Hyperledger fabric Hyperledger结构节点sdk注册用户给我[错误:无法验证第一个证书]
我使用下面的代码注册用户,使用farbic node sdk。我得到了错误。我已经通过了json连接中的所有证书。我仍然面临着这个错误。任何人都可以推荐我。如何使用fabric node sdk使用tls [错误:无法验证第一个证书] connection.jsonHyperledger fabric Hyperledger结构节点sdk注册用户给我[错误:无法验证第一个证书],hyperledger-fabric,hyperledger,hyperledger-fabric-ca,Hyperledger Fabric,Hyperledger,Hyperledger Fabric Ca,我使用下面的代码注册用户,使用farbic node sdk。我得到了错误。我已经通过了json连接中的所有证书。我仍然面临着这个错误。任何人都可以推荐我。如何使用fabric node sdk使用tls [错误:无法验证第一个证书] connection.json { "name": "org-example", "version": "1.0.0", "client": { "organization": "Org1", "connection": { "ti
{
"name": "org-example",
"version": "1.0.0",
"client": {
"organization": "Org1",
"connection": {
"timeout": {
"peer": {
"endorser": "300"
},
"orderer": "300"
}
}
},
"channels": {
"channelall": {
"orderers": [
"orderer.example.com"
],
"peers": {
"peer0.org1.example.com": {
"endorsingPeer": true,
"chaincodeQuery": true,
"ledgerQuery": true,
"eventSource": true
},
}
},
"organizations": {
"Org1": {
"mspid": "Org1MSP",
"peers": [
"peer0.org1.example.com",
"peer1.org1.example.com"
],
"certificateAuthorities": [
"ca.example.com"
],
"adminPrivateKey": {
"path": "/fabric-example/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/keystore/{adminkey}"
},
"signedCert": {
"path": "/fabric-example/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/signcerts/Admin@org1.example.com-cert.pem"
}
},
"Org2": {
"mspid": "Org2MSP",
"peers": [
"peer0.org2.example.com",
"peer1.org2.example.com"
],
"certificateAuthorities": [
"ca1.example.com"
],
"adminPrivateKey": {
"path": "/fabric-example/crypto-config/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp/keystore/{adminkey}"
},
"signedCert": {
"path": "/fabric-example/crypto-config/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp/signcerts/Admin@org2.example.com-cert.pem"
}
},
},
"orderers": {
"orderer.example.com": {
"url": "grpc://127.0.0.1:7050",
"grpcOptions": {
"ssl-target-name-override": "orderer.example.com"
},
"tlsCACerts": {
"path":"fabric-example/crypto-config/ordererOrganizations/example.com/tlsca/tlsca.org1.example.com-cert.pem"
}
}
},
"peers": {
"peer0.org1.example.com": {
"url": "grpcs://127.0.0.1:7051",
"grpcOptions": {
"ssl-target-name-override": "peer0.org1.example.com"
},
"tlsCACerts": {
"path": "/fabric-example/crypto-config/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem"
}
},
"peer0.org2.example.com": {
"url": "grpcs://127.0.0.1:8051",
"grpcOptions": {
"ssl-target-name-override": "peer0.org2.example.com"
},
"tlsCACerts": {
"path": "/fabric-example/crypto-config/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem"
}
}
},
"certificateAuthorities": {
"ca.example.com": {
"url": "https://127.0.0.1:7054",
"tlsCACerts": {
"path": "/fabric-example/crypto-config/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem"
},
"caName": "ca.example.com"
},
"ca2.example.com": {
"url": "https://127.0.0.1:8054",
"caName": "ca1.example.com",
"tlsCACerts": {
"path": "/fabric-example/crypto-config/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem"
}
}
}
}
注册用户
'use strict';
const { FileSystemWallet, Gateway, X509WalletMixin } = require('fabric-network');
const fs = require('fs');
const path = require('path');
const ccpPath = path.resolve(__dirname, '..', 'connection.json');
const ccpJSON = fs.readFileSync(ccpPath, 'utf8');
const ccp = JSON.parse(ccpJSON);
async function RegisterUser(user,password,roletype,affiliation) {
try {
// Create a new file system based wallet for managing identities.
const walletPath = path.join(process.cwd(),'wallet');
const wallet = new FileSystemWallet(walletPath);
console.log(`Wallet path: ${walletPath}`);
// Check to see if we've already enrolled the user.
const userExists = await wallet.exists(user);
if (userExists) {
console.log('An identity for the user already exists in the wallet');
return;
}
// Check to see if we've already enrolled the admin user.
const adminExists = await wallet.exists('admin');
if (!adminExists) {
console.log('An identity for the admin user "admin" does not exist in the wallet');
console.log('Run the enrollAdmin.js application before retrying');
return;
}
// Create a new gateway for connecting to our peer node.
const gateway = new Gateway();
await gateway.connect(ccpPath, { wallet, identity: 'admin',discovery: { enabled: false } });
// Get the CA client object from the gateway for interacting with the CA.
const ca = gateway.getClient().getCertificateAuthority();
const adminIdentity = gateway.getCurrentIdentity();
// Register the user, enroll the user, and import the new identity into the wallet.
const secret = await ca.register({enrollmentID:user, enrollmentSecret:password,role:roletype,affiliation:affiliation}, adminIdentity);
} catch (error) {
console.error(`Failed to register user : ${error}`);
process.exit(1);
}
}
您使用CA向订购方、对等方和用户提供MSP和TLS证书。它通常不提供自己的TLS证书(因为它最初需要在没有TLS的情况下启动) 我发现非常奇怪的是,您对CA和节点使用相同的
tlsCACerts
。您确定您的CA使用了那些TLSCAcert
?您通常为CA的TLS使用自签名证书(或来自第三方认可机构的证书)
你总是可以检查
openssl s_客户端-showcerts-connect 127.0.0.1:7054
……还有
opensslx509-text-noout-in/fabric-example/crypto-config/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem
…并检查第一次SSL握手的证书是否为第二个证书(或由第二个证书签名)
您还可以检查CA的日志
编辑: 做:
echo | openssl s|u客户端-connect 127.0.0.1:7054 | sed-ne'/-开始证书-/,/-结束证书-/p'>ca1.pem
opensslx509-text-noout-in-ca1.pem
…并复制结果
也从…复制结果
opensslx509-text-noout-in/fabric-example/crypto-config/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem
…因此,我们可以比较您正在使用的CA TLS证书和您信任的证书。我正在使用cryptogen工具为组织生成密钥对。CA没有Tls文件。我需要提供哪个文件{certificateAuthorities tlsCACerts}我在这里有点困惑。感谢您的重播,是否可以使用cryptogen工具生成自签名tls证书。您对
cryptogen
有某种固定。使用openssl
。