What is diffrence between enrolling and registering a certificate in Hyperledger fabric CA

So from what i understand when you "enrol" an identity you get the certificates and private keys for it. When you "register" the identity, you are simply creating the user name and password for that identity with the CA server.

The certificates that the cryptogen tool generate are not any different to the ones generated by the Fabric CA, the cryptogen tool is there for convenience in development. It should not be used in a live / production environment. Under the hood the cryptogen tool actually spins up a fabric ca server locally.

Here is a link to the latest documentation for Fabric CA:


Registering identity means adding its details in Fabric CA.

Enrolling means process when registered identity connects to CA and sends Certificate Signing Request (CSR) to it. CA checks if the identity is registered and performs some other validations, if checks are successful then it returns signed certificate to the identity. Since the certificate is signed by CA trusted by blockchain network, the identity has now means to interact with the network using this certificate.

So, to make the identity being able to interact with the network it must pass two steps in this particular sequence:

  1. Be registered on CA
  2. Be enrolled

Admin is preregistered in CA using when it is started

fabric-ca-server start -b admin:adminpw

The details are here: https://hyperledger-fabric-ca.readthedocs.io/en/release-1.4/users-guide.html

also you can refer to source