I am using fabric ca-client to to register and enroll the "user" to interact with the chaincode. Registering the user using organization CA admin as follow :
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org1/ca/crypto/ca-cert.pem
export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org1/ca/admin
export FABRIC_CA_CLIENT_MSPDIR=msp
fabric-ca-client register -d --id.name userk2 --id.secret userk2PW --id.type user -u https://0.0.0.0:7054
And enrolled user without admin of org-ca as
fabric-ca-client enroll -u "https://userk2:userk2PW@0.0.0.0:7054" --tls.certfiles /tmp/hyperledger/org1/admin/msp/cacerts/0-0-0-0-7054.pem
Now CA server should provide user certificates to the user (here userk2) that requires to interact with the chaincodes.
I received response from the CA server as :
2021/10/13 12:13:50 [INFO] TLS Enabled
2021/10/13 12:13:50 [INFO] generating key: &{A:ecdsa S:256}
2021/10/13 12:13:50 [INFO] encoded CSR
2021/10/13 12:13:51 [INFO] Stored client certificate at /root/.fabric-ca-client/msp/signcerts/cert.pem
2021/10/13 12:13:51 [INFO] Stored root CA certificate at /root/.fabric-ca-client/msp/cacerts/0-0-0-0-7054.pem
2021/10/13 12:13:51 [INFO] Stored Issuer public key at /root/.fabric-ca-client/msp/IssuerPublicKey
2021/10/13 12:13:51 [INFO] Stored Issuer revocation public key at /root/.fabric-ca-client/msp/IssuerRevocationPublicKey
Which are the user private/public key and root of trust for interacting with chaincode? Thank you!
The user private key is stored in the client, not in the Fabric-CA. The client never shares its private key (as it is expected to). The client generates a key pair, submits a CSR to the CA and receives the signed certificate. The client saves the received certificate (the CA saves a copy, too).
According to your logs, your client certificate is in:
/root/.fabric-ca-client/msp/signcerts/cert.pem.And your private key must be under:
/root/.fabric-ca-client/msp/keystore/.