Develop Reference

Fabric-CA with SoftHSM: Could not initialize BCCSP PKCS11: Invalid config. It must not be nil

I have followed softHSM2 repo to install and initialize the token but when I start the fabric-ca-server container with PKCS11 env variables I get Could not initialize BCCSP PKCS11: Invalid config. It must not be nil. according to fabric-ca docs just 4 (default, library, pin, label) env variables are required to use SoftHSM but I tried to add all the fields mentioned under pkcs11 but the issue persists, not sure what part of config is nil.
docker-compose-ca.yaml
version: '2'
networks:
org1_network:
external:
name: org1_network
services:
ca_org1:
image: hyperledger/fabric-ca:latest
environment:
- GODEBUG=netdns=go
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca.org1.example.com
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_PORT=7054
- FABRIC_CA_SERVER_DEBUG=true
- FABRIC_CA_SERVER_BCCSP_DEFAULT=PKCS11
- FABRIC_CA_SERVER_BCCSP_PKCS11_HASH=SHA2
- FABRIC_CA_SERVER_BCCSP_PKCS11_SECURITY=256
- FABRIC_CA_SERVER_BCCSP_PKCS11_LIBRARY=/etc/hyperledger/fabric/libsofthsm2.so
- FABRIC_CA_SERVER_BCCSP_PKCS11_PIN=98765432
- FABRIC_CA_SERVER_BCCSP_PKCS11_FILEKEYSTORE_KEYSTORE=/etc/hyperledger/fabric-ca-server/msp
- SOFTHSM2_CONF=/etc/hyperledger/fabric/config.file
ports:
- "7054:7054"
command: sh -c 'fabric-ca-server start -b org1:adminpw -d'
volumes:
- ../organizations/fabric-ca/org1:/etc/hyperledger/fabric-ca-server
- ../../softhsm/config.file:/etc/hyperledger/fabric/config.file
- /../../../usr/local/lib/softhsm/libsofthsm2.so:/etc/hyperledger/fabric/libsofthsm2.so
container_name: ca_org1
networks:
- org1_network
config.file
# SoftHSM v2 configuration file
directories.tokendir = /tmp/
objectstore.backend = file
objectstore.umask = 0077
# ERROR, WARNING, INFO, DEBUG
log.level = DEBUG
# If CKF_REMOVABLE_DEVICE flag should be set
slots.removable = false
# Enable and disable PKCS#11 mechanisms using slots.mechanisms.
slots.mechanisms = ALL
# If the library should reset the state on fork
library.reset_on_fork = false
fabric-ca-org1-container logs
2021/07/11 21:22:08 [DEBUG] Home directory: /etc/hyperledger/fabric-ca-server
2021/07/11 21:22:08 [INFO] Configuration file location: /etc/hyperledger/fabric-ca-server/fabric-ca-server-config.yaml
2021/07/11 21:22:08 [INFO] Starting server in home directory: /etc/hyperledger/fabric-ca-server
2021/07/11 21:22:08 [DEBUG] Set log level:
2021/07/11 21:22:08 [INFO] Server Version: 1.5.1-snapshot-38527387
2021/07/11 21:22:08 [INFO] Server Levels: &{Identity:2 Affiliation:1 Certificate:1 Credential:1 RAInfo:1 Nonce:1}
2021/07/11 21:22:08 [DEBUG] Making server filenames absolute
2021/07/11 21:22:08 [DEBUG] Initializing default CA in directory /etc/hyperledger/fabric-ca-server
2021/07/11 21:22:08 [DEBUG] Init CA with home /etc/hyperledger/fabric-ca-server and config {Version:1.5.1-snapshot-38527387 Cfg:{Identities:{PasswordAttempts:10 AllowRemove:false} Affiliations:{AllowRemove:false}} CA:{Name:ca.org1.example.com Keyfile: Certfile:ca-cert.pem Chainfile:ca-chain.pem} Signing:0xc00033e210 CSR:{CN:fabric-ca-server Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[dc6f304f9d43 localhost] KeyRequest:0xc0000bf520 CA:0xc0001d5bf0 SerialNumber:} Registry:{MaxEnrollments:-1 Identities:[{ Name:**** Pass:**** Type:client Affiliation: MaxEnrollments:0 Attrs:map[hf.AffiliationMgr:1 hf.GenCRL:1 hf.IntermediateCA:1 hf.Registrar.Attributes:* hf.Registrar.DelegateRoles:* hf.Registrar.Roles:* hf.Revoker:1] }]} Affiliations:map[org1:[department1 department2] org2:[department1]] LDAP:{ Enabled:false URL:ldap://****:****#<host>:<port>/<base> UserFilter:(uid=%s) GroupFilter:(memberUid=%s) Attribute:{[uid member] [{ }] map[groups:[{ }]]} TLS:{false [] { }} } DB:{ Type:sqlite3 Datasource:fabric-ca-server.db TLS:{false [] { }} } CSP:0xc0001d5e00 Client:<nil> Intermediate:{ParentServer:{ URL: CAName: } TLS:{Enabled:false CertFiles:[] Client:{KeyFile: CertFile:}} Enrollment:{ Name: Secret:**** CAName: AttrReqs:[] Profile: Label: CSR:<nil> Type:x509 }} CRL:{Expiry:24h0m0s} Idemix:{IssuerPublicKeyfile: IssuerSecretKeyfile: RevocationPublicKeyfile: RevocationPrivateKeyfile: RHPoolSize:1000 NonceExpiration:15s NonceSweepInterval:15m}}
2021/07/11 21:22:08 [DEBUG] CA Home Directory: /etc/hyperledger/fabric-ca-server
2021/07/11 21:22:08 [DEBUG] Checking configuration file version '1.5.1-snapshot-38527387' against server version: '1.5.1-snapshot-38527387'
2021/07/11 21:22:08 [DEBUG] Initializing BCCSP: &{ProviderName:PKCS11 SwOpts:0xc0001d5e60 PluginOpts:<nil> Pkcs11Opts:<nil>}
2021/07/11 21:22:08 [DEBUG] Initializing BCCSP with software options &{SecLevel:256 HashFamily:SHA2 FileKeystore:0xc00035ee10 DummyKeystore:<nil> InmemKeystore:<nil>}
2021/07/11 21:22:08 [DEBUG] Closing server DBs
Error: Failed to get BCCSP with opts: Could not initialize BCCSP PKCS11: Invalid config. It must not be nil.

I would recommend modifying the config file of fabric-ca-server (fabric-ca-server-config.yaml) instead of trying to override entries in it via environment variables which is what you are trying to do. I believe the problem is you can't override entries that aren't actually defined in the config file.

What is needed to use 1 central certificate authority for all the organization on Hyperledger Fabric v1.4?

Based on Hyperldeger Fabric is created a network on which there are:1 orderer, 1 ca, 1 couchdb, 1 cli, 1 peer
Afterwards, is added a new org with: 1 peer, 1 couchdb and 1 cli
Until this stage there is no error. All the containers are running. Then is enrolled the ca admin. Still no problem. The admin is connected with no problem. I want to create admin for the new organization.
enrollandregisterNewAdmin.js
const gateway = new Gateway();
await gateway.connect(ccpPath, { wallet, identity: 'admin', discovery: { enabled: true, asLocalhost: true } });
const ca = gateway.getClient().getCertificateAuthority();
const adminIdentity = gateway.getCurrentIdentity();
const secret = await ca.register({
affiliation: 'org1.department1',
enrollmentID: 'adminOrg3',
role: 'client',
attrs: [ {"name": "hf.Registrar.Roles", "value": "client"},
{"name": "hf.Registrar.DelegateRoles", "value": "client"},
{"name": "hf.Revoker", "value": "true"},
{"name": "hf.IntermediateCA", "value": "true"},
{"name": "hf.GenCRL", "value": "true"},
{"name": "hf.AffiliationMgr", "value": "true"},
{"name": "hf.Registrar.Attributes", "value": "hf.Registrar.Roles,hf.Registrar.DelegateRoles,hf.Revoker,hf.IntermediateCA,hf.GenCRL,hf.Registrar.Attributes,hf.AffiliationMgr"} ] }
, adminIdentity);
const enrollment = await ca.enroll({ enrollmentID: 'adminOrg3', enrollmentSecret: secret});
const userIdentity = X509WalletMixin.createIdentity('Org3MSP', enrollment.certificate, enrollment.key.toBytes());
await wallet.import('adminOrg3', userIdentity);
Finally the certificates of 'adminOrg3' are imported to the wallet with no error. But when I am trying to invoke/query with the 'adminOrg3'. I receive this error:
[Channel.js]: Channel:byfn received discovery error:access denied
[Channel.js]: Error: Channel:byfn Discovery error:access denied
error: [Network]: _initializeInternalChannel: Unable to initialize channel. Attempted to contact 1 Peers. Last error was Error: Channel:byfn Discovery error:access denied
This is a common error when the wallet exists from a previous deployment. But the wallet is deleted each time the network is restarted.
docker logs peer0.org3.example.com
2021-02-22 10:21:09.588 UTC [cauthdsl] deduplicate -> ERRO 082 Principal deserialization failure (the supplied identity is not valid: x509: certificate signed by unknown authority) for identity 0
My config file for new org
docker-compose-org3.yaml
version: '2'
volumes:
peer0.org3.example.com:
networks:
byfn:
services:
peer0.org3.example.com:
container_name: peer0.org3.example.com
extends:
file: base/peer-base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer0.org3.example.com
- CORE_PEER_ADDRESS=peer0.org3.example.com:11051
- CORE_PEER_LISTENADDRESS=0.0.0.0:11051
- CORE_PEER_CHAINCODEADDRESS=peer0.org3.example.com:11052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:11052
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org3.example.com:11051
- CORE_PEER_LOCALMSPID=Org3MSP
volumes:
- /var/run/:/host/var/run/
- ./org3-artifacts/crypto-config/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/msp:/etc/hyperledger/fabric/msp
- ./org3-artifacts/crypto-config/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls:/etc/hyperledger/fabric/tls
- peer0.org3.example.com:/var/hyperledger/production
ports:
- 11051:11051
networks:
- byfn
Org3cli:
container_name: Org3cli
image: hyperledger/fabric-tools:$IMAGE_TAG
tty: true
stdin_open: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- FABRIC_LOGGING_SPEC=INFO
#- FABRIC_LOGGING_SPEC=DEBUG
- CORE_PEER_ID=Org3cli
- CORE_PEER_ADDRESS=peer0.org3.example.com:11051
- CORE_PEER_LOCALMSPID=Org3MSP
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/users/Admin#org3.example.com/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: /bin/bash
volumes:
- /var/run/:/host/var/run/
- ./../chaincode/:/opt/gopath/src/github.com/chaincode
- ./org3-artifacts/crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./crypto-config/peerOrganizations/org1.example.com:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com
-./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/
depends_on:
- peer0.org3.example.com
networks:
- byfn
Is it possible under the same affiliation to exist different MSPs?
Is needed any change to the configuration files?

Just to clarify few things ...
did you add the new org on the channel before trying to connect with the new org user?
are you running the peers in docker containers and use volumes for the peer file system mapping? - It may happen that the peers still load the content of the old channels...
-Tsvetan

ECONNREFUSED error while setting up calipeer

I was setting up hyperledger caliper to test a fabcar network and got ECONNREFUFUSED error multiple times. It said that it failed to enroll admin.
I setup the test network using ./startFabric.sh javascript in fabcar repo of fabric-samples.
Then I used docker-compose to start caliper( used docker-compose up in caliper-benchmarks ).
This is the docker-compose file that I used:
version: '2'
services:
caliper:
container_name: caliper
image: hyperledger/caliper:0.3.2
command: launch master --caliper-flow-only-test --caliper-fabric-gateway-usegateway --caliper-fabric-gateway-discovery
environment:
- CALIPER_BIND_SUT=fabric:2.1.0
- CALIPER_BENCHCONFIG=benchmarks/samples/fabric/fabcar/config1.yaml
- CALIPER_NETWORKCONFIG=networks/fabric/network-config.yaml
volumes:
- ~/caliper-benchmarks:/hyperledger/caliper/workspace
networks:
- net_test
networks:
net_test:
external: "true"
This was my network-config.yaml file:
name: Fabric
version: "1.0"
mutual-tls: false
caliper:
blockchain: fabric
#command:
#start: export FABRIC_VERSION=2.1.0;export FABRIC_CA_VERSION=1.4.4;docker-compose -f networks/fabric/naman/docker-compose/2org1peercouchdb_solo_raft/docker-compose-tls.yaml up -d;sleep 3s
#end: docker-compose -f networks/fabric/naman/docker-compose/2org1peercouchdb_solo_raft/docker-compose-tls.yaml down;(test -z \"$(docker ps -aq)\") || docker rm $(docker ps -aq);(test -z \"$(docker images dev* -q)\") || docker rmi $(docker images dev* -q);rm -rf /tmp/hfc-*
info:
Version: 2.1.0
Size: 2 Orgs with 1 Peer
Orderer: Raft
Distribution: Single Host
StateDB: CouchDB
clients:
admin.Org1:
client:
organization: Org1
connection:
timeout:
peer:
endorser: 300
orderer: 300
#credentialStore:
#path: /tmp/hfc-kvs/org1
#cryptoStore:
#path: /tmp/hfc-cvs/org1
#clientPrivateKey:
#path: networks/fabric/naman/peerOrganizations/org1.example.com/users/User1#org1.example.com/msp/keystore/40fa9f923f527b11be8c05bb1a2d166a5c2cc43ee2d425b53cdb82836479206d_sk
#clientSignedCert:
#path: networks/fabric/naman/peerOrganizations/org1.example.com/users/User1#org1.example.com/msp/signcerts/cert.pem
admin.Org2:
client:
organization: Org2
connection:
timeout:
peer:
endorser: 300
orderer: 300
#credentialStore:
#path: /tmp/hfc-kvs/org2
#cryptoStore:
#path: /tmp/hfc-cvs/org2
#clientPrivateKey:
#path: networks/fabric/naman/peerOrganizations/org2.example.com/users/User1#org2.example.com/msp/keystore/cdc22e2ec274bf9d5ec0700b420c5e7423a2be73112f3bdc6565d7d45f9ae643_sk
#clientSignedCert:
#path: networks/fabric/naman/peerOrganizations/org2.example.com/users/User1#org2.example.com/msp/signcerts/cert.pem
User1:
client:
organization: Org1
connection:
timeout:
peer:
endorser: 300
orderer: 300
User2:
client:
organization: Org2
connection:
timeout:
peer:
endorser: 300
orderer: 300
wallet: networks/wallet
channels:
mychannel:
configBinary: networks/mychannel.tx
created: true
#definition:
#capabilities: []
#consortium: 'SampleConsortium'
#msps: ['Org1MSP', 'Org2MSP']
#version: 0
orderers:
- orderer.example.com
peers:
peer0.org1.example.com:
eventSource: true
peer0.org2.example.com:
eventSource: true
#peer1.org1.example.com:
#eventSource: true
#peer1.org2.example.com:
#eventSource: true
chaincodes:
#- id: marbles
# version: v0
#language: node
#path: src/fabric/naman/samples/marbles/node
#metadataPath: src/fabric/naman/samples/marbles/node/metadata
- id: fabcar_1
version: "1.0"
language: node
path: src/fabric/samples/fabcar/javascript1
organizations:
Org1:
mspid: Org1MSP
peers:
- peer0.org1.example.com
certificateAuthorities:
- ca.org1.example.com
adminPrivateKey:
path: networks/fabric/naman/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp/keystore/5f63f8056561fdd7e62566d62d3f3fddeff12836e3151ec160ef228df008e56b_sk
signedCert:
path: networks/fabric/naman/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp/signcerts/cert.pem
Org2:
mspid: Org2MSP
peers:
- peer0.org2.example.com
#- peer1.org2.example.com
certificateAuthorities:
- ca.org2.example.com
adminPrivateKey:
path: networks/fabric/naman/peerOrganizations/org2.example.com/users/Admin#org2.example.com/msp/keystore/fc78c38deead140e8164625a839c44966371fcb17608362c2c78a506670bd290_sk
signedCert:
path: networks/fabric/naman/peerOrganizations/org2.example.com/users/Admin#org2.example.com/msp/signcerts/cert.pem
orderers:
orderer.example.com:
url: grpcs://localhost:7050
grpcOptions:
ssl-target-name-override: orderer.example.com
tlsCACerts:
path: networks/fabric/naman/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
peers:
peer0.org1.example.com:
url: grpcs://localhost:7051
tlsCACerts:
pem: |
-----BEGIN CERTIFICATE-----
MIICJjCCAc2gAwIBAgIUOKOEL9yThPFiI22Rj2ehP2/8BpEwCgYIKoZIzj0EAwIw
cDELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMQ8wDQYDVQQH
EwZEdXJoYW0xGTAXBgNVBAoTEG9yZzEuZXhhbXBsZS5jb20xHDAaBgNVBAMTE2Nh
Lm9yZzEuZXhhbXBsZS5jb20wHhcNMjAwNjMwMDcxNjAwWhcNMzUwNjI3MDcxNjAw
WjBwMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExDzANBgNV
BAcTBkR1cmhhbTEZMBcGA1UEChMQb3JnMS5leGFtcGxlLmNvbTEcMBoGA1UEAxMT
Y2Eub3JnMS5leGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHeO
KBmJfaW5TmEVYDJPFUuibx8O+ju3qhHIXFbCnfjz91WnoIUhQXxtfs2Ajyr2ywWk
N9T15plIKgGBe5YZB6+jRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAG
AQH/AgEBMB0GA1UdDgQWBBQYlGorkJ3HFJu/uGPNy753+gbMmDAKBggqhkjOPQQD
AgNHADBEAiAe2nP1fUp4UtqMqVEyd9yzMPNbMBjVA3pFtsw5AThu6AIgPF30jUUm
Ey2vOMKY6mmfZalsJIcyp6ysxPfDaMnq09I=
-----END CERTIFICATE-----
grpcOptions:
ssl-target-name-override: peer0.org1.example.com
hostnameOverride: peer0.org1.example.com
peer0.org2.example.com:
url: grpcs://localhost:9051
tlsCACerts:
pem: |
-----BEGIN CERTIFICATE-----
MIICHzCCAcWgAwIBAgIUGyDeO2bl0XWI29+/h+MNiybkdaowCgYIKoZIzj0EAwIw
bDELMAkGA1UEBhMCVUsxEjAQBgNVBAgTCUhhbXBzaGlyZTEQMA4GA1UEBxMHSHVy
c2xleTEZMBcGA1UEChMQb3JnMi5leGFtcGxlLmNvbTEcMBoGA1UEAxMTY2Eub3Jn
Mi5leGFtcGxlLmNvbTAeFw0yMDA2MzAwNzE2MDBaFw0zNTA2MjcwNzE2MDBaMGwx
CzAJBgNVBAYTAlVLMRIwEAYDVQQIEwlIYW1wc2hpcmUxEDAOBgNVBAcTB0h1cnNs
ZXkxGTAXBgNVBAoTEG9yZzIuZXhhbXBsZS5jb20xHDAaBgNVBAMTE2NhLm9yZzIu
ZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQlkzwJM7JneAQo
VVrvGGJSzhIryum1oXjNEx01rlc0IawgRzMZdeD10kPIFc0xnTyfCwIJCoVNnS/B
cCuU/WvFo0UwQzAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBATAd
BgNVHQ4EFgQUG68pu74VjkUe6MxLutjnBKC0VvowCgYIKoZIzj0EAwIDSAAwRQIh
AKH17YHSHWrGSbwHMNt7TtnQo/IpKyr2P10jHKIVgEoKAiBNic1oFFzyO/xV74ju
8Al0TaGFj222ThdzyT3JrZyGqw==
-----END CERTIFICATE-----
grpcOptions:
ssl-target-name-override: peer0.org2.example.com
hostnameOverride: peer0.org2.example.com
certificateAuthorities:
ca.org1.example.com:
url: https://localhost:7054
caName: ca-org1
tlsCACerts:
pem: |
-----BEGIN CERTIFICATE-----
MIICJjCCAc2gAwIBAgIUOKOEL9yThPFiI22Rj2ehP2/8BpEwCgYIKoZIzj0EAwIw
cDELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMQ8wDQYDVQQH
EwZEdXJoYW0xGTAXBgNVBAoTEG9yZzEuZXhhbXBsZS5jb20xHDAaBgNVBAMTE2Nh
Lm9yZzEuZXhhbXBsZS5jb20wHhcNMjAwNjMwMDcxNjAwWhcNMzUwNjI3MDcxNjAw
WjBwMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExDzANBgNV
BAcTBkR1cmhhbTEZMBcGA1UEChMQb3JnMS5leGFtcGxlLmNvbTEcMBoGA1UEAxMT
Y2Eub3JnMS5leGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHeO
KBmJfaW5TmEVYDJPFUuibx8O+ju3qhHIXFbCnfjz91WnoIUhQXxtfs2Ajyr2ywWk
N9T15plIKgGBe5YZB6+jRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAG
AQH/AgEBMB0GA1UdDgQWBBQYlGorkJ3HFJu/uGPNy753+gbMmDAKBggqhkjOPQQD
AgNHADBEAiAe2nP1fUp4UtqMqVEyd9yzMPNbMBjVA3pFtsw5AThu6AIgPF30jUUm
Ey2vOMKY6mmfZalsJIcyp6ysxPfDaMnq09I=
-----END CERTIFICATE-----
httpOptions:
verify: false
registrar:
- enrollId: admin
enrollSecret: adminpw
ca.org2.example.com:
url: https://localhost:8054
caName: ca-org2
tlsCACerts:
pem: |
-----BEGIN CERTIFICATE-----
MIICHzCCAcWgAwIBAgIUGyDeO2bl0XWI29+/h+MNiybkdaowCgYIKoZIzj0EAwIw
bDELMAkGA1UEBhMCVUsxEjAQBgNVBAgTCUhhbXBzaGlyZTEQMA4GA1UEBxMHSHVy
c2xleTEZMBcGA1UEChMQb3JnMi5leGFtcGxlLmNvbTEcMBoGA1UEAxMTY2Eub3Jn
Mi5leGFtcGxlLmNvbTAeFw0yMDA2MzAwNzE2MDBaFw0zNTA2MjcwNzE2MDBaMGwx
CzAJBgNVBAYTAlVLMRIwEAYDVQQIEwlIYW1wc2hpcmUxEDAOBgNVBAcTB0h1cnNs
ZXkxGTAXBgNVBAoTEG9yZzIuZXhhbXBsZS5jb20xHDAaBgNVBAMTE2NhLm9yZzIu
ZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQlkzwJM7JneAQo
VVrvGGJSzhIryum1oXjNEx01rlc0IawgRzMZdeD10kPIFc0xnTyfCwIJCoVNnS/B
cCuU/WvFo0UwQzAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBATAd
BgNVHQ4EFgQUG68pu74VjkUe6MxLutjnBKC0VvowCgYIKoZIzj0EAwIDSAAwRQIh
AKH17YHSHWrGSbwHMNt7TtnQo/IpKyr2P10jHKIVgEoKAiBNic1oFFzyO/xV74ju
8Al0TaGFj222ThdzyT3JrZyGqw==
-----END CERTIFICATE-----
httpOptions:
verify: false
registrar:
- enrollId: admin
enrollSecret: adminpw
This is the benchmark-config file used:
---
test:
workers:
type: local
number: 1
rounds:
- label: Query all cars.
txDuration: 30
rateControl:
type: fixed-backlog
opts:
unfinished_per_client: 5
arguments:
assets: 10
startKey: '1'
endKey: '50'
callback: benchmarks/samples/fabric/fabcar/queryAllCars.js
- label: Query a car.
txDuration: 30
rateControl:
type: fixed-backlog
opts:
unfinished_per_client: 5
arguments:
assets: 10
callback: benchmarks/samples/fabric/fabcar/queryCar.js
- label: Create a car.
txDuration: 30
rateControl:
type: fixed-backlog
opts:
unfinished_per_client: 5
callback: benchmarks/samples/fabric/fabcar/createCar.js
monitor:
type:
- docker
docker:
name:
- all
interval: 1
This is the error I was getting:
aliper | 2020-06-26T14:15:31.749Z - error: [FabricCAClientService.js]: Failed to enroll admin, error:%o message=Calling enrollment endpoint failed with error [Error: connect ECONNREFUSED 127.0.0.1:7054], stack=Error: Calling enrollment endpoint failed with error [Error: connect ECONNREFUSED 127.0.0.1:7054]
caliper | at ClientRequest.request.on (/home/node/.npm-global/lib/node_modules/fabric-ca-client/lib/FabricCAClient.js:484:12)
caliper | at ClientRequest.emit (events.js:198:13)
caliper | at TLSSocket.socketErrorListener (_http_client.js:392:9)
caliper | at TLSSocket.emit (events.js:198:13)
caliper | at emitErrorNT (internal/streams/destroy.js:91:8)
caliper | at emitErrorAndCloseNT (internal/streams/destroy.js:59:3)
caliper | at process._tickCallback (internal/process/next_tick.js:63:19)
I was using fabric 2.1.0 and caliper 0.3.2. I specified net-test in docker-compose to make sure caliper container is in the same network as fabric.
Can someone please help?

Hyperledger fabric facing difficult setting up intermediate CA

I am trying to create intermediate CA for my project, I have one root CA and one intermediate CA with Intermediate CA config file as shown below. I am facing issue to create keypairs/MSP and tls cert for intermediate CA & unable to pass the config file to intermediate CA. Steps I followed
Running the Root CA container with bootstrapping admin.
Enrol the admin which generate the MSP for CA admin for org1
fabric-ca-client enroll -u https://admin:adminpw#localhost:7054 --caname ca-org1 --tls.certfiles ${PWD}/organizations/fabric-ca/org1/tls-cert.pem
Register the Intermediate CA to root CA using below command
fabric-ca-client register --caname ca-org1 --id.name ica --id.attrs '"hf.Registrar.Roles=user,peer",hf.Revoker=true,hf.IntermediateCA=true' --id.secret icapw --tls.certfiles ${PWD}/organizations/fabric-ca/org1/tls-cert.pem
Run the Intermediate CA container as shown below with using the below config file.
Enrol the Intermediate CA
fabric-ca-client enroll -u https://icaadmin:icaadminpw#localhost:6054 --caname ica-org1 --tls.certfiles ${PWD}/organizations/fabric-ca/icaOrg1/tls-cert.pem
Root CA
version: "2"
networks:
test:
services:
ca_org1:
image: hyperledger/fabric-ca:$IMAGE_TAG
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca-org1
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_PORT=7054
ports:
- "7054:7054"
command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
volumes:
- ../organizations/fabric-ca/org1:/etc/hyperledger/fabric-ca-server
container_name: ca_org1
networks:
- test
Intermidate CA
version: "2"
networks:
test:
services:
ica-org1:
image: hyperledger/fabric-ca
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ica-org1
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_LOGGING_SPEC=debug
- FABRIC_CA_SERVER_PORT=6054
ports:
- "6054:6054"
command: sh -c 'fabric-ca-server start -b icaadmin:icaadminpw -u -d http://ica:icapw#ca-org1:7054'
volumes:
- ../organizations/fabric-ca/icaOrg1:/etc/hyperledger/fabric-ca-server
container_name: ica-org1
networks:
- test
ICA Fabric Config file
# Version of config file
version: 1.2.0
# Server's listening port (default: 7054)
port: 7054
# Enables debug logging (default: false)
debug: false
# Size limit of an acceptable CRL in bytes (default: 512000)
crlsizelimit: 512000
tls:
# Enable TLS (default: false)
enabled: true
# TLS for the server's listening port
certfile:
keyfile:
clientauth:
type: noclientcert
certfiles:
ca:
# Name of this CA
name: ica.org1.example.com
# Key file (is only used to import a private key into BCCSP)
keyfile:
# Certificate file (default: ca-cert.pem)
certfile:
# Chain file
chainfile:
crl:
# Specifies expiration for the generated CRL. The number of hours
# specified by this property is added to the UTC time, the resulting time
# is used to set the 'Next Update' date of the CRL.
expiry: 24h
registry:
# Maximum number of times a password/secret can be reused for enrollment
# (default: -1, which means there is no limit)
maxenrollments: -1
# Contains identity information which is used when LDAP is disabled
identities:
- name: icaadmin
pass: icaadminpw
type: client
affiliation: ""
attrs:
hf.Registrar.Roles: "client,peer,user,member"
hf.Registrar.DelegateRoles: "client,peer,user,member"
hf.Revoker: true
hf.IntermediateCA: true
hf.GenCRL: true
hf.Registrar.Attributes: "*"
hf.AffiliationMgr: true
db:
type: sqlite3
datasource: fabric-ca-server.db
tls:
enabled: false
certfiles:
client:
certfile:
keyfile:
ldap:
# Enables or disables the LDAP client (default: false)
# If this is set to true, the "registry" section is ignored.
enabled: false
# The URL of the LDAP server
url: ldap://<adminDN>:<adminPassword>#<host>:<port>/<base>
# TLS configuration for the client connection to the LDAP server
tls:
certfiles:
client:
certfile:
keyfile:
# Attribute related configuration for mapping from LDAP entries to Fabric CA attributes
attribute:
names: ["uid", "member"]
converters:
- name:
value:
maps:
groups:
- name:
value:
affiliations:
org1:
- department1
- department2
signing:
default:
usage:
- digital signature
expiry: 8760h
profiles:
ca:
usage:
- cert sign
- crl sign
expiry: 43800h
caconstraint:
isca: true
maxpathlen: 0
tls:
usage:
- signing
- key encipherment
- server auth
- client auth
- key agreement
expiry: 8760h
csr:
cn: ica.org1.example.com
names:
- C: US
ST: "North Carolina"
L: "Durham"
O: org1.example.com
OU:
hosts:
- localhost
- org1.example.com
ca:
expiry: 131400h
pathlength: 1
#############################################################################
# BCCSP (BlockChain Crypto Service Provider) section is used to select which
# crypto library implementation to use
#############################################################################
bccsp:
default: SW
sw:
hash: SHA2
security: 256
filekeystore:
# The directory used for the software file-based keystore
keystore: msp/keystore
cacount:
cafiles:
intermediate:
parentserver:
url: https://ca-org1:7054
caname: ca.org1.example.com
enrollment:
hosts: localhost
profile:
label:
tls:
certfiles:
client:
certfile:
keyfile:

Since you configured your CAs as TLS enabled, root TLS certificate must be used by intermediate CA. Check your intermediate CA file's corresponding section.
The certfiles attribute's value /tmp/root-ca-cert.pem is the same file of root CA's file: /tmp/hyperledger/fabric-ca/crypto/ca-cert.pem
intermediate:
parentserver:
url: https://admin:admin#root.ca.example.com:7054
caname: root.ca.example.com
enrollment:
hosts:
- ca1.example.com
profile: ca
label:
tls:
certfiles:
- /tmp/root-ca-cert.pem
client:
certfile:
keyfile:

unable to generate a token for user in new org using balance transfer use case in hyperledger fabric

I am using hyperleger fabric-sample network. I changed the configuration bit, added a new org into it, I am using balance transfer use case and when I am trying to enrol user I am getting the following error:
Request I sent:
curl -s -X POST http://localhost:4000/users -H "content-type: application/x-www-form-urlencoded" -d 'username=Jim&orgName=Org3'
Error I am getting:
{"success":false,"message":"failed Error: Common connection profile is missing this client's organization and mspid"}```
log of my node app:
[2019-10-19 13:24:57.682] [DEBUG] SampleWebApp - ------>>>>>> new request for /users
[2019-10-19 13:24:57.682] [DEBUG] SampleWebApp - End point : /users
[2019-10-19 13:24:57.682] [DEBUG] SampleWebApp - User name : Jim
[2019-10-19 13:24:57.682] [DEBUG] SampleWebApp - Org name : Org3
[2019-10-19 13:24:57.683] [DEBUG] Helper - getClientForOrg - ****** START Org3 undefined
[2019-10-19 13:24:57.690] [DEBUG] Helper - [NetworkConfig101.js]: constructor, network_config: {"name":"balance-transfer","x-type":"hlfv1","description":"Balance Transfer Network","version":"1.0","channels":{"mychannel":{"orderers":["orderer.example.com"],"peers":{"peer0.org1.example.com":{"endorsingPeer":true,"chaincodeQuery":true,"ledgerQuery":true,"eventSource":true},"peer1.org1.example.com":{"endorsingPeer":false,"chaincodeQuery":true,"ledgerQuery":true,"eventSource":false},"peer2.org1.example.com":{"endorsingPeer":false,"chaincodeQuery":true,"ledgerQuery":true,"eventSource":false},"peer0.org2.example.com":{"endorsingPeer":true,"chaincodeQuery":true,"ledgerQuery":true,"eventSource":true},"peer1.org2.example.com":{"endorsingPeer":false,"chaincodeQuery":true,"ledgerQuery":true,"eventSource":false},"peer2.org2.example.com":{"endorsingPeer":false,"chaincodeQuery":true,"ledgerQuery":true,"eventSource":false},"peer0.org3.example.com":{"endorsingPeer":true,"chaincodeQuery":true,"ledgerQuery":true,"eventSource":true},"peer1.org3.example.com":{"endorsingPeer":false,"chaincodeQuery":true,"ledgerQuery":true,"eventSource":false},"peer2.org3.example.com":{"endorsingPeer":false,"chaincodeQuery":true,"ledgerQuery":true,"eventSource":false},"peer0.org4.example.com":{"endorsingPeer":true,"chaincodeQuery":true,"ledgerQuery":true,"eventSource":true},"peer1.org4.example.com":{"endorsingPeer":false,"chaincodeQuery":true,"ledgerQuery":true,"eventSource":false},"peer2.org4.example.com":{"endorsingPeer":false,"chaincodeQuery":true,"ledgerQuery":true,"eventSource":false},"peer0.org5.example.com":{"endorsingPeer":true,"chaincodeQuery":true,"ledgerQuery":true,"eventSource":true},"peer1.org5.example.com":{"endorsingPeer":false,"chaincodeQuery":true,"ledgerQuery":true,"eventSource":false},"peer2.org5.example.com":{"endorsingPeer":false,"chaincodeQuery":true,"ledgerQuery":true,"eventSource":false},"peer0.org6.example.com":{"endorsingPeer":true,"chaincodeQuery":true,"ledgerQuery":true,"eventSource":true},"peer1.org6.example.com":{"endorsingPeer":false,"chaincodeQuery":true,"ledgerQuery":true,"eventSource":false},"peer2.org6.example.com":{"endorsingPeer":false,"chaincodeQuery":true,"ledgerQuery":true,"eventSource":false}},"chaincodes":["mycc:v0"]}},"organizations":{"Org1":{"mspid":"Org1MSP","peers":["peer0.org1.example.com","peer1.org1.example.com","peer2.org1.example.com"],"certificateAuthorities":["ca-org1"],"adminPrivateKey":{"path":"artifacts/channel/crypto-config/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp/keystore/c4179a68cc1f71e51919f7541be599ec0d2924426b4e64159fbf3fcaec419463_sk"},"signedCert":{"path":"artifacts/channel/crypto-config/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp/signcerts/Admin#org1.example.com-cert.pem"}},"Org2":{"mspid":"Org2MSP","peers":["peer0.org2.example.com","peer1.org2.example.com","peer2.org2.example.com"],"certificateAuthorities":["ca-org2"],"adminPrivateKey":{"path":"artifacts/channel/crypto-config/peerOrganizations/org2.example.com/users/Admin#org2.example.com/msp/keystore/eff846bd66dc8801f1979fa40a4fe238f5b6a5e0eda2ae052d3383606d508485_sk"},"signedCert":{"path":"artifacts/channel/crypto-config/peerOrganizations/org2.example.com/users/Admin#org2.example.com/msp/signcerts/Admin#org2.example.com-cert.pem"}},"Org3":{"mspid":"Org3MSP","peers":["peer0.org3.example.com","peer1.org3.example.com","peer2.org3.example.com"],"certificateAuthorities":["ca-org3"],"adminPrivateKey":{"path":"artifacts/channel/crypto-config/peerOrganizations/org3.example.com/users/Admin#org3.example.com/msp/keystore/9f40b162c33476c40b521d0e12f840429dbefcfcec097b6aa256b398f0910dea_sk"},"signedCert":{"path":"artifacts/channel/crypto-config/peerOrganizations/org3.example.com/users/Admin#org3.example.com/msp/signcerts/Admin#org3.example.com-cert.pem"}},"Org4":{"mspid":"Org4MSP","peers":["peer0.org4.example.com","peer1.org4.example.com","peer2.org4.example.com"],"certificateAuthorities":["ca-org4"],"adminPrivateKey":{"path":"artifacts/channel/crypto-config/peerOrganizations/org4.example.com/users/Admin#org4.example.com/msp/keystore/69b52012f2b133b1564dd22248ca7ca47895a433a6e23828db17ed9abb306e6c_sk"},"signedCert":{"path":"artifacts/channel/crypto-config/peerOrganizations/org4.example.com/users/Admin#org4.example.com/msp/signcerts/Admin#org4.example.com-cert.pem"}},"Org5":{"mspid":"Org5MSP","peers":["peer0.org5.example.com","peer1.org5.example.com","peer2.org5.example.com"],"certificateAuthorities":["ca-org5"],"adminPrivateKey":{"path":"artifacts/channel/crypto-config/peerOrganizations/org5.example.com/users/Admin#org5.example.com/msp/keystore/53237c803abb8d84a06bb6554289f0a8e1512de26c9778d84d26c8415c7ba242_sk"},"signedCert":{"path":"artifacts/channel/crypto-config/peerOrganizations/org5.example.com/users/Admin#org5.example.com/msp/signcerts/Admin#org5.example.com-cert.pem"}},"Org6":{"mspid":"Org6MSP","peers":["peer0.org6.example.com","peer1.org6.example.com","peer2.org6.example.com"],"certificateAuthorities":["ca-org6"],"adminPrivateKey":{"path":"artifacts/channel/crypto-config/peerOrganizations/org6.example.com/users/Admin#org6.example.com/msp/keystore/b46024bc7e730faa0427dff247474aef72f126fa4937a556bdc2d9c89f85e8fa_sk"},"signedCert":{"path":"artifacts/channel/crypto-config/peerOrganizations/org6.example.com/users/Admin#org6.example.com/msp/signcerts/Admin#org6.example.com-cert.pem"}}},"orderers":{"orderer.example.com":{"url":"grpcs://localhost:7050","grpcOptions":{"ssl-target-name-override":"orderer.example.com"},"tlsCACerts":{"path":"artifacts/channel/crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/ca.crt"}}},"peers":{"peer0.org1.example.com":{"url":"grpcs://localhost:7051","grpcOptions":{"ssl-target-name-override":"peer0.org1.example.com"},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt"}},"peer1.org1.example.com":{"url":"grpcs://localhost:7056","grpcOptions":{"ssl-target-name-override":"peer1.org1.example.com"},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/tls/ca.crt"}},"peer2.org1.example.com":{"url":"grpcs://localhost:7062","grpcOptions":{"ssl-target-name-override":"peer2.org1.example.com"},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org1.example.com/peers/peer2.org1.example.com/tls/ca.crt"}},"peer0.org2.example.com":{"url":"grpcs://localhost:8051","grpcOptions":{"ssl-target-name-override":"peer0.org2.example.com"},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt"}},"peer1.org2.example.com":{"url":"grpcs://localhost:8056","eventUrl":"grpcs://localhost:8058","grpcOptions":{"ssl-target-name-override":"peer1.org2.example.com"},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/tls/ca.crt"}},"peer2.org2.example.com":{"url":"grpcs://localhost:8062","grpcOptions":{"ssl-target-name-override":"peer2.org2.example.com"},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org2.example.com/peers/peer2.org2.example.com/tls/ca.crt"}},"peer0.org3.example.com":{"url":"grpcs://localhost:9051","grpcOptions":{"ssl-target-name-override":"peer0.org3.example.com"},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/ca.crt"}},"peer1.org3.example.com":{"url":"grpcs://localhost:9056","grpcOptions":{"ssl-target-name-override":"peer1.org3.example.com"},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org3.example.com/peers/peer1.org3.example.com/tls/ca.crt"}},"peer2.org3.example.com":{"url":"grpcs://localhost:9062","grpcOptions":{"ssl-target-name-override":"peer2.org3.example.com"},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org3.example.com/peers/peer2.org3.example.com/tls/ca.crt"}},"peer0.org4.example.com":{"url":"grpcs://localhost:10051","grpcOptions":{"ssl-target-name-override":"peer0.org4.example.com"},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org4.example.com/peers/peer0.org4.example.com/tls/ca.crt"}},"peer1.org4.example.com":{"url":"grpcs://localhost:10056","grpcOptions":{"ssl-target-name-override":"peer1.org4.example.com"},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org4.example.com/peers/peer1.org4.example.com/tls/ca.crt"}},"peer2.org4.example.com":{"url":"grpcs://localhost:10062","grpcOptions":{"ssl-target-name-override":"peer2.org4.example.com"},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org4.example.com/peers/peer2.org4.example.com/tls/ca.crt"}},"peer0.org5.example.com":{"url":"grpcs://localhost:11051","grpcOptions":{"ssl-target-name-override":"peer0.org5.example.com"},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org5.example.com/peers/peer0.org5.example.com/tls/ca.crt"}},"peer1.org5.example.com":{"url":"grpcs://localhost:11056","grpcOptions":{"ssl-target-name-override":"peer1.org5.example.com"},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org5.example.com/peers/peer1.org5.example.com/tls/ca.crt"}},"peer2.org5.example.com":{"url":"grpcs://localhost:11062","grpcOptions":{"ssl-target-name-override":"peer2.org5.example.com"},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org5.example.com/peers/peer2.org5.example.com/tls/ca.crt"}},"peer0.org6.example.com":{"url":"grpcs://localhost:12051","grpcOptions":{"ssl-target-name-override":"peer0.org6.example.com"},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org6.example.com/peers/peer0.org6.example.com/tls/ca.crt"}},"peer1.org6.example.com":{"url":"grpcs://localhost:12056","grpcOptions":{"ssl-target-name-override":"peer1.org6.example.com"},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org6.example.com/peers/peer1.org6.example.com/tls/ca.crt"}},"peer2.org6.example.com":{"url":"grpcs://localhost:12062","grpcOptions":{"ssl-target-name-override":"peer2.org6.example.com"},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org6.example.com/peers/peer2.org6.example.com/tls/ca.crt"}}},"certificateAuthorities":{"ca-org1":{"url":"https://localhost:7054","httpOptions":{"verify":false},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org1.example.com/ca/ca.org1.example.com-cert.pem"},"registrar":[{"enrollId":"admin","enrollSecret":"adminpw"}],"caName":"ca-org1"},"ca-org2":{"url":"https://localhost:8054","httpOptions":{"verify":false},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org2.example.com/ca/ca.org2.example.com-cert.pem"},"registrar":[{"enrollId":"admin","enrollSecret":"adminpw"}],"caName":"ca-org2"},"ca-org3":{"url":"https://localhost:9054","httpOptions":{"verify":false},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org3.example.com/ca/ca.org3.example.com-cert.pem"},"registrar":[{"enrollId":"admin","enrollSecret":"adminpw"}],"caName":"ca-org3"},"ca-org4":{"url":"https://localhost:10054","httpOptions":{"verify":false},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org4.example.com/ca/ca.org4.example.com-cert.pem"},"registrar":[{"enrollId":"admin","enrollSecret":"adminpw"}],"caName":"ca-org4"},"ca-org5":{"url":"https://localhost:11054","httpOptions":{"verify":false},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org5.example.com/ca/ca.org5.example.com-cert.pem"},"registrar":[{"enrollId":"admin","enrollSecret":"adminpw"}],"caName":"ca-org5"},"ca-org6":{"url":"https://localhost:12054","httpOptions":{"verify":false},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org6.example.com/ca/ca.org6.example.com-cert.pem"},"registrar":[{"enrollId":"admin","enrollSecret":"adminpw"}],"caName":"ca-org6"}}}
[2019-10-19 13:24:57.709] [DEBUG] Helper - [NetworkConfig101.js]: constructor, network_config: {"name":"balance-transfer-org3","x-type":"hlfv1","description":"Balance Transfer Network - client definition for org3","version":"1.0","client":{"organization":"org3","credentialStore":{"path":"./fabric-client-kv-org3","cryptoStore":{"path":"/tmp/fabric-client-kv-org3"},"wallet":"wallet-name"}}}
[2019-10-19 13:24:57.709] [DEBUG] Helper - [NetworkConfig101.js]: mergeSettings - additions start
[2019-10-19 13:24:57.709] [DEBUG] Helper - [NetworkConfig101.js]: getOrganization - name org3
[2019-10-19 13:24:57.709] [DEBUG] Helper - [NetworkConfig101.js]: getOrganization - name org3
[2019-10-19 13:24:57.710] [DEBUG] Helper - [FileKeyValueStore.js]: constructor { options:
{ path: '/home/srihari/hyperledger/fabric-samples/balance-transfer/fabric-client-kv-org3',
wallet: 'wallet-name',
cryptoStore: { path: '/tmp/fabric-client-kv-org3' } } }
[2019-10-19 13:24:57.713] [DEBUG] Helper - [crypto_ecdsa_aes]: Hash algorithm: SHA2, hash output size: 256
[2019-10-19 13:24:57.713] [DEBUG] Helper - [utils.CryptoKeyStore]: CryptoKeyStore, constructor - start
[2019-10-19 13:24:57.714] [DEBUG] Helper - [utils.CryptoKeyStore]: constructor, no super class specified, using config: fabric-client/lib/impl/FileKeyValueStore.js
[2019-10-19 13:24:57.714] [DEBUG] Helper - getClientForOrg - ****** END Org3 undefined
[2019-10-19 13:24:57.714] [DEBUG] Helper - Successfully initialized the credential stores
[2019-10-19 13:24:57.714] [DEBUG] Helper - [FileKeyValueStore.js]: getValue { key: 'Jim' }
[2019-10-19 13:24:57.715] [INFO] Helper - User Jim was not enrolled, so we will need an admin user object to register
[2019-10-19 13:24:57.715] [DEBUG] Helper - [FileKeyValueStore.js]: getValue { key: 'admin' }
[2019-10-19 13:24:57.716] [DEBUG] Helper - [NetworkConfig101.js]: getOrganization - name org3
[2019-10-19 13:24:57.717] [ERROR] Helper - Failed to get registered user: Jim with error: Error: Common connection profile is missing this client's organization and mspid
[2019-10-19 13:24:57.717] [DEBUG] SampleWebApp - -- returned from registering the username Jim for organization Org3
[2019-10-19 13:24:57.717] [DEBUG] SampleWebApp - Failed to register the username Jim for organization Org3 with::failed Error: Common connection profile is missing this client's organization and mspid
I appreciate any help.

I have looked into your repo,
I have found many mistakes
1) you have defined total 6 organizations in the network-config file, but you have created only 3 files in artifacts folder
2) when you create multiple organization connection-profile-path you have to update the same in the mentioned here file it should append orgname dynamically in order to switch b/w orgs

In artifacts/network-config.yaml file, under organizations:, you could try to use org3 instead of Org3.
I still can't figure out why o is in lower case for org3 but O are in upper case for Org1 and Org2.
It just so happens that it works for me!