I am trying to access the remote peer from SDK using Hyperledger Fabric using following code
var peer = new Peer('Remote path', PemFile name)
it is giving me error that
Error: PEM encoded certificate is required.
I have tried reading file, using string every thing. Please advise me what I am doing wrong here
This is sorted.
It should be like this
var peer = newPeer('Remote Path', {
pem: 'PEM file name' })
Related
I just installed aws cli on my pc, and I want to run a terraform script to build an instance.
Here is the error message:
Error refreshing state: AccessDenied: Access Denied
status code: 403, request id:
I think it's a problem with the SSL certificate because when I do an aws s3 ls s3://MyBucketName --no-verify-ssl
How can I import the certificate?
I didn't see any documentation about how we can configure aws cli on windows.
Thanks,
John.
I doubt whether it's a ssl cert. problem. Try running
aws s3 ls
If it gives the following error -
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)
Then it's a ssl cert problem. Otherwise try these steps -
Delete the .terraform directory
Place the access_key and secret_key under the backend block. like below given code
Run terraform init
backend "s3" {
bucket = "great-name-terraform-state-2"
key = "global/s3/terraform.tfstate"
region = "eu-central-1"
access_key = "<access-key>"
secret_key = "<secret-key>"
}
}
Should work.
In case it's an SLS cert problem,
If you want to use SSL and not have to specify the --no-verify-ssl option, then you need to set the AWS_CA_BUNDLE environment variable. e.g from PowerShell:
setx AWS_CA_BUNDLE "C:\Users\UserX\Documents\RootCert.pem"
The PEM file is a saved copy of the root certificate for the AWS endpoint you are trying to connect to. To generate it, first export the certificate in DER format (For details on how to do this, see here. Then run the following command to convert to the PEM format:
openssl x509 -inform der -in "C:\Users\UserX\Documents\RootCert.der" -out RootCert.pem
If you are using Powershell and not bash, then you will need to first install openssl.
For a full list of environment variables supported by the AWS CLI, see here
I am trying to sign transaction proposals with offline key. I have generated signed certificate by Org CA and now I am trying to create User with fabric-common nodejs SDK version 2.2.5.
const user = User.createUser("test4", "ZmznsNgPIzyB", "Org1",
`'-----BEGIN CERTIFICATE-----
MIICGDCCAb+gAwIBAgIQEy8q527U5HoQwz0H3l9tGzAKBggqhkjOPQQDAjBzMQsw
CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
YW5jaXNjbzEZMBcGA1UEChMQb3JnMS5leGFtcGxlLmNvbTEcMBoGA1UEAxMTY2Eu
b3JnMS5leGFtcGxlLmNvbTAeFw0yMTAzMTYwODM2MDBaFw0zMTAzMTQwODM2MDBa
MFsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T
YW4gRnJhbmNpc2NvMR8wHQYDVQQDDBZBZG1pbkBvcmcxLmV4YW1wbGUuY29tMFkw
EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELUpEXmri2P4OYMGbavN8TTHGUVLKF/64
miIg+YnGimOYYJ/plDQKv67oM3Pj+E8ZyGXd4W5w+5sQ6b89oW0g5aNNMEswDgYD
VR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwKwYDVR0jBCQwIoAgNQ4fnedP5BEM
rbdrH5terpge4kkQ48+cAo1lvmSivPMwCgYIKoZIzj0EAwIDRwAwRAIgejQW29Yz
N7wzJoaW+JslTWxl0iGbfNSBdesqlNgHEC0CICHA22NYoIs2HfKg32aUE9X979Wa
vBalq/MwTug1c9O+
-----END CERTIFICATE-----'`)
However I am getting error TypeError: cryptoSuite.createKeyFromRaw is not a function and when I inspect the cryptoSuite object this function in fact does not exists.
I am following this tutorial: https://hyperledger.github.io/fabric-sdk-node/release-2.2/tutorial-sign-transaction-offline.html
Is this correct way of user creation?
So the problem was that I was using node v12.6.0 which is required by fabric-common module. When I downgraded node version to v11.6.0 and installed dependencies with flag --ignore-engines everything worked as expected.
To add a new peer in Hyperledger Fabric I am using following command
peer = client.newPeer('grpcs://localhost:7051')
getting following error
PEM encoded certificate is required
Please help!
You can find PEM certificate in first-network folder and in connection-org1/org2.json.
Just start your network and after starting it copy the PEM certi.
I built a Fabric network with multiple orgs and tls enabled. Crypto material was built with cryptogen. I do not intend to use fabric-ca in my example.
I installed and instantiated fabcar through CLI. Invoke and Query with CLI commands work as charm.
Now, for the purpose of using nodejs scripts query.js and invoke.js I concatenated a private and public key in order to create PeerAdmin credential for Fabcar. I also altered a configuration in .js files to aim at peers and orderers with grpcs.
Whenever I execute any .js script, I am constantly getting the following error:
Create a client and set the wallet location
Set wallet path, and associate user PeerAdmin with application
Check user is enrolled, and set a query URL in the network
Caught Error Error: PEM encoded certificate is required.
at new Endpoint (/home/hl/fabcar/node_modules/fabric-client/lib/Remote.js:146:11)
at new Remote (/home/hl/fabcar/node_modules/fabric-client/lib/Remote.js:95:20)
at new Peer (/home/hl/fabcar/node_modules/fabric-client/lib/Peer.js:53:3)
at Client.newPeer (/home/hl/fabcar/node_modules/fabric-client/lib/Client.js:173:14)
at Promise.resolve.then.then.then (/home/hl/fabcar/query.js:39:28)
at <anonymous>
When I try to query the chaincode without grpcs I receive the following error:
Create a client and set the wallet location
Set wallet path, and associate user PeerAdmin with application
Check user is enrolled, and set a query URL in the network
Make query
Assigning transaction_id: 9cbf355cda03db2b1971fe10af27d66686ea9b913eda80f667cac48bada015bf
error: [client-utils.js]: sendPeersProposal - Promise is rejected: Error: Endpoint read failed
at /home/hl/fabcar/node_modules/grpc/src/client.js:554:15
returned from query
Query result count = 1
error from query = { Error: Endpoint read failed
at /home/hl/fabcar/node_modules/grpc/src/client.js:554:15 code: 14, metadata: Metadata { _internal_repr: {} } }
Response is Error: Endpoint read failed
PeerAdmin content:
{"name":"PeerAdmin","mspid":"PeerOrgMSP","roles":null,"affiliation":"","enrollmentSecret":"","enrollment":{"signingIdentity":"[...]","identity":{"certificate":"-----BEGIN CERTIFICATE-----\n[...]-----END CERTIFICATE-----\n"}}}
Any help in pointing me to a right procedure or troubleshooting with the above would be greatly appreciated.
I understand that you are going to do a fabcar without a Fabric CA.
If so, you can't use the Node.js application because it is using user context and you didn't enroll user context.
But you want to use fabcar without CA, you can invoke or query transaction as cli.
connect to cli container, if you use fabcar, cli-container-name is 'cli' so
docker exec -it cli bash
In cli container, you can invoke or query transaction. as the example below
peer chaincode query -C mychannel -n fabcar -c '{"Args":["queryAllCars",""]}'
peer chaincode query -C mychannel -n fabcar -c '{"Args":["queryCar","CAR4"]}'
invoking transaction is same
When you enable gRPCs you must pass the pem as a parameter in the instantiation of the various Hyperledger element objects (e.g. peer, orderer). In the case of the fabcar example (invoke.js):
// This is a new line
var options = {
tls_cert: {
pem: fs.readFileSync(path.join(__dirname, './network/tls') + '/peer.cert').toString(),
}
};
...
// Replace the original instantiation by adding the pem option
var peer = fabric_client.newPeer('grpcs://fft-zbc03a.4.secure.blockchain.ibm.com:26268', {
pem: options.tls_cert.pem
});
channel.addPeer(peer);
// Replace the original instantiation by adding the pem option
var order = fabric_client.newOrderer('grpcs://fft-zbc03b.4.secure.blockchain.ibm.com:20161', {
pem: options.tls_cert.pem
})
...
// Replace the original instantiation by adding the pem option
event_hub.setPeerAddr('grpcs://fft-zbc03a.4.secure.blockchain.ibm.com:23972', {
pem: options.tls_cert.pem
});
The code above assumes that you downloaded the right certificates to network/tls/. These certificates can be downloaded by sending requests to the CA. For a full example refer to the Bluemix documentation here.
I've been given an SSL cert to use for signing client requests, as well as the relevant CA certs. I can verify it using openssl:
$ openssl s_client -CAfile /etc/ssl/foo/ca-combined.pem -servername foo.co.in -connect foo.co.in:443
CONNECTED(00000003)
... snip ...
Verify return code: 0 (ok)
---
closed
(I mashed the 2 CA certs into one file). But when I try to replicate it using node:
var tls = require('tls');
var fs = require('fs');
var options = {
host: 'foo.co.in',
servername: 'foo.co.in',
port: 443,
key: fs.readFileSync('/etc/ssl/private/foo.key'),
cert: fs.readFileSync('/etc/ssl/foo/cert.pem'),
ca: [fs.readFileSync('/etc/ssl/foo/combined-ca.pem')]
};
tls.connect(options, function(err) {
done(err);
});
I get an error:
Uncaught Error: unable to get local issuer certificate
at Error (native)
at TLSSocket.<anonymous> (_tls_wrap.js:1092:38)
at TLSSocket._finishInit (_tls_wrap.js:610:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:440:38)
I found an answer on here, suggesting that I need to put each CA cert in a separate file:
ca: [fs.readFileSync('/etc/ssl/foo/ca.pem'), fs.readFileSync('/etc/ssl/foo/root-ca.pem')]
but that still gave the same error. (I also tried reversing the order). I then tried putting the intermediate cert in with the client one, and just providing the root CA cert as ca (which seems to be what the docs suggest), same error. At this point I'm running out of ideas. The fact that openssl is happy suggests that I'm doing something wrong, any suggestions?
$ node --version
v6.10.1
(I realise I can set rejectUnauthorized to false, but I'd really rather not)
Turns out that I didn't need to supply the CA cert, as their CA was properly signed by a "known" authority. So I could just remove the ca field from my request.
I created a root-ca and a intermediate-ca (signed by root-ca) certificates, then I created a server and a client certificates signed by intermediate-ca. To test it I've been implementing a server and client https with nodejs so a set it up with the certs and a get the following error on my client:
problem with request: unable to get local issuer certificate
To solve it I need to put in my nodejs codes, at ca field, my root-ca and intermediate-ca certs. Like that:
key: fs.readFileSync('path/client.privkey.pem'),
cert: fs.readFileSync('path/client.cert.pem'),
ca: [ fs.readFileSync('path/intermed-ca.cert.pem'), fs.readFileSync('path/root-ca.cert.pem') ],
it works for me.
To solve this generally for you system you have 2 different options:
The first is to export the variable NODE_EXTRA_CA_CERTS=$PATH_TO_YOUR_CUSTOM_CA_FILE.pem pointing to your custom CA_FILE
The second is to run node with the option --use-openssl-ca like:
node --use-openssl-ca main.js
This assumes that you already configured your ssl certificates with something like:
wget -qP /usr/local/share/ca-certificates http://your_local_cert/local_ca.pem\
&& update-ca-certificates
See https://github.com/microsoft/vscode-remote-release/issues/5620
I've encountered the same issue when I had to use my custom SSL certificate and pass it in the ca field of the https.Agent.
The docs clearly state that if you're overriding this field, you lose all certificates that were there by default:
Mozilla's CAs are completely replaced when CAs are explicitly specified using this option.
So in my case, to resolve the issue I had to add default root certificates in the ca array like so:
import https from "https";
import tls from "tls";
import { getMyCustomCert } from "#some-namespace/internal-cert";
new https.Agent({
ca: [...tls.rootCertificates, getInternalCert()],
});