We provide a contract test blockchain for free to help you quickly experience our blockchain service. This topic mainly introduces how to create certificates and accounts on the test blockchain.
The test contract blockchain is for test only. Do not upload business code or business data.
To apply for your own blockservice, please follow Create a consortium.
Prerequisites
You have already activated Alibaba Cloud BaaS and logged on to Alibaba Cloud.
If you are using an Alibaba Cloud account, click here to log on .
If you are using a RAM user, click here to log on.
Apply for the blockchain
Log on to the Alibaba Cloud BaaS console. Click Overview under Ant Blockchain in the left navigation pane.
Click Try for Free, then fill the pop-up list to apply for the certificates.
We provide Automatically Generated/Manually Generated ways to generate the certificate. It is recommended to use a safe and convenient automatic generation method.
NoteThe current application certificate is valid for three years, please re-apply.
If you choose Automatically Generated, the following steps need to be completed.
Fill in the application information and click Apply.
Download private key and certificate.
NoteThere is only one chance to download the private key.
Click the More button ··· in the upper right corner of the test Chain card, then click Create Account in the pop-up menu bar.
Choose Automatically, and then fill in the application information, click Apply.
Download public-private key pairs.
NoteThere is only one chance to download the private key.
If you choose Manually Generated, the following steps need to be completed.
Upload the locally generated certificate request file
client.csr
and click Apply. For the specific steps of locally generating the private keyclient.key
and the certificateclient.csr
, see Locally generate certificate and public-private key pair.Click the More button ··· in the upper right corner of the test Chain card, then click Create Account in the pop-up menu bar.
choose Manually, and then fill the Account Name, Account Public Key, and Account Recovery Public Key. For the specific steps of locally genrating the key pairs, see Locally generate certificate and public-private key pair.
Click the more button the top right of the test blockchain to download certificates, development components or reset certificates. You can refer to Development Guides for more information about application development.
Locally generate certificate and public-private key pair
Use OpenSSL
You do not need to manually install OpenSSL on a macOS system.
Install OpenSSL
Install OpenSSL on the Windows operating system as follows:
Go to OpenSSL download page (English), find version 1.0.2o (recommended), and download the installation package. Or, you can click the following download link:
32-bit OpenSSL installation package (direct download)
64-bit OpenSSL installation package (direct download)
Open the command line tool and go to the
bin
directory of the OpenSSL installation path.Prepare the environment variables and enter
set OPENSSL_CONF=openssl.cfg
on the command line.
Generate certificate requests
Generate private keys and certificate requests by using OpenSSL.
You must remember the password of the private key and save the private key file properly.
openssl req -newkey rsa:2048 -keyout key_pkcs10.pem -out csr.pem Generatinga 2048 bit RSA private key .........................................+++ ..................................+++ writingnew private key to 'key_pkcs10.pem' EnterPEM pass phrase: Verifying- Enter PEM pass phrase: -----
While this command is being executed, you are required to enter the following information:
Country name (2-letter code): Use the International Standards Organization (ISO) format and enter the 2-letter country code. For example, enter CN for China.
State or province name (full name): The province. For example, Zhejiang.
Locality name (for example, city): The city. For example, Hangzhou.
Organization name (for example, company): The organizational unit. For example, Pinyin of a company name.
Organizational unit name (for example, section): For example, IT Dept.
Common name (for example, domain name of your website): The domain name of the website encrypted with SSL.
NoteThis is a domain name that uses SSL certificate. For example, pay.****.com.
Different URLs are defined here as different website domain names. For example: ****.com, www.****.com, and pay.****.com are identified as three different website domain names.
The website domain name here must be the same as the SMTP/POP3 server name set by the mail client software.
Email address: Optional, the email address.
Challenge password: Optional.
Optional company name: Optional.
Use local key service
For your convenience, the BaaS platform provides a Java version of local key service.
Start local key service
The Java runtime environment must be version 1.7 or later.
Download the key generation tool.
Run the command
java -jar baas-crypto-tool-1.0.0.jar --server.port=8080
to start the key service.
Generate certificate requests
After you start the key service, in the browser, enter https://localhost:8080/api/crypto/generateTlsKey?algo=rsa&isPkcs8=true&password=${password}
to generate the tlskey.zip
file. Unzip the file to obtain client.csr
and client.key
. client.key
is used to connect to the blockchain, and client.csr
needs to be signed by the BaaS platform.
Note: Replace ${password}
in the link with your own password.
Generate public and private key pairs
After you start the key service, in the browser, enter http://localhost:8080/api/crypto/generateUserKey? algo=ec&isPkcs8=true&password=${password}
to generate the userkey.zip
file. Unzip the file to obtain user.key
and pub.txt
. user.key
is the private key of the user, and pub.txt
is the public key of the user.
You can run this command twice to generate two public private key pairs. One is the key pair of the account and the other one is the recovery key pair.