I prepared multi-organization with Fabric CA environment by following tutorial. This tutorial itself was worked with no problem.
Deploying a Hyperledger Composer blockchain business network to Hyperledger Fabric (multiple
organizations)
https://hyperledger.github.io/composer/unstable/tutorials/deploy-to-fabric-multi-org.html
In this environment, I'm trying Fabric CA client commands on both ca_peerOrg1 and host environment. I copied tls crt, public key and private key from crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/ and tried following command, but I got error "x509: certificate is valid for ca.org1.example.com, not localhost".
linux1#fabric:~$ fabric-ca-client enroll --caname ca-org1 --tls.certfiles ca.crt --tls.client.certfile Admin#org1.example.com-cert.pem --tls.client.keyfile 0dbfd9d156b90331e6bc4a0529e07cb123f7de586935019499623062f182a8fa_sk -u https://admin:adminpw#localhost:7054
2017/12/19 16:34:35 [INFO] User provided config file: /home/linux1/fabric-ca/clients/admin/fabric-ca-client-config.yaml
2017/12/19 16:34:35 [INFO] generating key: &{A:ecdsa S:256}
2017/12/19 16:34:35 [INFO] encoded CSR
2017/12/19 16:34:35 [INFO] TLS Enabled
Error: POST failure [Post https://localhost:7054/enroll: x509: certificate is valid for ca.org1.example.com, not localhost]; not sending
POST https://localhost:7054/enroll
Authorization: Basic YWRtaW46YWRtaW5wdw==
{"hosts":["fabric"],"certificate_request":"-----BEGIN CERTIFICATE REQUEST-----\nMIIBOzCB4wIBADBdMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xp\nbmExFDASBgNVBAoTC0h5cGVybGVkZ2VyMQ8wDQYDVQQLEwZGYWJyaWMxDjAMBgNV\nBAMTBWFkbWluMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEI8Y4aR/YxeyMXIQ3\nHGydrTLaoI+6tZ57ho1uv6gNonbFfftE7lrdsIbL8d8QLimztDjtqkg6rk612nso\nD66M9aAkMCIGCSqGSIb3DQEJDjEVMBMwEQYDVR0RBAowCIIGZmFicmljMAoGCCqG\nSM49BAMCA0cAMEQCIH9u2w9xO43Ba5rJ1SCKgtEFfokj1DKhg2cHjnbu8ucEAiBn\nwZKjjSbQage+ElofYbgagWpuCFz0t57Zwycz22M00w==\n-----END CERTIFICATE REQUEST-----\n","profile":"","crl_override":"","label":"","CAName":"ca-org1"}
linux1#fabric:~$
How can I avoid this error ? When I'm looking at the tutorial, I realized that composer connection profile has configuration like "hostnameOverride": "ca.org1.example.com". I guess I need to do same kind for fabric-ca-client.
Related
I am running the fabric ca server using the docker container and using the fabric node for enrolling and register the users. when, I enroll the admin through fabric node its works fine, its create the wallet folder. When i am trying to register the user its throw the error saying
Failed to register user : Error: Calling register endpoint failed with
error [Error: self signed certificate]
Please any suggestion would be appreciated.
The register command should look like:
fabric-ca-client register -d --id.name $ORG_ADMIN --id.secret $ORG_ADMIN_PASSWORD --id.type client --id.affiliation $ORG_AFFILIATION
The fabric-ca-client-config.yaml inside your FABRIC_CA_CLIENT_HOME should look like:
url: https://ca.org0.domain.tld:7054
mspdir: msp
tls:
certfiles: ca-tls.pem
csr:
names:
- C: US
ST: New York
L: New York
O: Org0
OU: Department0
caname: org0-ca
bccsp:
default: SW
sw:
hash: SHA2
security: 256
filekeystore:
keystore: msp/keystore
Please check url and tls.certfiles (if your CA is using TLS).
The msp directory must contain the CA administrator's credentials after enrolling it in the previous step.
I am running Hyperledger Fabric with 4 peers of 1 organization, 1 orderer and 1 CA. All 4 peers are on different VMs, orderer and CA are running on different VMs. Chaincode is up and running on all the VMs. I want to setup client on a different VM, which can send transaction requests to the network. Using this code, I have changed the address of VM to my peer0.
I run the following 2 files first:
node enrollAdmin.js
node registerUser.js
I am getting the following error on running the last command:
Store path:/root/gopath/src/github.com/hyperledger/fabric-samples/fabcar/hfc-key-store
Successfully loaded admin from persistence
Failed to register: Error: fabric-ca request register failed with errors [[{"code":20,"message":"Authentication failure"}]]
I checked the logs of CA container on the . Container log is as follows:
2019/04/16 17:34:55 [DEBUG] Received request for /api/v1/register
2019/04/16 17:34:55 [DEBUG] Caller is using a x509 certificate
2019/04/16 17:34:55 [DEBUG] Failed to verify token based on new authentication header requirements: %!s(<nil>)
2019/04/16 17:34:55 [INFO] 192.168.1.22:44826 POST /api/v1/register 401 26 "Untrusted certificate: Failed to verify certificate: x509:
certificate signed by unknown authority (possibly because of
"x509: ECDSA verification failure" while trying to verify candidate authority certificate "ca.org1.example.com")"
I have copied the same generated crypto material on all the VMs, including the client. How to resolve this error?
UPDATE: When I place the client code on one of the VMs running peer containers, it works fine. Transactions are executed successfully.
we have a very simple setup where we have spin up an instance of fabric-ca-server by running
/bin/bash -c "fabric-ca-server start -b admin:adminpw"
in a docker container as explained e.g., here. but when we try to enroll a user by running
root#a7094a09a3b7:/etc/hyperledger/fabric-ca-client# fabric-ca-client enroll -u http://user:userpw#localhost:7054
we get below error:
2018/12/07 21:06:17 [INFO] generating key: &{A:ecdsa S:256}
2018/12/07 21:06:17 [INFO] encoded CSR
Error: POST failure of request: POST http://localhost:7054/enroll
{"hosts":["a7094a09a3b7"],"certificate_request":"-----BEGIN CERTIFICATE REQUEST-----\nMIIBQzCB6wIBADBfMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xp\nbmExFDASBgNVBAoTC0h5cGVybGVkZ2VyMQ8wDQYDVQQLEwZGYWJyaWMxEDAOBgNV\nBAMTB3NqYWluNjgwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASiWBUZ5vG5i9X9\nAV8fdfuxFAFsWHeg4JRpNFs/m7knB3QaDWDbbk/G53gEbgyv2scg61cYMNdLDaYK\nGi9ywX0noCowKAYJKoZIhvcNAQkOMRswGTAXBgNVHREEEDAOggxhNzA5NGEwOWEz\nYjcwCgYIKoZIzj0EAwIDRwAwRAIgTY0gn18UIsKfOLgS33F41ORAlKNz2tZS6ip5\nXS03XNICIAE3C9nhv2d4ZrCcO+7rycWLoR6wEU6cnAqZsSf1Txz4\n-----END CERTIFICATE REQUEST-----\n","profile":"","crl_override":"","label":"","NotBefore":"0001-01-01T00:00:00Z","NotAfter":"0001-01-01T00:00:00Z","CAName":""}: Post http://localhost:7054/enroll: net/http: HTTP/1.x transport connection broken: malformed HTTP response "\x15\x03\x01\x00\x02\x02\x16"
and the fabric-ca-server output shows:
http: TLS handshake error from 127.0.0.1:53356: tls: oversized record received with length 21536
wondering what are we doing wrong here and how can we fix this?
Looks like you started the fabric-ca-server with TLS enabled and you are not using TLS with the fabric-ca-client. You need to specify https in your URL:
fabric-ca-client enroll -u https://user:userpw#localhost:7054
Alternatively, disable TLS in the Fabric CA config.
I am trying to enroll admin after initialising fabric CA server with:
fabric-ca-server init -b “admin:adminpw”
And starting CA server with:
fabric-ca-server start -b “admin:adminpw”
At client-side, enroll command:
fabric-ca-client enroll -u http://admin:adminpw#localhost:7054
Client-side error message:
[INFO] generating key: &{A:ecdsa S:256}
[INFO] encoded CSR
Error: Response from server: Error Code: 20 - Authorization failure
Server-side:
fabric-ca-server start -b “admin:adminpw”
2018/08/27 14:48:57 [INFO] Configuration file location:
/home/nadeem/Documents/Fabric-CA/server/fabric-ca-server-config.yaml
2018/08/27 14:48:57 [INFO] Starting server in home directory:
/home/nadeem/Documents/Fabric-CA/server
2018/08/27 14:48:57 [INFO] Server Version: 1.2.1-snapshot-3bcdbb2
2018/08/27 14:48:57 [INFO] Server Levels: &{Identity:1 Affiliation:1
Certificate:1 Credential:1 RAInfo:1 Nonce:1}
2018/08/27 14:48:57 [INFO] The CA key and certificate already exist
2018/08/27 14:48:57 [INFO] The key is stored by BCCSP provider 'SW'
2018/08/27 14:48:57 [INFO] The certificate is at:
/home/nadeem/Documents/Fabric-CA/server/ca-cert.pem
2018/08/27 14:48:57 [INFO] Initialized sqlite3 database at
/home/nadeem/Documents/Fabric-CA/server/fabric-ca-server.db
2018/08/27 14:48:57 [INFO] Home directory for default CA:
/home/nadeem/Documents/Fabric-CA/server
2018/08/27 14:48:57 [INFO] Listening on http://0.0.0.0:7054
***2018/08/27 14:49:34 [INFO] 127.0.0.1:46350 POST /enroll 401 23 "Failed
to get user: : scode: 404, code: 63, msg: Failed to get User: sql: no
rows in result set"***
fabric-ca-client/server:
Version: 1.2.1-snapshot-3bcdbb2 Go version: go1.11 OS/Arch:
linux/amd64
Found similar post here:
https://jira.hyperledger.org/browse/FABC-302
It is marked resolved with v1.2 but there are no clear instructions on how to resolve it now.
Thanks :)
I've been trying to make Fabric-CA work for a while,
The best advice I can give you is to take off the "" around the admin credentials before you start. I do not put them and it works for me.
So commands would be :
fabric-ca-server init -b admin:adminpw
fabric-ca-server start -b admin:adminpw
this error message appear. Account and password are not same when ca start and when you use ca enroll use.
Error Code: 20 - Authorization failure
Error code 20 arises due to the following condition.
Suppose you have registered the identity like this :-
fabric-ca-client register --id.name org1 --id.type client --id.affiliation org1 --id.attrs '"hf.Registrar.Roles=user,client,peer","hf.AffiliationMgr=true","hf.Revoker=true"'
which is giving you the output
2020/02/05 11:19:25 [INFO] Configuration file location: /home/username/myPros/caclient/admin/fabric-ca-client-config.yaml
Password: ZXCbhJajCObX
and you are trying to enroll the user/identity like this :-
fabric-ca-client enroll -u http://org1-admin:ZXCbhJajCObX#localhost:7054
or
fabric-ca-client enroll -u http://org1-admin:adminpw#localhost:7054
so long story short either your enrollment Id or your password is mismatched. Make sure that your username and password are not mismatched.
Possibly during init. Look in your fabric-ca-server-config.yaml file for these quotation marks and remove them. Do not use them during init enroll.
I am new to Hyperledger Fabric and i am trying to register the fabric client with the server locally. here is what i have done so far.
go get -u github.com/hyperledger/fabric-ca/cmd/...
fabric-ca-server start -b admin:adminpw
after that i got the logs
2017/12/11 13:26:09 [INFO] Home directory for default CA:
/home/akash/fabric-demo 2017/12/11 13:26:09 [INFO] Listening on
http://0.0.0.0:7054
then i tried to register the fabric client with server by using the following commands
export FABRIC_CA_CLIENT_HOME=$HOME/fabric-ca/clients/admin
fabric-ca-client enroll -u http://admin:adminpw#localhost:7054
and I got the following logs
2017/12/11 13:28:48 [INFO] Stored client certificate at
/home/akash/fabric-ca/clients/admin/msp/signcerts/cert.pem 2017/12/11
13:28:48 [INFO] Stored CA root certificate at
/home/akash/fabric-ca/clients/admin/msp/cacerts/localhost-7054.pem
but when i tried to register the client then i got the following error
fabric-ca-client register --id.name admin --id.affiliation org1.department1 --id.attrs 'hf.Revoker=true,admin=true:ecert'
2017/12/11 13:37:05 [INFO] Configuration file location:
/home/akash/fabric-ca/clients/admin/fabric-ca-client-config.yaml
Error: Error response from server was: Authorization failure
on the fabric-server side i got the following logs
2017/12/11 13:37:05 [ERROR] No certificates found for provided serial and aki
Can anyone tell what i am doing wrong here.
The sequence to obtain new user certificates is to 1) register and then 2) enroll.
For the bootstrap admin (enrollment id:admin) this is already registered when the CA server is started (thus providing the secret when starting the instance). As such, you are able to run the enroll command for admin.
Not too sure what you are trying to do here, but if you are:
1) trying to register a new user. You have to use a new unique enrollment id (not admin)
2) updating the affiliation of the admin enrollment id, refer to the fabric-ca-client command to update an identity (https://hyperledger-fabric-ca.readthedocs.io/en/latest/users-guide.html)