I am working on a Hlf Project and am trying to revoke a user certificate. I am using the node sdk with the vscode ibm extension tool. So far i got to the point that i can revoke users via the sdk. Then i'll need to generate the CRL and update the msp folder of the peer and the orderer. Since the generateCRL function of the sdk isn't working for me i generated the crl.pem file via the fabric-ca-client in the docker of ca.org1.example.com and copied it to the peer and the orderer. After restarting the docker container the user is still able to evaluate and submit transactions. What am i doing wrong? Would be really thankful if someone could help
Asked
Active
Viewed 217 times
1 Answers
0
You must perform a channel update and include this CRL in the Org Channel MSP. This must happen everytime a certificate is revoked. You can create something like a trigger when a certificate is revoked. Note that the Channel Update most likely will not need to be signed by other members, because a Channel Update that affects only the specific Org (the one that performs it) is only needed to be signed by this Org's admin. To be more specific, in the channel config you must put it here:
.channel_group.groups.Application.groups.OrgMSP.values.MSP.value.config.revocation_list = [YOUR_CRL]
Then compute the update and update the channel.
alxspectrum
- 52
- 1
- 5