I’m trying to deploy a developed network with the composer on first network sample. I have set the connection profile but it’s not enough because I have to set composer-credentials. I have tried to use the credential of developing environment (I have added the role of channel admin and peerAdmin) but it is firing the following error when I try to deploy the network:
Error: Error trying login and get user Context. Error: Private key missing from the key store. Can not establish the signing identity for user PeerAdmin
I have search information and there are two users on peers node one Admin#org1.example.com and User1#org1.example.com where there are 3 files: ca.crt, server.crt and server.key.
I have read that steps for creating a new ID card but it is using playground environment with the website but I need to do manually for the composer. So, what steps should I follow to create/update a connection profile for first network sample?
Thank you
My file
{
"name":"PeerAdmin",
"mspid":"Org1MSP",
"roles":["PeerAdmin", "ChannelAdmin"],
"affiliation":"",
"enrollmentSecret":"",
"enrollment":{
"signingIdentity":"114aab0e76bf0c78308f89efc4b8c9423e31568da0c340ca187a9b17aa9a4457",
"identity":{
"certificate":"-----BEGIN CERTIFICATE-----\n
MIICGjCCAcCgAwIBAgIRANuOnVN+yd/BGyoX7ioEklQwCgYIKoZIzj0EAwIwczEL\n
MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG\n
cmFuY2lzY28xGTAXBgNVBAoTEG9yZzEuZXhhbXBsZS5jb20xHDAaBgNVBAMTE2Nh\n
Lm9yZzEuZXhhbXBsZS5jb20wHhcNMTcwNjI2MTI0OTI2WhcNMjcwNjI0MTI0OTI2\n
WjBbMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMN\n
U2FuIEZyYW5jaXNjbzEfMB0GA1UEAwwWQWRtaW5Ab3JnMS5leGFtcGxlLmNvbTBZ\n
MBMGByqGSM49AgEGCCqGSM49AwEHA0IABGu8KxBQ1GkxSTMVoLv7NXiYKWj5t6Dh\n
WRTJBHnLkWV7lRUfYaKAKFadSii5M7Z7ZpwD8NS7IsMdPR6Z4EyGgwKjTTBLMA4G\n
A1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAAMCsGA1UdIwQkMCKAIBmrZau7BIB9\n
rRLkwKmqpmSecIaOOr0CF6Mi2J5H4aauMAoGCCqGSM49BAMCA0gAMEUCIQC4sKQ6\n
CEgqbTYe48az95W9/hnZ+7DI5eSnWUwV9vCd/gIgS5K6omNJydoFoEpaEIwM97uS\n
XVMHPa0iyC497vdNURA=\n
-----END CERTIFICATE-----\n"
}
}
}
To create a profile, it is done with composer cli tool. You have to execute the following command:
composer identity import -p hlfv1 -u Admin -c ../Downloads/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp/signcerts/Admin#org1.example.com-cert.pem -k ../Downloads/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp/keystore/072d0b5a2dfc61beb8120736a9aa836f5046148dcba178ba52d57a4e26def8b6_sk
I see you're using the sample Developer environment. Why not just go into the fabric-tools directory (you downloaded) and run ./createComposerProfile.sh . It will import the required crypto material into the composer credentials directory for the dev setup, and that represents a channel admin and admin for the peer of the development fabric server.
Here's a workaround:
create a BlockChain Starter Plan from IBM Cloud
define the peers & channels as you wish from the UI
click download the connection profile
the file downloaded contains all the information about the Fabric, including the public/private keys and enrollmentSecret.
Related
I had Configure the Domino Credential Store.
I had modified the Domino Proton Server settings that enable client authentication.
I created the Vault ID.
I created the IAM-store.nsf from template with error message.
Error executing agent 'DeleteExpiredDocs' in 'iam-store.nsf'. Agent signer 'Domino Template Development/Domino': You are not authorized to perform that operation
I gave the IAM's functional ID access to the database.
I installed the IAM services for domino with the following message.
result screen of install domino-iam-service-2.2.0.tgz
Since I would like to config the iam-services for my testing server.
I select to setup the pilot mode.
According to the tutorial, https://doc.cwpcollaboration.com/appdevpack/docs/en/iam_landing_page.html
I could access the demo database, with anonymous setting of proton server.
C:\src\domino-db\package>npm run ptest -- read serv.org.com:3003/App\node-demo.nsf -q "Form = 'Contact' and LastName = 'Moody'"
read the content of demo database
Config the pilot mode successfully.
What is doing wrong?
Error, when try to startup pilot mode of IAM Service
I have put all the certificates to the folder config/certs,
in which the certificates are created by create_certs.cmd from the tutorial.
And I have convert the ca.crt into ca.pem.
Besides, I also put the keys created by ProtonCA into the config/certs.
Keys created by ProtonMicroCA
According to the tutorial, I modified the make_certs.cmd as the following:
make_certs.cmd
the certificates are posted to the config/certs directory
I'm not sure about your complete setup, a support ticket would help us diagnose this better. There should be a ca folder in the config/certs directory that contains any root certs you're using (like the ca.pem you have)
I am using cryptogen to generate all of the crypto material for the Fabric network I am building. I can successfully bring the network up and deploy chaincode. However, I am running into problems when trying to register a new user. I am following along with the asset-transfer-private-data tutorial, and after deploying the chaincode, I run
fabric-ca-client register --caname ca.org1 --id.name org1-client --id.secret org1-password --id.type client --mspdir ./config/crypto-config/peerOrganizations/org1/msp
and get the error
2020/10/03 12:20:11 [INFO] Configuration file location: /home/user/network3.2/config/crypto-config/peerOrganizations/org1/fabric-ca-client-config.yaml
2020/10/03 12:20:11 [ERROR] Enrollment check failed: Idemix enrollment information does not exist
Error: Enrollment information does not exist. Please execute enroll command first. Example: fabric-ca-client enroll -u http://user:userpw#serverAddr:serverPort
There is no fabric-ca-client-config.yaml file. The mspdir I specify has the directories signcerts, keystore, and cacerts which according to Hyperledger Fabric: Enrollment check failed: Idemix enrollment information does not exist are needed. However, both the signcerts and keystore directories are empty whereas they should include a public cert and a private key respectively.
How can I generate these files? Thanks.
For Idemix, you can use idemixgen tool.
But both cryptogen tool and idemixgen tool are used for testing purpose. For production level use, you have to use Hyperledger Fabric CA.
cryptogen is an utility for generating Hyperledger Fabric key material. It is provided as a means of preconfiguring a network for testing purposes. It would normally not be used in the operation of a production network.
Link: https://hyperledger-fabric.readthedocs.io/en/release-2.2/commands/cryptogen.html?highlight=cryptogen#cryptogen
cryptogen is a utility to quickly allow you to generate crypto material to get things started. It does not have any direct ties to Fabric CA (intentionally).
The only thing you can do is to leverage the CA key pair generated for each organization (under the ca folder) as the root key pair used when starting up an instance of Fabric CA.
Generating the public key but not able to generate the private key of admin user while registering a new user through REST services in blockchain network and also getting below mentioned error.
Error:Failed Error: Private key missing from key store. Can not
establish the signing identity for user admin.
Followed the below steps :
Created a network in hyperledger fabric.
Created new a node application to publish the rest services by
referring the existing "balance-transfer" application.
Then started the node application.
Testing the rest services url in postman tool.
Getting the above mentioned error while testing the url http://localhost:4000/users in Postman tool.
Error at code level:
app.js--->helper.js
let adminUserObj = await client.setUserContext({username: admins[0].username, password: admins[0].secret});
Please suggest.
Remove the folders holding key-value store for organizations -> fabric-client-kv-* from the balance-transfer fabric sample.
rm -rf fabric-client-kv-*
Then create the network again. This resolved the issue for me.
have you tried to restart the network completely? (by using the "runApp.sh" script for that?) Take a look inside this script to the restartNetwork() function, where the "fabric-client-kv-org" folders in your balance-transfer folder are removed.
Does it work?
I have setup a dev hyperledger fabric blockchain successfully and added an user/participant to the network. Execute the operations again and the blockchain all worked fine with using the card that was generated initially. But now, I have lost this card, can I export/download it again? I tried using identity "revoke" api, but it is failing with this error -
Error: Error trying invoke business network. Error: No valid responses from any peers.
Response from attempted peer comms was an error: Error: 2 UNKNOWN: error executing chaincode: transaction returned with failure: Error: attempt to get property state on an InvalidRelationship is not allowed. InvalidRelationship created due to Object with ID 'partcipant_1' in collection with ID 'Asset:org.hyperledger.composer.system.Identity' does not exist
I am not exactly sure what you mean when you say you "lost" the card.
The process goes like this:
you have an admin user with full rights to the network and an admin card to connect with, using this admin
you request a new identity, this gives you the required certificates, both public and private
you create a network card for this new identity using the certificates. This results in a physical .card file on disk
you import the physical file and you have a properly registered card and can now interact with the ledger, using this new identity.
if anything happens to the card itself, ie you deleted the registered card and got rid of the file as well, then you need to go through the process and recreate the card from scratch.
your commands could look like this:
composer identity request -c PeerAdmin#hlfv1 -u admin -s adminpw -d alice
this requests everything for a new user called alice, using the peer admin card which is created against the original network admin
composer card create -p your_connection.json -u alice -n your-network -c alice/admin-pub.pem -k alice/admin-priv.pem
this creates the card file
composer card import -f alice#your-network.card
this imports the card
composer network ping -c alice#your-network
check everything works
so, if you no longer have a registered card, you should still have the .card file and if you have that you can simply import it again.
if you don't have the .card file either, you should still have the certificates for "alice" and should be able to create the .card file
if you don't have the certs either then request them again ( I've never tried this particular scenario so we need to see what happens in that case )
What are the step to create card with credentails as "Credentials set" hyperledger composer?
You can do so in Playground -> https://hyperledger.github.io/composer/latest/playground/id-cards-playground#manually-creating-a-business-network-card
From the CLI -> https://hyperledger.github.io/composer/latest/managing/id-cards-playground#creating-a-business-network-card-from-component-files
Programatically - as shown by the example here -> https://github.com/hyperledger/composer-knowledge-wiki/blob/latest/knowledge.md#card-api-errors--resolutions - see the section from the line
https://github.com/hyperledger/composer-knowledge-wiki/blob/latest/knowledge.md#card-api-errors--resolutions
onwards.
The important thing is that if you're using an enrol secret, you should connect() or ping the network first, so that the identity is activated and its credentials (certificate/key) can be downloaded to 'his/her' wallet (from where it can be exported and shared if that is the requirement). You can use it in Playground, or export it (eg. for importing into the REST API wallet, when interacting with the business network from the Composer REST APIs)