Fabric CA can be configured with a LDAP server or run in a standalone mode. When running in a standalone mode, it must be configured with a bootstrap identity that gets stored in the backend database of Fabric CA. By default, a SQLite database is used but, for production usages, a PostgreSQL or a MySQL database can be configured. Typically, the connection between the Fabric CA server and its database is over TLS if a standalone server is used.
For the rest of the chapter, we will refer to the bootstrap entity when running without the LDAP server as the ca-admin. The ca-admin and its password must be supplied on a bootstrap of the Fabric CA, when running without LDAP server.
In order for the ca-admin to interact with the server, it must submit a certificate signing request (CSR) to the Fabric CA server to obtain a X.509 certificate. This process is called enrolling an identity, or simply enroll. With a X.509 certificate in possession, the ca-admin can then add other users, which we will explain next.
Fabric CA provides two key operations in the system, namely register and enroll. We will explain these operations next.