Is it possible to create a hyperledger fabric channel or no?
i am asking this because i have been stuck for more than two weeks with this error:
Error: got unexpected status: FORBIDDEN -- config update for existing channel did not pass initial checks: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Writers' sub-policies to be satisfied: permission denied"
know that I use the correct path of the "MSP folder" of the admin "Admin#productionlaborg" how created the channel, but I get also in the logs of orderer docker container this error:
Invalid identity: certificate subject=CN=Admin#productionlaborg.supplychain.com,OU=admin,L=San Francisco,ST=California,C=US serialnumber=209542001001378907007459857235386288226 error="the supplied identity is not valid: x509: certificate signed by unknown authority (possibly because of "x509: ECDSA verification failure" while trying to verify candidate authority certificate "ca.productionlaborg.supplychain.com")"
PLEASE I NEED HELP
Related
I have added a new organization to my consortium network.
Successfully able to join the channels from the new organization peers.
Now I m trying to get information about my channel using the following command :
peer channel getinfo -c my-channel
But I get this error as result :
Error: received bad response, status 500: access denied for [GetChainInfo][my-channel]: [Failed evaluating policy on signed data during check policy on channel [my-channel] with policy [/Channel/Application/Readers]: [implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Readers' sub-policies to be satisfied]]
I get also in peer logs this error:
Peer Logs - 2021-10-20 07:18:45.057 UTC [policies] SignatureSetToValidIdentities -> WARN d1a93c invalid identity: certificate subject=CN=peer1,OU=peer,O=Hyperledger,ST=North Carolina,C=US serialnumber=41365438365218511579049 error="MSP Org3 is not defined on channel
Did you update the channel to include Org3MSP when running configtxlator. I am presuming that you might have referenced the tutorial on how to add andd join channels.
I'm trying to create a channel for my hyperledger fabric network but I've been stuck for over two weeks with this error :
[policies] SignatureSetToValidIdentities -> WARN 00d invalid identity: certificate subject=CN=Admin#productionlaborg.supplychain.com,OU=admin,L=San Francisco,ST=California,C=US serialnumber=332150209750411695579251324251304242011 error="the supplied identity is not valid: x509: certificate signed by unknown authority (possibly because of "x509: ECDSA verification failure" while trying to verify candidate authority certificate "ca.productionlaborg.supplychain.com")"
know that I export the correct path of the "MSP folder" of the admin "Admin#productionlaborg" how created the channel.
Please I need Help
I have created Two Node. Node1 has Peer0.org1, CA and Orderer Service and Node2 have Peer0.org2 and Peer0.org3.
I can invoke and execute a query using fabric-client from peer0.org1 but When I tried same from peer0.org2 and peer0.org3 it's not working using API and it throws MSP error: the supplied identity is not valid: x509: certificate signed by unknown authority error. However it's working from the CLI
Can anyone help me to resolve this?
Please check the endorsement policy on the chaincode. Most of the times this error is because your org2 and org3 are not part of endorsement policy.
I am trying to config a hyperledger fabric network on aws.
I have 3 aws ubuntu instances and each is fabric-ca, fabric-orderer, fabric-peer latest docker image.
First, I started up my CA server with "start -b" command. I checked one identity is registered in CA server db.
After that, I started up my orderer server. After that enrolled CA registered identity on the orderer server and registered and enrolled orderer identity using fabric-ca-client bin. Finally I created genesis block using configtxgen bin.
The Problem is here.
I started up a peer and proceeded same steps mentioned above and created an identity type peer. After that I created admincerts directory and put a cert.pem in a ca signcerts directory. I though this certification file describes an identity created by CA.
But when I tried to create a channel to orderer, it says error authorizing update: error validating DeltaSet: policy for [Group] /Channel/Application not satisfied: Failed to reach implicit threshold of 1 sub-policies, required 1 remaining .
How can I make administrator certification for a peer to create a channel?
channel creation has many error prone areas
1). It could be that you are passing a wrong mspID.
2) Detailed Explanation reg Admin keys
NodeJS Logs: [2018–10–04 12:19:28.548] [DEBUG] Create-Channel — response ::{“status”:”BAD_REQUEST”,”info”:”error authorizing update: error validating DeltaSet: policy for [Group] /Channel/Application not satisfied: Failed to reach implicit threshold of 1 sub-policies, required 1 remaining”}
[2018–10–04 12:19:28.548] [ERROR] Create-Channel —
!!!!!!!!! Failed to create the channel ‘public’ !!!!!!!!!
Orderer Logs: reg channel creation error
2018–10–04 08:19:28.617 UTC [orderer/common/broadcast] Handle -> WARN 132 [channel: public] Rejecting broadcast of config message from 10.255.0.2:57714 because of error: error authorizing update: error validating DeltaSet: policy for [Group] /Channel/Application not satisfied: Failed to reach implicit threshold of 1 sub-policies, required 1 remaining
Reason: transaction is not signed with admin key
Solution: To create a channel we need admin credentials such as private key & public certificate(Ex: x.509)
[client-utils.js]: sendPeersProposal - Promise is rejected: Error:
Failed to deserialize creator identity, err The supplied identity is
not valid, Verify() returned x509: certificate signed by unknown
authority (possibly because of "x509: ECDSA verification failure"
while trying to verify candidate authority certificate
"ca.org1.example.com")
This is clearly related to wrong certificates. Cross check the certificates, if possible generate certificates for CA again using cryptogen and accordingly place the certificates in peers.