默认的cryptogen工具生成的证书有效期为10年,地区信息为国外,证书序列号为随机值(过多存在重复),fabric-ca(暂对多根目录的节构支持不好)。现修改证书为50年,地区自定义。主要是修改原码后,再进fabric主目录,make cryptogen:
主要是修改
$GOPATH/src/github.com/hyperledger/fabric/common/tools/cryptogen/ca/generator.go文件:
1.加入fmt引用
import (
"fmt" //加入这个
)
2.修改pkix.name
func subjectTemplate() pkix.Name {
return pkix.Name{
Country: []string{"CN"},
Locality: []string{"ChongQing"},
Province: []string{"ChongQing"},
}
}
3.修改证书的序列号生成规则
func x509Template() x509.Certificate {
//generate a serial number
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
serialNumber, _ := rand.Int(rand.Reader, serialNumberLimit)
now := time.Now()
serialNumberStr := fmt.Sprintf("%d", serialNumber)
nowStr := fmt.Sprintf("%d", now.UnixNano())
serialNumber1,_:=big.NewInt(0).SetString(serialNumberStr+nowStr,10)
//fmt.Println("serialNumber:"+serialNumberStr+nowStr)
//basic template to use
x509 := x509.Certificate{
SerialNumber: serialNumber1,
NotBefore: now,
NotAfter: now.Add(438000 * time.Hour), //~ten*5 years
BasicConstraintsValid: true,
}
return x509
}