All Products
Search
Document Center

Blockchain as a Service:Quick Experience for Free

Last Updated:Jul 21, 2023

We provide a contract test blockchain for free to help you quickly experience our blockchain service. This topic mainly introduces how to create certificates and accounts on the test blockchain.

Note
  • The test contract blockchain is for test only. Do not upload business code or business data.

  • To apply for your own blockservice, please follow Create a consortium.

Prerequisites

You have already activated Alibaba Cloud BaaS and logged on to Alibaba Cloud.

Apply for the blockchain

  1. Log on to the Alibaba Cloud BaaS console. Click Overview under Ant Blockchain in the left navigation pane.

  2. Click Try for Free, then fill the pop-up list to apply for the certificates.

  3. We provide Automatically Generated/Manually Generated ways to generate the certificate. It is recommended to use a safe and convenient automatic generation method.

    Note

    The current application certificate is valid for three years, please re-apply.

    • If you choose Automatically Generated, the following steps need to be completed.

      1. Fill in the application information and click Apply.

      2. Download private key and certificate.

        Note

        There is only one chance to download the private key.

        0
      3. Click the More button ··· in the upper right corner of the test Chain card, then click Create Account in the pop-up menu bar.

        3
      4. Choose Automatically, and then fill in the application information, click Apply.

      5. Download public-private key pairs.

        Note

        There is only one chance to download the private key.

        5
    • If you choose Manually Generated, the following steps need to be completed.

      1. Upload the locally generated certificate request file client.csr and click Apply. For the specific steps of locally generating the private key client.key and the certificateclient.csr, see Locally generate certificate and public-private key pair.

      2. Click the More button ··· in the upper right corner of the test Chain card, then click Create Account in the pop-up menu bar.

        7
      3. choose Manually, and then fill the Account Name, Account Public Key, and Account Recovery Public Key. For the specific steps of locally genrating the key pairs, see Locally generate certificate and public-private key pair.

  4. Click the more button the top right of the test blockchain to download certificates, development components or reset certificates. You can refer to Development Guides for more information about application development.

    9

Locally generate certificate and public-private key pair

Use OpenSSL

Note

You do not need to manually install OpenSSL on a macOS system.

Install OpenSSL

Install OpenSSL on the Windows operating system as follows:

  1. Go to OpenSSL download page (English), find version 1.0.2o (recommended), and download the installation package. Or, you can click the following download link:

  2. Open the command line tool and go to the bin directory of the OpenSSL installation path.

  3. Prepare the environment variables and enter set OPENSSL_CONF=openssl.cfg on the command line.

Generate certificate requests

Generate private keys and certificate requests by using OpenSSL.

Note

You must remember the password of the private key and save the private key file properly.

openssl req -newkey rsa:2048 -keyout key_pkcs10.pem -out csr.pem    Generatinga 2048 bit RSA private key    .........................................+++    ..................................+++    writingnew private key to 'key_pkcs10.pem'    EnterPEM pass phrase:    Verifying- Enter PEM pass phrase:    -----

While this command is being executed, you are required to enter the following information:

  • Country name (2-letter code): Use the International Standards Organization (ISO) format and enter the 2-letter country code. For example, enter CN for China.

  • State or province name (full name): The province. For example, Zhejiang.

  • Locality name (for example, city): The city. For example, Hangzhou.

  • Organization name (for example, company): The organizational unit. For example, Pinyin of a company name.

  • Organizational unit name (for example, section): For example, IT Dept.

  • Common name (for example, domain name of your website): The domain name of the website encrypted with SSL.

    Note

    • This is a domain name that uses SSL certificate. For example, pay.****.com.

    • Different URLs are defined here as different website domain names. For example: ****.com, www.****.com, and pay.****.com are identified as three different website domain names.

    • The website domain name here must be the same as the SMTP/POP3 server name set by the mail client software.

  • Email address: Optional, the email address.

  • Challenge password: Optional.

  • Optional company name: Optional.

Use local key service

For your convenience, the BaaS platform provides a Java version of local key service.

Start local key service

  1. The Java runtime environment must be version 1.7 or later.

  2. Download the key generation tool.

  3. Run the command java -jar baas-crypto-tool-1.0.0.jar --server.port=8080 to start the key service.

Generate certificate requests

After you start the key service, in the browser, enter https://localhost:8080/api/crypto/generateTlsKey?algo=rsa&isPkcs8=true&password=${password} to generate the tlskey.zip file. Unzip the file to obtain client.csr and client.key. client.key is used to connect to the blockchain, and client.csr needs to be signed by the BaaS platform.

Note: Replace ${password} in the link with your own password.

Generate public and private key pairs

After you start the key service, in the browser, enter http://localhost:8080/api/crypto/generateUserKey? algo=ec&isPkcs8=true&password=${password} to generate the userkey.zip file. Unzip the file to obtain user.key and pub.txt. user.key is the private key of the user, and pub.txt is the public key of the user.

You can run this command twice to generate two public private key pairs. One is the key pair of the account and the other one is the recovery key pair.