Error endorsing query: rpc error: code = Unknown desc = access denied: channel [mychannel] creator org [Org1MSP] - <nil>


(Saeedi) #1

@varun Hi guys, i have followed steps provided in this article here After few changes i was able to successfully deploy network and finally installed and query chaincode. Everything is working fine until i need to restart machine.After restarting and again executing command, it produces following error.

docker exec hlf_services_cli.1.4fam0scwie0z0xouegefecd0f peer chaincode query -o orderer0.example.com:7050 --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n simple -c ‘{“Args”:[“query”,“b”]}’
2018-11-08 12:59:40.853 UTC [msp] GetLocalMSP -> DEBU 001 Returning existing local MSP
2018-11-08 12:59:40.856 UTC [msp] GetDefaultSigningIdentity -> DEBU 002 Obtaining default signing identity
2018-11-08 12:59:40.856 UTC [chaincodeCmd] checkChaincodeCmdParams -> INFO 003 Using default escc
2018-11-08 12:59:40.856 UTC [chaincodeCmd] checkChaincodeCmdParams -> INFO 004 Using default vscc
2018-11-08 12:59:40.856 UTC [chaincodeCmd] getChaincodeSpec -> DEBU 005 java chaincode disabled
2018-11-08 12:59:40.882 UTC [msp/identity] Sign -> DEBU 006 Sign: plaintext: 0AA9070A6908031A0C08BCE690DF0510…6D706C651A0A0A0571756572790A0162
2018-11-08 12:59:40.895 UTC [msp/identity] Sign -> DEBU 007 Sign: digest: 7403A08E1EB8AC424843388F59BC1674C1EEA6BCB171F8E0AB7361E8A403FD15
Error: Error endorsing query: rpc error: code = Unknown desc = access denied: channel [mychannel] creator org [Org1MSP] -
Usage:


(Varun Raj) #2

After you restarted the machine, make sure if all the docker containers are back. If they are running, try checking if the peers have joined the channel with peer channel list command in peer container.


(Saeedi) #3

@varun Containers are back online but with different names, for example previously it was

hlf_services_cli.1.4fam0scwie0z0xouegefecd0f

and now it is

hlf_services_cli.1.p7yunlcywpbi3r2q7qi86q42v

and the peer hasn’t joined channel previously created. So i started from scratch and created channel and followed all the previous steps that were followed on newly created docker swarm.
Does it mean i need to start from scratch everytime physical machine restarts or loses power ?
Does the network is meant to be deployed on cloud ? Or can we make changes in restart policy or anything else to make it preserve the data regarding channel, chaincode etc?


(Varun Raj) #4

Actually even I faced this issue, when I restarted or accidentally killed one of the peers the channel config is missing the next time. I think this is because of some data not stored in the volumes.

Anyways deploying it in cloud is one of the best solution as we dont have to worry a lot of about the infrastructure.


(Saeedi) #5

@varun Oh okay. Then cloud deployment it is. And one more question, what changes should be made in configuration.json in case of deploying hyperledger composer over it? I know how to do it in case of multi nodes but having confusions where deployment is done using kafka with docker swarm. TIA


(Varun Raj) #6

You don’t have to do any major changes to configuration in terms of Fabric. But when you deploy a composer peer admin card, create it with the connection profile that has information about the entire network, Also make sure you map the right ip address.


(Saeedi) #7

Thanks :slight_smile:
But one last question for now :smile: will composer profile also contain information about kafka and zookeeper ? I think it should but i am not sure as i haven’t done that before


(Varun Raj) #8

Welcome :slight_smile:
No, it will contain only where the orderers are as they are the distributors for the transactions. Orderers will have the configuration and connection to kafka.


(Saeedi) #9

Oh okay got it. Thanks a lot for all the help :slight_smile:


(Varun Raj) #10

No problem :slight_smile: happy to help.


(Saeedi) #11

I am following tutorialhere.
And i am on step 15 Retrieving business network administrator certificates for Org1
This is the error that is being produced,

lubuntu@lpeer1:~$ composer identity request -c PeerAdmin@byfn-network-org1 -u admin -s adminpw -d aliceError: failed to request identity. Error trying to enroll user and return certificates. Error: Calling enrollment endpoint failed with error [Error: write EPROTO 139825555093312:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:…/deps/openssl/openssl/ssl/s23_clnt.c:827:
]
Command failed


(Varun Raj) #12

Have you enabled grpcs or grpc in your connection profile? This is a security handshake error.


(Saeedi) #13

it is using grpcs i.e.

peer0.org2.example.com": {
“url”: “grpcs://192.168.11.132:9051”,
“grpcOptions”: {
“ssl-target-name-override”: “peer0.org2.example.com
},
“tlsCACerts”: {
“pem”: “-----BEGIN CERTIFICATE-----\nMIICSjCCAfCgAwIBAgIRANNWFA8kKCq34eFYgV4MV28wCgYIKoZIzj0EAwIwdjEL\nMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG\ncmFuY2lzY28xGTAXBgNVBAoTEG9yZzIuZXhhbXBsZS5jb20xHzAdBgNVBAMTFnRs\nc2NhLm9yZzIuZXhhbXBsZS5jb20wHhcNMTgwODIzMTMyOTIyWhcNMjgwODIwMTMy\nOTIyWjB2MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE\nBxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQb3JnMi5leGFtcGxlLmNvbTEfMB0G\nA1UEAxMWdGxzY2Eub3JnMi5leGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49\nAwEHA0IABDFX1AkZQXCXm/Bmgwrk1kRyYCK03IOzsMDOaQyS6g84Shf4PXMm2QzP\naoBaYGQQm1caFvHM3T49oBiAn5ADtRCjXzBdMA4GA1UdDwEB/wQEAwIBpjAPBgNV\nHSUECDAGBgRVHSUAMA8GA1UdEwEB/wQFMAMBAf8wKQYDVR0OBCIEINpJaKJudXp5\nuL9SoHQz9suYZp3jJpiWWf8f2WZQ9HzHMAoGCCqGSM49BAMCA0gAMEUCIQC68lfi\nAsrPbuea63Ki9zLe0UpE9BA4oP8mjeX5PQMHaAIgPe3vvc/LpIox2AcJ94vryjkR\nb979Cny+kNqSINWFO50=\n-----END CERTIFICATE-----\n”
}


(Varun Raj) #14

Can you check if the request is hitting the CA server by seeing the logs?


(Saeedi) #15

docker logs hlf_services_ca_org1.1.fhe9i3sfudbrxpjd9oaezltxm

2018/11/15 07:16:45 [DEBUG] Initialized DB identity registry
2018/11/15 07:16:45 [DEBUG] DB: Get properties [identity.level affiliation.level certificate.level]
2018/11/15 07:16:45 [DEBUG] Checking database levels ‘map[affiliation.level:0 certificate.level:0 identity.level:0]’ against server levels ‘&{Identity:1 Affiliation:1 Certificate:1}’
2018/11/15 07:16:45 [DEBUG] Loading identity table
2018/11/15 07:16:45 [DEBUG] Loading identity ‘admin’
2018/11/15 07:16:45 [DEBUG] DB: Getting identity admin
2018/11/15 07:16:46 [DEBUG] Max enrollment value verification - User specified max enrollment: 0, CA max enrollment: -1
2018/11/15 07:16:46 [DEBUG] DB: Add identity admin
2018/11/15 07:16:46 [DEBUG] Successfully added identity admin to the database
2018/11/15 07:16:46 [DEBUG] Registered identity: { Name:**** Pass:**** Type:client Affiliation: MaxEnrollments:-1 Attrs:map[hf.Revoker:1 hf.IntermediateCA:1 hf.GenCRL:1 hf.Registrar.Attributes:* hf.AffiliationMgr:1 hf.Registrar.Roles:peer,orderer,client,user hf.Registrar.DelegateRoles:peer,orderer,client,user] }
2018/11/15 07:16:46 [DEBUG] Successfully loaded identity table
2018/11/15 07:16:46 [DEBUG] Loading affiliations table
2018/11/15 07:16:46 [DEBUG] DB: Add affiliation org1
2018/11/15 07:16:46 [DEBUG] Affiliation ‘org1’ added
2018/11/15 07:16:46 [DEBUG] DB: Add affiliation org1.department1
2018/11/15 07:16:46 [DEBUG] Affiliation ‘org1.department1’ added
2018/11/15 07:16:46 [DEBUG] DB: Add affiliation org1.department2
2018/11/15 07:16:46 [DEBUG] Affiliation ‘org1.department2’ added
2018/11/15 07:16:46 [DEBUG] DB: Add affiliation org2
2018/11/15 07:16:46 [DEBUG] Affiliation ‘org2’ added
2018/11/15 07:16:46 [DEBUG] DB: Add affiliation org2.department1
2018/11/15 07:16:46 [DEBUG] Affiliation ‘org2.department1’ added
2018/11/15 07:16:46 [DEBUG] Successfully loaded affiliations table
2018/11/15 07:16:46 [DEBUG] Checking and performing migration, if needed
2018/11/15 07:16:46 [DEBUG] Updating database level to &{Identity:1 Affiliation:1 Certificate:1}
2018/11/15 07:16:46 [INFO] Initialized sqlite3 database at /etc/hyperledger/fabric-ca-server/fabric-ca-server.db
2018/11/15 07:16:46 [DEBUG] Initializing enrollment signer
2018/11/15 07:16:46 [DEBUG] No key found in BCCSP keystore, attempting fallback
2018/11/15 07:16:46 [DEBUG] validating configuration
2018/11/15 07:16:46 [DEBUG] validate local profile
2018/11/15 07:16:46 [DEBUG] profile is valid
2018/11/15 07:16:46 [DEBUG] validate local profile
2018/11/15 07:16:46 [DEBUG] profile is valid
2018/11/15 07:16:46 [DEBUG] validate local profile
2018/11/15 07:16:46 [DEBUG] profile is valid
2018/11/15 07:16:46 [DEBUG] CA initialization successful
2018/11/15 07:16:46 [INFO] Home directory for default CA: /etc/hyperledger/fabric-ca-server
2018/11/15 07:16:46 [DEBUG] 1 CA instance(s) running on server
2018/11/15 07:16:46 [INFO] Listening on http://0.0.0.0:7054


(Varun Raj) #16

Yes I think the CA server is not reachable due to some certificate issue. Please check if you use correct certs to generate the Peer Admin Card.


(Saeedi) #17

Okay let me take a look at it.
But is my config file correct ?

{
“name”: “saeedi”,
“x-type”: “hlfv1”,
“version”: “1.0.0”,
“client”: {
“organization”: “Org1”,
“connection”: {
“timeout”: {
“peer”: {
“endorser”: “300”,
“eventHub”: “300”,
“eventReg”: “300”
},
“orderer”: “300”
}
}
},
“channels”: {
“mychannel”: {
“orderers”: [
orderer0.example.com”,
orderer1.example.com
],
“peers”: {
peer0.org1.example.com”: {
“endorsingPeer”: true,
“chaincodeQuery”: true,
“eventSource”: true
},
peer1.org1.example.com”: {
“endorsingPeer”: true,
“chaincodeQuery”: true,
“eventSource”: true
},
peer0.org2.example.com”: {
“endorsingPeer”: true,
“chaincodeQuery”: true,
“eventSource”: true
},
peer1.org2.example.com”: {
“endorsingPeer”: true,
“chaincodeQuery”: true,
“eventSource”: true
}
}
}
},
“organizations”: {
“Org1”: {
“mspid”: “Org1MSP”,
“peers”: [
peer0.org1.example.com”,
peer1.org1.example.com
],
“certificateAuthorities”: [
ca.org1.example.com
]
},
“Org2”: {
“mspid”: “Org2MSP”,
“peers”: [
peer0.org2.example.com”,
peer1.org2.example.com
],
“certificateAuthorities”: [
ca.org2.example.com
]
}
},
“orderers”: {
orderer0.example.com”: {
“url”: “grpc://localhost:7050”,
“grpcOptions”: {
“ssl-target-name-override”: “orderer0.example.com
},
“tlsCACerts”: {
“pem”: “-----BEGIN CERTIFICATE-----\nMIICNTCCAdugAwIBAgIQfwZ7nL098nQ6lprLT2x6CTAKBggqhkjOPQQDAjBsMQsw\nCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy\nYW5jaXNjbzEUMBIGA1UEChMLZXhhbXBsZS5jb20xGjAYBgNVBAMTEXRsc2NhLmV4\nYW1wbGUuY29tMB4XDTE4MDgyMzEzMjkyM1oXDTI4MDgyMDEzMjkyM1owbDELMAkG\nA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFu\nY2lzY28xFDASBgNVBAoTC2V4YW1wbGUuY29tMRowGAYDVQQDExF0bHNjYS5leGFt\ncGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJvbPUbwFxFmQiMrg2so\nwuXj8Ia888TzVtVeujRDD1r5l6+B3RSqwZSl23WOQZURp/MUoeZ48imsQsw2mEZV\nAsmjXzBdMA4GA1UdDwEB/wQEAwIBpjAPBgNVHSUECDAGBgRVHSUAMA8GA1UdEwEB\n/wQFMAMBAf8wKQYDVR0OBCIEIFuNvpLd5RH0p0q8jx8LT4qEfzZp7tdO0UNBYDz3\nGnovMAoGCCqGSM49BAMCA0gAMEUCIQDHLHYzcWzLLhmmAVzUZA4fOnNLhit8z14p\nLmTBhfeS4AIgWqMRTOi8wDXMtC9/CdnC1lOliJKswfP0/Ai2+UCozPY=\n-----END CERTIFICATE-----\n”
}
},
orderer1.example.com”: {
“url”: “grpc://192.168.11.132:7050”,
“grpcOptions”: {
“ssl-target-name-override”: “orderer1.example.com
},
“tlsCACerts”: {
“pem”: “-----BEGIN CERTIFICATE-----\nMIICNTCCAdugAwIBAgIQfwZ7nL098nQ6lprLT2x6CTAKBggqhkjOPQQDAjBsMQsw\nCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy\nYW5jaXNjbzEUMBIGA1UEChMLZXhhbXBsZS5jb20xGjAYBgNVBAMTEXRsc2NhLmV4\nYW1wbGUuY29tMB4XDTE4MDgyMzEzMjkyM1oXDTI4MDgyMDEzMjkyM1owbDELMAkG\nA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFu\nY2lzY28xFDASBgNVBAoTC2V4YW1wbGUuY29tMRowGAYDVQQDExF0bHNjYS5leGFt\ncGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJvbPUbwFxFmQiMrg2so\nwuXj8Ia888TzVtVeujRDD1r5l6+B3RSqwZSl23WOQZURp/MUoeZ48imsQsw2mEZV\nAsmjXzBdMA4GA1UdDwEB/wQEAwIBpjAPBgNVHSUECDAGBgRVHSUAMA8GA1UdEwEB\n/wQFMAMBAf8wKQYDVR0OBCIEIFuNvpLd5RH0p0q8jx8LT4qEfzZp7tdO0UNBYDz3\nGnovMAoGCCqGSM49BAMCA0gAMEUCIQDHLHYzcWzLLhmmAVzUZA4fOnNLhit8z14p\nLmTBhfeS4AIgWqMRTOi8wDXMtC9/CdnC1lOliJKswfP0/Ai2+UCozPY=\n-----END CERTIFICATE-----\n”
}
}
},
“peers”: {
peer0.org1.example.com”: {
“url”: “grpc://localhost:7051”,
“grpcOptions”: {
“ssl-target-name-override”: “peer0.org1.example.com
},
“tlsCACerts”: {
“pem”: “-----BEGIN CERTIFICATE-----\nMIICSTCCAe+gAwIBAgIQa/OwKRdbRy9EKOY/FWbLzDAKBggqhkjOPQQDAjB2MQsw\nCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy\nYW5jaXNjbzEZMBcGA1UEChMQb3JnMS5leGFtcGxlLmNvbTEfMB0GA1UEAxMWdGxz\nY2Eub3JnMS5leGFtcGxlLmNvbTAeFw0xODA4MjMxMzI5MjJaFw0yODA4MjAxMzI5\nMjJaMHYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH\nEw1TYW4gRnJhbmNpc2NvMRkwFwYDVQQKExBvcmcxLmV4YW1wbGUuY29tMR8wHQYD\nVQQDExZ0bHNjYS5vcmcxLmV4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0D\nAQcDQgAEKl+kVSFHk1sEC3bgxzKf/PdtP30Vxr3mSGggWp35rOoDpLSuPoZ5WOoH\nAodWzEQByX+E/Os6A0ERLP5VKqUZC6NfMF0wDgYDVR0PAQH/BAQDAgGmMA8GA1Ud\nJQQIMAYGBFUdJQAwDwYDVR0TAQH/BAUwAwEB/zApBgNVHQ4EIgQgbkru/Jd2Z+Zi\nON0tgdQQVcKknBXBbahVI1JlSKi5NTwwCgYIKoZIzj0EAwIDSAAwRQIhAOF/YszG\nGlbllTSfccFp6hwjyjk4yiQ0gP1dsF1q0SfHAiAvtnnQBOspIl7AO+O0OPuZ6+Es\nENBQMvBfHQvUlKv8xQ==\n-----END CERTIFICATE-----\n”
}
},
peer1.org1.example.com”: {
“url”: “grpc://localhost:8051”,
“grpcOptions”: {
“ssl-target-name-override”: “peer1.org1.example.com
},
“tlsCACerts”: {
“pem”: “-----BEGIN CERTIFICATE-----\nMIICSTCCAe+gAwIBAgIQa/OwKRdbRy9EKOY/FWbLzDAKBggqhkjOPQQDAjB2MQsw\nCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy\nYW5jaXNjbzEZMBcGA1UEChMQb3JnMS5leGFtcGxlLmNvbTEfMB0GA1UEAxMWdGxz\nY2Eub3JnMS5leGFtcGxlLmNvbTAeFw0xODA4MjMxMzI5MjJaFw0yODA4MjAxMzI5\nMjJaMHYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH\nEw1TYW4gRnJhbmNpc2NvMRkwFwYDVQQKExBvcmcxLmV4YW1wbGUuY29tMR8wHQYD\nVQQDExZ0bHNjYS5vcmcxLmV4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0D\nAQcDQgAEKl+kVSFHk1sEC3bgxzKf/PdtP30Vxr3mSGggWp35rOoDpLSuPoZ5WOoH\nAodWzEQByX+E/Os6A0ERLP5VKqUZC6NfMF0wDgYDVR0PAQH/BAQDAgGmMA8GA1Ud\nJQQIMAYGBFUdJQAwDwYDVR0TAQH/BAUwAwEB/zApBgNVHQ4EIgQgbkru/Jd2Z+Zi\nON0tgdQQVcKknBXBbahVI1JlSKi5NTwwCgYIKoZIzj0EAwIDSAAwRQIhAOF/YszG\nGlbllTSfccFp6hwjyjk4yiQ0gP1dsF1q0SfHAiAvtnnQBOspIl7AO+O0OPuZ6+Es\nENBQMvBfHQvUlKv8xQ==\n-----END CERTIFICATE-----\n”
}
},
peer0.org2.example.com”: {
“url”: “grpc://192.168.11.132:9051”,
“grpcOptions”: {
“ssl-target-name-override”: “peer0.org2.example.com
},
“tlsCACerts”: {
“pem”: “-----BEGIN CERTIFICATE-----\nMIICSjCCAfCgAwIBAgIRANNWFA8kKCq34eFYgV4MV28wCgYIKoZIzj0EAwIwdjEL\nMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG\ncmFuY2lzY28xGTAXBgNVBAoTEG9yZzIuZXhhbXBsZS5jb20xHzAdBgNVBAMTFnRs\nc2NhLm9yZzIuZXhhbXBsZS5jb20wHhcNMTgwODIzMTMyOTIyWhcNMjgwODIwMTMy\nOTIyWjB2MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE\nBxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQb3JnMi5leGFtcGxlLmNvbTEfMB0G\nA1UEAxMWdGxzY2Eub3JnMi5leGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49\nAwEHA0IABDFX1AkZQXCXm/Bmgwrk1kRyYCK03IOzsMDOaQyS6g84Shf4PXMm2QzP\naoBaYGQQm1caFvHM3T49oBiAn5ADtRCjXzBdMA4GA1UdDwEB/wQEAwIBpjAPBgNV\nHSUECDAGBgRVHSUAMA8GA1UdEwEB/wQFMAMBAf8wKQYDVR0OBCIEINpJaKJudXp5\nuL9SoHQz9suYZp3jJpiWWf8f2WZQ9HzHMAoGCCqGSM49BAMCA0gAMEUCIQC68lfi\nAsrPbuea63Ki9zLe0UpE9BA4oP8mjeX5PQMHaAIgPe3vvc/LpIox2AcJ94vryjkR\nb979Cny+kNqSINWFO50=\n-----END CERTIFICATE-----\n”
}
},
peer1.org2.example.com”: {
“url”: “grpc://192.168.11.132:10051”,
“grpcOptions”: {
“ssl-target-name-override”: “peer1.org2.example.com
},
“tlsCACerts”: {
“pem”: “-----BEGIN CERTIFICATE-----\nMIICSjCCAfCgAwIBAgIRANNWFA8kKCq34eFYgV4MV28wCgYIKoZIzj0EAwIwdjEL\nMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG\ncmFuY2lzY28xGTAXBgNVBAoTEG9yZzIuZXhhbXBsZS5jb20xHzAdBgNVBAMTFnRs\nc2NhLm9yZzIuZXhhbXBsZS5jb20wHhcNMTgwODIzMTMyOTIyWhcNMjgwODIwMTMy\nOTIyWjB2MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE\nBxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQb3JnMi5leGFtcGxlLmNvbTEfMB0G\nA1UEAxMWdGxzY2Eub3JnMi5leGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49\nAwEHA0IABDFX1AkZQXCXm/Bmgwrk1kRyYCK03IOzsMDOaQyS6g84Shf4PXMm2QzP\naoBaYGQQm1caFvHM3T49oBiAn5ADtRCjXzBdMA4GA1UdDwEB/wQEAwIBpjAPBgNV\nHSUECDAGBgRVHSUAMA8GA1UdEwEB/wQFMAMBAf8wKQYDVR0OBCIEINpJaKJudXp5\nuL9SoHQz9suYZp3jJpiWWf8f2WZQ9HzHMAoGCCqGSM49BAMCA0gAMEUCIQC68lfi\nAsrPbuea63Ki9zLe0UpE9BA4oP8mjeX5PQMHaAIgPe3vvc/LpIox2AcJ94vryjkR\nb979Cny+kNqSINWFO50=\n-----END CERTIFICATE-----\n”
}
}
},
“certificateAuthorities”: {
ca.org1.example.com”: {
“url”: “https://localhost:7054”,
“caName”: “ca-org1”,
“httpOptions”: {
“verify”: false
}
},
ca.org2.example.com”: {
“url”: “https://192.168.11.132:8054”,
“caName”: “ca-org2”,
“httpOptions”: {
“verify”: false
}
}
}
}


(Varun Raj) #18

Yes, I believe you missed to pass the TLS certs for Fabric CA, thats the reason it’s not hitting the server.


(Saeedi) #19

I am lost. :sweat_smile: Can you guide me on how to do so ?


(Varun Raj) #20
certificateAuthorities:
  ca.org1.example.com:
    url: http://localhost:8054
    httpOptions:
      verify: false
    tlsCACerts:
      path: crypto-config/peerOrganizations/org1.example.com/ca/ca.org1.example.com-cert.pem
    registrar:
      - enrollId: admin
        enrollSecret: adminpw
    caName: ca.org1.example.com

This is from our fabric connection profile, try to replicate from this.