure-blockchain-ibm-com-20260-PeerOrg2CA.pem
    2018/12/03 21:30:43 [INFO] Stored intermediate CA certificates at /Users/Austin/fabric-ca-client/peer-admin/msp/intermediatecerts/fft-zbc01c-4-secure-blockchain-ibm-com-20260-PeerOrg2CA.pem
    

    Here is what our tree should look like now:

    Austins-MacBook-Pro:fabric-ca-client Austin$ tree
    .
    ├── ca-admin
    │   ├── fabric-ca-client-config.yaml
    │   └── msp
    │       ├── cacerts
    │       │   └── 9-12-19-115-30969-SampleOrgCA.pem
    │       ├── keystore
    │       │   └── c89f8083a93fed8fb03687bbbccd76f069443faccba9d1a3656adbf6e944142c_sk
    │       ├── signcerts
    │       │   └── cert.pem
    │       └── user
    ├── catls
    │     └── tls.pem
    ├── peer-admin
    │   ├── fabric-ca-client-config.yaml
    │   └── msp
    │       ├── cacerts
    │       │   └── fft-zbc01c-4-secure-blockchain-ibm-com-20260-PeerOrg2CA.pem
    │       ├── intermediatecerts
    │       │   └── fft-zbc01c-4-secure-blockchain-ibm-com-20260-PeerOrg2CA.pem
    │       ├── keystore
    │       │   └── dcf99af71d0bc61f8882b093ea3efbf35e34bafe056a555f37fd5f1c3177421f_sk
    │       ├── signcerts
    │       │   └── cert.pem
    │       └── user
    └── tls-ibp
       └── tls.pem
    

    Peer Admin Tree

  8. We now need to discover open our peer-admin’s cert so that we can continue to fill our configuration: Austins-MacBook-Pro:fabric-ca-client Austin$ cat $HOME/fabric-ca-client/peer-admin/msp/signcerts/cert.pem | base64 $FLAG Take that certificate and then place it in the admincert portion of our configuration file:

    "enrollid": "yourpeer",
    "enrollsecret": "yourpeerpw",
    "admincerts":   ["LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5ekNDQW5LZ0F3SUJBZ0lVQkJXU3RQSDZNVUsxMnVQMSt4WWJ6ZXJtanJvd0NnWUlLb1pJemowRUF3SXcKUlRFb01Ba0dBMVVFQ3hNQ1kyRXdDZ1lEVlFRTEV3TnBZbkF3RHdZRFZRUUxFd2hRWldWeVQzSm5NakVaTUJjRwpBMVVFQXhNUVlXUnRhVzVRWldWeVQzSm5Na05CTWpBZUZ3MHhPREV4TWpneE16QTBNREJhRncweE9URXhNamd4Ck16QTVNREJhTUlHSU1Rc3dDUVlEVlFRR0V3SlZVekVYTUJVR0ExVUVDQk1PVG05eWRHZ2dRMkZ5YjJ4cGJtRXgKRkRBU0JnTlZCQW9UQzBoNWNHVnliR1ZrWjJWeU1Tb3dDd1lEVlFRTEV3UndaV1Z5TUFvR0ExVUVDeE1EYVdKdwpNQThHQTFVRUN4TUlVR1ZsY2s5eVp6SXhIakFjQmdOVkJBTVRGV0YxYzNScGJqRXdNQzFoWkcxcGJuQmxaWEl4Ck16QlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VIQTBJQUJJSy9HeEMyaU9Pd3NTZHZ1bG9Sa0N2M28vcmEKTDZCbytyTTR5OXdlaWFXRmRRWUVYYnBtbjh6MzBQNXVTVFhCaXVWQi9mS05jUDZjOEdwYWJyUmtYckNqZ2ZzdwpnZmd3RGdZRFZSMFBBUUgvQkFRREFnZUFNQXdHQTFVZEV3RUIvd1FDTUFBd0hRWURWUjBPQkJZRUZEeFZQcFJYCit3aEZJRUtFVlltelcxOW5iZ1JHTUI4R0ExVWRJd1FZTUJhQUZISHZKZXNvQmVvcEMxWU04a0MzNENTSkxNbksKTUNRR0ExVWRFUVFkTUJ1Q0dVRjFjM1JwYm5NdFRXRmpRbTl2YXkxUWNtOHViRzlqWVd3d2NnWUlLZ01FQlFZSApDQUVFWm5zaVlYUjBjbk1pT25zaWFHWXVRV1ptYVd4cFlYUnBiMjRpT2lKcFluQXVVR1ZsY2s5eVp6SWlMQ0pvClppNUZibkp2Ykd4dFpXNTBTVVFpT2lKaGRYTjBhVzR4TURBdFlXUnRhVzV3WldWeU1UTWlMQ0pvWmk1VWVYQmwKSWpvaWNHVmxjaUo5ZlRBS0JnZ3Foa2pPUFFRREFnTkhBREJFQWlBNFNpM3Z5Qk9lMmpyVVhQb3BWWWtYdVRneAo0Q1BDbk41Z2VFd1I4UUx5RlFJZ0lGU08xRFpjd1BTN1IyYlE4dFEvWEdrdWR5RWtWWXVqaEV1T3hyc0g4eTg9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"]
    

    Admincert

    Note: I am here.

    We can continue to fill out our configuration file with some more information. This information all falls under the tls section:

    cahost": 9.12.19.115 # Your CA URL without its port
    caport": 31216 # Your CA port
    caname": tlsca # Your CA name from your CA deployment
    

    We can also get our certificate: Austins-MacBook-Pro:fabric-ca-client Austin$ cat $HOME/fabric-ca-client/catls/tls.pem | base64 $FLAG Get your certificate You can take that output and place it in the configuration file:

    "tls": {
    "cahost": "9.12.19.115",
    "caport": "30969",
    "caname": "tlsca",
    "catls": {
     "cacert": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNGakNDQWIyZ0F3SUJBZ0lVR0xkeFc5eUxiK08rVW1IRmtRN0tkSE5MR3drd0NnWUlLb1pJemowRUF3SXcKYURFTE1Ba0dBMVVFQmhNQ1ZWTXhGekFWQmdOVkJBZ1REazV2Y25Sb0lFTmhjbTlzYVc1aE1SUXdFZ1lEVlFRSwpFd3RJZVhCbGNteGxaR2RsY2pFUE1BMEdBMVVFQ3hNR1JtRmljbWxqTVJrd0Z3WURWUVFERXhCbVlXSnlhV010ClkyRXRjMlZ5ZG1WeU1CNFhEVEU0TVRFeU9EQXdOREV3TUZvWERUTXpNVEV5TkRBd05ERXdNRm93YURFTE1Ba0cKQTFVRUJoTUNWVk14RnpBVkJnTlZCQWdURGs1dmNuUm9JRU5oY205c2FXNWhNUlF3RWdZRFZRUUtFd3RJZVhCbApjbXhsWkdkbGNqRVBNQTBHQTFVRUN4TUdSbUZpY21sak1Sa3dGd1lEVlFRREV4Qm1ZV0p5YVdNdFkyRXRjMlZ5CmRtVnlNRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUVVWlhJNTNkV1k4ZVFqUjFMWVFXVjZWNmEKaHBIa1pWT0xOUUdiNFdzRlJ0VCtFZnk0WjNtNWs2VHpJOWptYjFNWWdxK0pYUkZnSE1sbEs1UEpjMkRCUTZORgpNRU13RGdZRFZSMFBBUUgvQkFRREFnRUdNQklHQTFVZEV3RUIvd1FJTUFZQkFmOENBUUV3SFFZRFZSME9CQllFCkZLUDh6NVZyZXVVV29JY2IxR2ZBMzR6N1B5N1pNQW9HQ0NxR1NNNDlCQU1DQTBjQU1FUUNJSFlBby9nVExCM3kKQmVTOS9qa296amRSVTFUa1pkekJYLzdMTWdjUWpkcktBaUJTUDByUGFza3E1ZXpqeTB4WW5wVWlQbmJER2VWdwplSnlKd2V0aWxQV2tMUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
    

    Note: I am here.

  9. We are going to make a new directory and an export:

    Austins-MacBook-Pro:fabric-ca-client Austin$ cd $HOME/fabric-ca-client
    Austins-MacBook-Pro:fabric-ca-client Austin$ mkdir tlsca-admin
    Austins-MacBook-Pro:fabric-ca-client Austin$ export FABRIC_CA_CLIENT_HOME=$HOME/fabric-ca-client/tlsca-admin
    
  10. Now we can generate the certificates of our TLS CA Admin:

    Austins-MacBook-Pro:fabric-ca-client Austin$ fabric-ca-client enroll -u https://<Username for CA secret>:<Password for CA secret@<Your CA Deployment with URL> --caname <Your Deployed CA Name> --tls.certfiles >Path to catls/tls.pem file>
    Austins-MacBook-Pro:fabric-ca-client Austin$ fabric-ca-client enroll -u https://admin:adminpw@9.12.19.115:31216 --caname tlsca --tls.certfiles $HOME/fabric-ca-client/catls/tls.pem
    2018/12/03 21:35:40 [INFO] Created a default configuration file at /Users/Austin/fabric-ca-client/tlsca-admin/fabric-ca-client-config.yaml
    2018/12/03 21:35:40 [INFO] TLS Enabled
    2018/12/03 21:35:40 [INFO] generating key: &{A:ecdsa S:256}
    2018/12/03 21:35:40 [INFO] encoded CSR
    2018/12/03 21:35:49 [INFO] Stored client certificate at /Users/Austin/fabric-ca-client/tlsca-admin/msp/signcerts/cert.pem
    2018/12/03 21:35:49 [INFO] Stored root CA certificate at /Users/Austin/fabric-ca-client/tlsca-admin/msp/cacerts/9-12-19-115-31216-tlsca.pem
    
    Austins-MacBook-Pro:fabric-ca-client Austin$ tree
    .
    ├── ca-admin
    │   ├── fabric-ca-client-config.yaml
    │   └── msp
    │       ├── cacerts
    │       │   └── 9-12-19-115-31216-SampleOrgCA.pem
    │       ├── keystore
    │       │   └── a72fbe74891ef2b35a6140aa99b2fa7548e67d172b6f23f85e2a22794d3f84cf_sk
    │       ├── signcerts
    │       │   └── cert.pem
    │       └── user
    ├── catls
    │   └── tls.pem
    ├── peer-admin
    │   ├── fabric-ca-client-config.yaml
    │   └── msp
    │       ├── cacerts
    │       │   └── fft-zbc01c-4-secure-blockchain-ibm-com-20260-PeerOrg2CA.pem
    │       ├── intermediatecerts
    │       │   └── fft-zbc01c-4-secure-blockchain-ibm-com-20260-PeerOrg2CA.pem
    │       ├── keystore
    │       │   └── 58f4439e500abafec4e9cd9f88e511890f75b0d86dc9660fff70ebc90db643e4_sk
    │       ├── signcerts
    │       │   └── cert.pem
    │       └── user
    ├── tls-ibp
    │   └── tls.pem
    └── tlsca-admin
      ├── fabric-ca-client-config.yaml
      └── msp
          ├── cacerts
          │   └── 9-12-19-115-31216-tlsca.pem
          ├── keystore
          │   └── 1e5d117b437454621bb42dcca0fd14726faa5cbd222373404fc83bd7ef3fbca1_sk
          ├── signcerts
          │   └── cert.pem
          └── user
    

    Generate certificates of TLS CA Admin

  11. Now, we can determine what our affiliation is:

    Austins-MacBook-Pro:fabric-ca-client Austin$ fabric-ca-client affiliation list --caname <CA caname> --tls.certfiles <Path to /catls/tls.pem file>
    
    Austins-MacBook-Pro:fabric-ca-client Austin$ fabric-ca-client affiliation list --caname tlsca --tls.certfiles $HOME/fabric-ca-client/catls/tls.pem
    affiliation: .
    affiliation: org2
      affiliation: org2.department1
    affiliation: org1
      affiliation: org1.department1
      affiliation: org1.department2
    
  12. Now we need to register our peer:

    Austins-MacBook-Pro:fabric-ca-client Austin$ fabric-ca-client register --caname <Your CA Deployed CA name> --id.affiliation <Your affiliation> --id.name <Peer name> --id.secret <Peer secret> --id.type peer --tls.certfiles <Path to /catls/tls.pem file>
    
    Austins-MacBook-Pro:fabric-ca-client Austin$ fabric-ca-client register --caname tlsca --id.affiliation org1.department1 --id.name yourtlspeer --id.secret yourtlspeerpw --id.type peer --tls.certfiles /Users/Austin/fabric-ca-client/catls/tls.pem
    2018/12/03 21:38:33 [INFO] Configuration file location: /Users/Austin/fabric-ca-client/tlsca-admin/fabric-ca-client-config.yaml
    2018/12/03 21:38:33 [INFO] TLS Enabled
    2018/12/03 21:38:33 [INFO] TLS Enabled
    Password: yourtlspeerpw
    

    Fill our  more information for configuration file We can now fill out more information for our configuration file:

    "enrollid": "yourtlspeer",
    "enrollsecret": "yourtlspeerpw"
    
  13. For the CSR section of the configuration file, we need to add our proxy node IP address and then what we are going to call our peer helm chart:

    "csr": {
    "hosts": [
    "9.12.19.115",
    "yourpeer"
    ]
    }
    

    Note: I am here.

    We filled our entire configuration fill. Here is an example of a filled out configuration file that I’m calling secret.json:

    {
    "enrollment": {
    "component": {
      "cahost": "fft-zbc01c.4.secure.blockchain.ibm.com",
      "caport": "20260",
      "caname": "PeerOrg2CA",
      "catls": {
        "cacert": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlFbERDQ0EzeWdBd0lCQWdJUUFmMmo2MjdLZGNpSVE0dHlTOCs4a1RBTkJna3Foa2lHOXcwQkFRc0ZBREJoDQpNUXN3Q1FZRFZRUUdFd0pWVXpFVk1CTUdBMVVFQ2hNTVJHbG5hVU5sY25RZ1NXNWpNUmt3RndZRFZRUUxFeEIzDQpkM2N1WkdsbmFXTmxjblF1WTI5dE1TQXdIZ1lEVlFRREV4ZEVhV2RwUTJWeWRDQkhiRzlpWVd3Z1VtOXZkQ0JEDQpRVEFlRncweE16QXpNRGd4TWpBd01EQmFGdzB5TXpBek1EZ3hNakF3TURCYU1FMHhDekFKQmdOVkJBWVRBbFZUDQpNUlV3RXdZRFZRUUtFd3hFYVdkcFEyVnlkQ0JKYm1NeEp6QWxCZ05WQkFNVEhrUnBaMmxEWlhKMElGTklRVElnDQpVMlZqZFhKbElGTmxjblpsY2lCRFFUQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCDQpBTnl1V0pCTndjUXdGWkExVzI0OGdoWDFMRnk5NDl2L2NVUDZaQ1dBMU80WW9rM3dadEFLYzI0Um1EWVhaSzgzDQpuZjM2UVlTdng2K00vaHB6VGM4emw1Q2lsb2RUZ3l1NXBuVklMUjFXTjN2YU1USWExNnlyQnZTcVhVdTNSMGJkDQpLcFBEa0M1NWdJRHZFd1JxRkR1MW01Syt3Z2RsVHZ6YS9QOTZydHhjZmxVeERPZzVCNlRYdmkvVEMyclNzZDlmDQovbGQwVXpzMWdOMnVqa1NZczU4TzA5cmcxL1JyS2F0RXAwdFloRzJTUzRIRDJuT0xFcGRJa0FSRmRScmROekdYDQprdWpOVkEwNzVNRS9PVjR1dVBOY2ZoQ09oa0VBalVWbVI3Q2haYzZncWlrSlR2T1g2K2d1cXc5eXB6QU8rc2YwDQovUlIzdzZSYktGZkNzL21DL2JkRldKc0NBd0VBQWFPQ0FWb3dnZ0ZXTUJJR0ExVWRFd0VCL3dRSU1BWUJBZjhDDQpBUUF3RGdZRFZSMFBBUUgvQkFRREFnR0dNRFFHQ0NzR0FRVUZCd0VCQkNnd0pqQWtCZ2dyQmdFRkJRY3dBWVlZDQphSFIwY0RvdkwyOWpjM0F1WkdsbmFXTmxjblF1WTI5dE1Ic0dBMVVkSHdSME1ISXdONkExb0RPR01XaDBkSEE2DQpMeTlqY213ekxtUnBaMmxqWlhKMExtTnZiUzlFYVdkcFEyVnlkRWRzYjJKaGJGSnZiM1JEUVM1amNtd3dONkExDQpvRE9HTVdoMGRIQTZMeTlqY213MExtUnBaMmxqWlhKMExtTnZiUzlFYVdkcFEyVnlkRWRzYjJKaGJGSnZiM1JEDQpRUzVqY213d1BRWURWUjBnQkRZd05EQXlCZ1JWSFNBQU1Db3dLQVlJS3dZQkJRVUhBZ0VXSEdoMGRIQnpPaTh2DQpkM2QzTG1ScFoybGpaWEowTG1OdmJTOURVRk13SFFZRFZSME9CQllFRkErQVlSeUNNV0hWTHlqbmpVWTR0Q3poDQp4dG5pTUI4R0ExVWRJd1FZTUJhQUZBUGVVRFZXMFV5N1p2Q2o0aHNidzVleVBkRlZNQTBHQ1NxR1NJYjNEUUVCDQpDd1VBQTRJQkFRQWpQdDlMMGpGQ3BiWitRbHdhUk14cDBXaTBYVXZnQkNGc1MrSnR6TEhnbDQrbVV3bk5xaXBsDQo1VGxQSG9PbGJseVlvaVFtNXZ1aDdaUEhMZ0xHVFVxL3NFTGZlTnF6cVBsdC95R0ZVelpnVEhiTzdEamMxbEdBDQo4TVhXNWRSTkoyU3JtOGMrY2Z0SWw3Z3piY2tUQis2V29oc1lGZlpjVEVEdHM4THMvM0hCNDBmLzFMa0F0RGRDDQoyaURKNm02SzdoUUdybjJpV1ppSXFCdHZMZlR5eVJSZkpzOHNqWDd0TjhDcDFUbTVncjhaRE9vMHJ3QWhhUGl0DQpjK0xKTXRvNEpRdFYwNW9kOEdpRzdTNUJOTzk4cFZBZHZ6cjUwOEVJRE9idEhvcFlKZVM0ZDYwdGJ2VlMzYlIwDQpqNnRKTHAwN2t6UW9IM2pPbE9ySHZkUEpiUnplWERMeg0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlEcnpDQ0FwZWdBd0lCQWdJUUNEdmdWcEJDUnJHaGRXckpXWkhIU2pBTkJna3Foa2lHOXcwQkFRVUZBREJoDQpNUXN3Q1FZRFZRUUdFd0pWVXpFVk1CTUdBMVVFQ2hNTVJHbG5hVU5sY25RZ1NXNWpNUmt3RndZRFZRUUxFeEIzDQpkM2N1WkdsbmFXTmxjblF1WTI5dE1TQXdIZ1lEVlFRREV4ZEVhV2RwUTJWeWRDQkhiRzlpWVd3Z1VtOXZkQ0JEDQpRVEFlRncwd05qRXhNVEF3TURBd01EQmFGdzB6TVRFeE1UQXdNREF3TURCYU1HRXhDekFKQmdOVkJBWVRBbFZUDQpNUlV3RXdZRFZRUUtFd3hFYVdkcFEyVnlkQ0JKYm1NeEdUQVhCZ05WQkFzVEVIZDNkeTVrYVdkcFkyVnlkQzVqDQpiMjB4SURBZUJnTlZCQU1URjBScFoybERaWEowSUVkc2IySmhiQ0JTYjI5MElFTkJNSUlCSWpBTkJna3Foa2lHDQo5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBNGp2aEVYTGVxS1RUbzFlcVVLS1BDM2VReWFLbDdoTE9sbHNCDQpDU0RNQVpPblRqQzNVL2REeEdrQVY1M2lqU0xkaHdaQUFJRUp6czRiZzcvZnpUdHhSdUxXWnNjRnMzWW5Gbzk3DQpuaDZWZmU2M1NLTUkydGF2ZWd3NUJtVi9TbDBmdkJmNHE3N3VLTmQwZjNwNG1WbUZhRzVjSXpKTHYwN0E2RnB0DQo0M0MvZHhDLy9BSDJoZG1vUkJCWU1xbDFHTlhSb3I1SDRpZHE5Sm96K0VrSVlJdlVYN1E2aEwraHFrcE1mVDdQDQpUMTlzZGw2Z1N6ZVJudHdpNW0zT0ZCcU9hc3YremJNVVpCZkhXeW1lTXIveTd2clRDMExVcTdkQk10b00xTy80DQpnZFc3alZnL3RSdm9TU2lpY05veEJOMzNzaGJ5VEFwT0I2anRTajFldFgramtNT3ZKd0lEQVFBQm8yTXdZVEFPDQpCZ05WSFE4QkFmOEVCQU1DQVlZd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVUE5NVFOVmJSDQpUTHRtOEtQaUd4dkRsN0k5MFZVd0h3WURWUjBqQkJnd0ZvQVVBOTVRTlZiUlRMdG04S1BpR3h2RGw3STkwVlV3DQpEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBTXVjTjZwSUV4SUsrdDFFbkU5U3NQVGZyZ1QxZVhrSW95UVkvRXNyDQpoTUF0dWRYSC92VEJIMWpMdUcyY2VuVG5tQ21yRWJYamNLQ2h6VXlJbVpPTWtYRGlxdzhjdnBPcC8yUFY1QWRnDQowNk8vblZzSjhkV080MVAwam1QNlA2ZmJ0R2JmWW1iVzBXNUJqZkl0dGVwM1NwK2RXT0lyV2NCQUkrMHRLSUpGDQpQbmxVa2lhWTRJQklxRGZ2OE5aNVlCYmVyT2dPelc2c1JCYzRMMG5hNFVVK0tyazJVODg2VUFiM0x1akVWMGxzDQpZU0VZMVFTdGVEd3NPb0JycCt1dkZSVHAySW5CdVRoczRwRnNpdjlrdVhjbFZ6REFHeVNqNGR6cDMwZDh0YlFrDQpDQVV3N0MyOUM3OUZ2MUM1cWZQcm1BRVNyY2lJeHBnMFg0MEtQTWJwMVpXVmJkND0NCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0NCgo="
      },
      "enrollid": "yourpeer",
      "enrollsecret": "yourpeerpw",
      "admincerts": ["LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5ekNDQW5LZ0F3SUJBZ0lVQkJXU3RQSDZNVUsxMnVQMSt4WWJ6ZXJtanJvd0NnWUlLb1pJemowRUF3SXcKUlRFb01Ba0dBMVVFQ3hNQ1kyRXdDZ1lEVlFRTEV3TnBZbkF3RHdZRFZRUUxFd2hRWldWeVQzSm5NakVaTUJjRwpBMVVFQXhNUVlXUnRhVzVRWldWeVQzSm5Na05CTWpBZUZ3MHhPREV4TWpneE16QTBNREJhRncweE9URXhNamd4Ck16QTVNREJhTUlHSU1Rc3dDUVlEVlFRR0V3SlZVekVYTUJVR0ExVUVDQk1PVG05eWRHZ2dRMkZ5YjJ4cGJtRXgKRkRBU0JnTlZCQW9UQzBoNWNHVnliR1ZrWjJWeU1Tb3dDd1lEVlFRTEV3UndaV1Z5TUFvR0ExVUVDeE1EYVdKdwpNQThHQTFVRUN4TUlVR1ZsY2s5eVp6SXhIakFjQmdOVkJBTVRGV0YxYzNScGJqRXdNQzFoWkcxcGJuQmxaWEl4Ck16QlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VIQTBJQUJJSy9HeEMyaU9Pd3NTZHZ1bG9Sa0N2M28vcmEKTDZCbytyTTR5OXdlaWFXRmRRWUVYYnBtbjh6MzBQNXVTVFhCaXVWQi9mS05jUDZjOEdwYWJyUmtYckNqZ2ZzdwpnZmd3RGdZRFZSMFBBUUgvQkFRREFnZUFNQXdHQTFVZEV3RUIvd1FDTUFBd0hRWURWUjBPQkJZRUZEeFZQcFJYCit3aEZJRUtFVlltelcxOW5iZ1JHTUI4R0ExVWRJd1FZTUJhQUZISHZKZXNvQmVvcEMxWU04a0MzNENTSkxNbksKTUNRR0ExVWRFUVFkTUJ1Q0dVRjFjM1JwYm5NdFRXRmpRbTl2YXkxUWNtOHViRzlqWVd3d2NnWUlLZ01FQlFZSApDQUVFWm5zaVlYUjBjbk1pT25zaWFHWXVRV1ptYVd4cFlYUnBiMjRpT2lKcFluQXVVR1ZsY2s5eVp6SWlMQ0pvClppNUZibkp2Ykd4dFpXNTBTVVFpT2lKaGRYTjBhVzR4TURBdFlXUnRhVzV3WldWeU1UTWlMQ0pvWmk1VWVYQmwKSWpvaWNHVmxjaUo5ZlRBS0JnZ3Foa2pPUFFRREFnTkhBREJFQWlBNFNpM3Z5Qk9lMmpyVVhQb3BWWWtYdVRneAo0Q1BDbk41Z2VFd1I4UUx5RlFJZ0lGU08xRFpjd1BTN1IyYlE4dFEvWEdrdWR5RWtWWXVqaEV1T3hyc0g4eTg9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"]
      },
      "tls": {
        "cahost": "9.12.19.115",
        "caport": "30969",
        "caname": "tlsca",
        "catls": {
          "cacert": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNGakNDQWIyZ0F3SUJBZ0lVR0xkeFc5eUxiK08rVW1IRmtRN0tkSE5MR3drd0NnWUlLb1pJemowRUF3SXcKYURFTE1Ba0dBMVVFQmhNQ1ZWTXhGekFWQmdOVkJBZ1REazV2Y25Sb0lFTmhjbTlzYVc1aE1SUXdFZ1lEVlFRSwpFd3RJZVhCbGNteGxaR2RsY2pFUE1BMEdBMVVFQ3hNR1JtRmljbWxqTVJrd0Z3WURWUVFERXhCbVlXSnlhV010ClkyRXRjMlZ5ZG1WeU1CNFhEVEU0TVRFeU9EQXdOREV3TUZvWERUTXpNVEV5TkRBd05ERXdNRm93YURFTE1Ba0cKQTFVRUJoTUNWVk14RnpBVkJnTlZCQWdURGs1dmNuUm9JRU5oY205c2FXNWhNUlF3RWdZRFZRUUtFd3RJZVhCbApjbXhsWkdkbGNqRVBNQTBHQTFVRUN4TUdSbUZpY21sak1Sa3dGd1lEVlFRREV4Qm1ZV0p5YVdNdFkyRXRjMlZ5CmRtVnlNRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUVVWlhJNTNkV1k4ZVFqUjFMWVFXVjZWNmEKaHBIa1pWT0xOUUdiNFdzRlJ0VCtFZnk0WjNtNWs2VHpJOWptYjFNWWdxK0pYUkZnSE1sbEs1UEpjMkRCUTZORgpNRU13RGdZRFZSMFBBUUgvQkFRREFnRUdNQklHQTFVZEV3RUIvd1FJTUFZQkFmOENBUUV3SFFZRFZSME9CQllFCkZLUDh6NVZyZXVVV29JY2IxR2ZBMzR6N1B5N1pNQW9HQ0NxR1NNNDlCQU1DQTBjQU1FUUNJSFlBby9nVExCM3kKQmVTOS9qa296amRSVTFUa1pkekJYLzdMTWdjUWpkcktBaUJTUDByUGFza3E1ZXpqeTB4WW5wVWlQbmJER2VWdwplSnlKd2V0aWxQV2tMUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
       },
       "enrollid": "yourtlspeer",
       "enrollsecret": "yourtlspeerpw",
       "csr": {
        "hosts": [
        "9.12.19.115",
        "yourpeer"
        ]
      }
    }
    }
    }
    

    You can now make your configuration file (secret.json). Here is a tree command to ensure that you have everything you will need:

    Austins-MacBook-Pro:fabric-ca-client Austin$ tree
    .
    ├── ca-admin
    │   ├── fabric-ca-client-config.yaml
    │   └── msp
    │       ├── cacerts
    │       │   └── 9-12-19-115-30969-SampleOrgCA.pem
    │       ├── keystore
    │       │   └── c89f8083a93fed8fb03687bbbccd76f069443faccba9d1a3656adbf6e944142c_sk
    │       ├── signcerts
    │       │   └── cert.pem
    │       └── user
    ├── catls
    │   └── tls.pem
    ├── peer-admin
    │   ├── fabric-ca-client-config.yaml
    │   └── msp
    │       ├── cacerts
    │       │   └── fft-zbc01c-4-secure-blockchain-ibm-com-20260-PeerOrg2CA.pem
    │       ├── intermediatecerts
    │       │   └── fft-zbc01c-4-secure-blockchain-ibm-com-20260-PeerOrg2CA.pem
    │       ├── keystore
    │       │   └── dcf99af71d0bc61f8882b093ea3efbf35e34bafe056a555f37fd5f1c3177421f_sk
    │       ├── signcerts
    │       │   └── cert.pem
    │       └── user
    ├── secret.json
    ├── tls-ibp
    │   └── tls.pem
    └── tlsca-admin
    ├── fabric-ca-client-config.yaml
    └── msp
        ├── cacerts
        │   └── 9-12-19-115-30969-tlsca.pem
        ├── keystore
        │   └── 29c3416c79de6727b87a34029277879d05dab75a8845db4432b17230baafa3f8_sk
        ├── signcerts
        │   └── cert.pem
        └── user
    
  14. We need to take our secret.json file and encode it into base64 format in order to put it in IBM Cloud Private:
    Austins-MacBook-Pro:fabric-ca-client Austin$ cat secret.json | base64 $FLAG

    Optional
    While we are here, let’s actually encode our CouchDB information that we will use later:
    Austins-MacBook-Pro:fabric-ca-client Austin$ echo -n 'admin' | base64 $FLAG

    Encode CouchDB info Let’s go into ICP and create our Peer’s secret. Also, we will create the secret information that’s required to enable CouchDB as your state database. Finish by actually deploying peer Confirm your Peer To confirm your Peer is working, you can confirm by checking the logs of the init container:

    Austins-MacBook-Pro:fabric-ca-client Austin$ kubectl logs <Your Peer's Pod> -c init | grep EXIT
    Austins-MacBook-Pro:fabric-ca-client Austin$ kubectl logs yourpeer-74b89b485f-bmfs9 -c init | grep EXIT
    EXIT WITH RC=0 #
    

Operate your Peer

This is the document that I’m following: https://ibm.co/2KL3YJZ
I am here: https://ibm.co/2PilGVW

Your Peer’s URL is simply the proxy node’s IP address.

  1. For your Peer’s port, we can do the next command:

    Austins-MacBook-Pro:fabric-ca-client Austin$ kubectl get service <Your Peer Helm Release>
    
    Austins-MacBook-Pro:fabric-ca-client Austin$ kubectl get service yourpeer
    NAME       TYPE       CLUSTER-IP     EXTERNAL-IP   PORT(S)                                        AGE
    yourpeer   NodePort   192.168.1.11   <none>        7051:31444/TCP,7052:31532/TCP,7053:32476/TCP   2m
    

    Peer port

    Note: I am here.

  2. We’ll do step 3 from the Peer’s Helm Release:

    Austins-MacBook-Pro:fabric-ca-client Austin$ cd peer-tls
    Austins-MacBook-Pro:peer-tls Austin$ export POD_NAME=$(kubectl get pods --namespace bcaas-usa -l "release=yourpeer" -o jsonpath="{.items[0].metadata.name}")
    Austins-MacBook-Pro:peer-tls Austin$ kubectl exec $POD_NAME -- cat  /certs/tls/signcerts/cert.pem > peer-tls.pem
    
  3. We will now grab the certificate that we will feed into IBM Blockchain Platform:

    Austins-MacBook-Pro:fabric-ca-client Austin$ cd $HOME/fabric-ca-client/peer-admin/msp
    Austins-MacBook-Pro:msp Austin$ mkdir admincerts
    Austins-MacBook-Pro:msp Austin$ cp signcerts/cert.pem admincerts/cert.pem
    Austins-MacBook-Pro:msp Austin$ cat admincerts/cert.pem
    

    Take the cert.pem file and go into the IBM Blockchain platform. Once in the platform, navigate to the Members section on the left. Then, select Certificates and add your certificate. It will prompt you to restart all the peers, which you want to do. Once the peers restart, navigate to the channels. Once you are there, click on the three dots under Actions with the channel that the peer will join. There will be a small pop-up, where you will want to Sync certificates.

    Add your certificate

    Note: I am here.

  4. We will do a series of exports that will be to correctly map our peer to the IBM Blockchain Platform:

    Austins-MacBook-Pro:fabric-ca-client Austin$ export CHANNEL=<Your Channel Name in the IBM Blockchain Platform>
    Austins-MacBook-Pro:fabric-ca-client Austin$ export CC_NAME=<Your Chaincode Name>
    Austins-MacBook-Pro:fabric-ca-client Austin$ export CORE_PEER_ADDRESS=<Your Peer's Address with its Port>
    Austins-MacBook-Pro:fabric-ca-client Austin$ export ORDERER_1=<Your Orderer's URL with Port>
    Austins-MacBook-Pro:fabric-ca-client Austin$ export CORE_PEER_MSPCONFIGPATH=<Path to your peer-admin/msp>
    Austins-MacBook-Pro:fabric-ca-client Austin$ export CORE_PEER_TLS_ROOTCERT_FILE=<Path to you peer-tls/peer-tls.pem>
    Austins-MacBook-Pro:fabric-ca-client Austin$ export CORE_PEER_LOCALMSPID=<Your OrgID in the IBM Blockchain Platform>
    Austins-MacBook-Pro:fabric-ca-client Austin$ export CORE_PEER_TLS_ENABLED=true
    

    For example, this is my series of exports:

    Austins-MacBook-Pro:fabric-ca-client Austin$ export CHANNEL=onpremchannel
    Austins-MacBook-Pro:fabric-ca-client Austin$ export CC_NAME=fabcar0
    Austins-MacBook-Pro:fabric-ca-client Austin$ export CORE_PEER_ADDRESS=9.12.19.115:31444
    Austins-MacBook-Pro:fabric-ca-client Austin$ export ORDERER_1=fft-zbc01b.4.secure.blockchain.ibm.com:20257
    Austins-MacBook-Pro:fabric-ca-client Austin$ export CORE_PEER_MSPCONFIGPATH=$HOME/fabric-ca-client/peer-admin/msp/
    Austins-MacBook-Pro:fabric-ca-client Austin$ export CORE_PEER_TLS_ROOTCERT_FILE=$HOME/fabric-ca-client/peer-tls/peer-tls.pem
    Austins-MacBook-Pro:fabric-ca-client Austin$ export CORE_PEER_LOCALMSPID=PeerOrg2
    Austins-MacBook-Pro:fabric-ca-client Austin$ export CORE_PEER_TLS_ENABLED=true
    

    Note: I am here.

  5. We will execute a command that will grab the genesis block for our channel:

    Austins-MacBook-Pro:fabric-ca-client Austin$ peer channel fetch 0 -o ${ORDERER_1} -c ${CHANNEL} --cafile <Path to your /tls-ibp/tls.pem> --tls
    Austins-MacBook-Pro:fabric-ca-client Austin$ peer channel fetch 0 -o ${ORDERER_1} -c ${CHANNEL} --cafile $HOME/fabric-ca-client/tls-ibp/tls.pem --tls
    2018-11-28 11:26:16.291 EST [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
    2018-11-28 11:26:16.658 EST [cli/common] readBlock -> INFO 002 Received block: 0
    
  6. Using our genesis block, we will join the channel:

    Austins-MacBook-Pro:fabric-ca-client Austin$ peer channel join -b ${CHANNEL}_0.block
    2018-11-28 11:26:46.100 EST [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
    2018-11-28 11:26:46.897 EST [channelCmd] executeJoin -> INFO 002 Successfully submitted proposal to join channel
    

    Join the channel

    Note: I am here.

    Note: You will have to set $GOPATH when installing go.

  7. In order to make some transactions, we will need to install and instantiate chaincode:

    Austins-MacBook-Pro:fabric-ca-client Austin$ cd $GOPATH/src
    Austins-MacBook-Pro:src Austin$ git clone https://github.com/hyperledger/fabric-samples
    Austins-MacBook-Pro:src Austin$ cd $HOME/fabric-ca-client
    Austins-MacBook-Pro:fabric-ca-client Austin$ peer chaincode install -n ${CC_NAME} -v v0 -p fabric-samples/chaincode/fabcar/go/
    2018-11-28 11:29:47.243 EST [chaincodeCmd] checkChaincodeCmdParams -> INFO 001 Using default escc
    2018-11-28 11:29:47.243 EST [chaincodeCmd] checkChaincodeCmdParams -> INFO 002 Using default vscc
    2018-11-28 11:29:48.214 EST [chaincodeCmd] install -> INFO 003 Installed remotely response:<status:200 payload:"OK" >
    

    Note: I am here.

  8. Now, instantiate the installed chaincode:

    Austins-MacBook-Pro:fabric-ca-client Austin$ peer chaincode instantiate -o ${ORDERER_1} -C ${CHANNEL} -n ${CC_NAME} -v v0 -c  '{"Args":[""]}' --tls --cafile $HOME/fabric-ca-client/tls-ibp/tls.pem -P ""
    2018-11-28 11:32:30.939 EST [chaincodeCmd] checkChaincodeCmdParams -> INFO 049 Using default escc
    2018-11-28 11:32:30.939 EST [chaincodeCmd] checkChaincodeCmdParams -> INFO 04a Using default vscc
    

    Instantiate installed chaincode

  9. To verify that everything is working, make an invoke and query transaction:

    Austins-MacBook-Pro:fabric-ca-client Austin$ peer chaincode invoke -o ${ORDERER_1} -C ${CHANNEL} -n ${CC_NAME} -c '{"function":"initLedger","Args":[""]}' --tls --cafile $HOME/fabric-ca-client/tls-ibp/tls.pem
    Austins-MacBook-Pro:fabric-ca-client Austin$ peer chaincode invoke -o ${ORDERER_1} -C ${CHANNEL} -n ${CC_NAME} -c '{"Args":["queryAllCars"]}' --tls --cafile $HOME/fabric-ca-client/tls-ibp/tls.pem
    

    For fun, you can connect an IBM Blockchain Platform peer to the channel and view the transactions by opening the transactions. Connect a peer to the channel

Summary

Throughout this process of deploying your Distributed Peer, you were able to deploy your CA, register and enroll your peer, and actually commit transactions againsted installed and instanitated chaincode. You verified that the peer was actually connected to the IBM Blockchain Platform when you submitted a transaction through the command line and it appeared in the user interface. If you wanted to do this process again, you will not have to deploy your CA again as the CA will be able to handle multiple peers. That will allow you to have a high available solution all within your own data center.