Fatal编程技术网
  • ibm-cloud/
  • Ibm cloud 如何在Hyperledger Fabric 1.0中为组织中的新对等方生成证书

Ibm cloud 如何在Hyperledger Fabric 1.0中为组织中的新对等方生成证书

ibm-cloud blockchain hyperledger-fabric

Ibm cloud 如何在Hyperledger Fabric 1.0中为组织中的新对等方生成证书,ibm-cloud,blockchain,hyperledger,hyperledger-fabric,Ibm Cloud,Blockchain,Hyperledger,Hyperledger Fabric,我正在使用Hyperledger Fabric 1.0 Fabric node sdk教程(https://github.com/Hyperledger/Fabric-sdk-node/test)。 我已经设置了两个组织,每个组织都有1个对等体(org1中的peer0和org2中的peer2)。 我的要求是在每个组织中再添加一个对等体(Org1中的peer1和Org2中的peer3)。 我认为需要在\tls文件夹中创建peer1和peer3文件夹,并放置一些“.pem”文件 示例: “src\g

我正在使用Hyperledger Fabric 1.0 Fabric node sdk教程(https://github.com/Hyperledger/Fabric-sdk-node/test)。
我已经设置了两个组织,每个组织都有1个对等体(org1中的peer0和org2中的peer2)。
我的要求是在每个组织中再添加一个对等体(Org1中的peer1和Org2中的peer3)。
我认为需要在\tls文件夹中创建peer1和peer3文件夹,并放置一些“.pem”文件
示例:
“src\github.com\hyperledger\fabric sdk节点\test\fixtures\tls\peers\peer1”
“src\github.com\hyperledger\fabric sdk节点\test\fixtures\tls\peers\peer3”
“ca-cert.pem”
“cert.pem”
“钥匙,pem”

并且还需要创建admincerts、cacerts、keystore、signcerts文件夹和相应的“.pem”,与下面文件夹中相应的对等方相关

“fabric sdk节点\test\fixtures\channel\crypto config\peerOrganizations\org1.example.com\peers\peer1.org1.example.com”
“fabric sdk节点/test/fixtures/channel/crypto-config/peerOrganizations/org2.example.com/peers/peer3.org2.example.com”

请您帮助我了解生成这些证书文件并将这些新对等点注册到网络的步骤

我已尝试使用CA客户端注册和注册对等点1

fabric-ca-client register --id.name peer3 --id.type peer --id.affiliation org1.department1 --id.secret peer3pw  
fabric-ca-client enroll -u http://peer3:peer3pw@localhost:7054 -M $FABRIC_CA_HOME/msp
但是得到错误:

2017/05/03 09:18:30 http: TLS handshake error from [::1]:55890: tls: oversized record received with length 21536   
2017/05/03 09:19:04 http: TLS handshake error from 192.168.132.17:53220: tls: first record does not look like a TLS handshake
2017/05/03 09:19:04 http: TLS handshake error from 192.168.132.17:53221: tls: first record does not look like a TLS handshake
2017/05/03 09:20:25 http: TLS handshake error from [::1]:55891: tls: oversized record received with length 21536
我按照以下步骤在org1中添加新的对等点

1) 在CA容器中(CA_peerOrg1)

我正在纠正错误:

Post failure [Post http://localhost:7054/enroll : malformed HTTP response "\x15\x03\x01\x00\x02\x02\x16"] ; not sending
2) 在执行命令时,我已经将主机名替换为容器id(e2598895c822),但仍然得到相同的错误

3) ca_peerOrg1容器日志中出错:

error : ca_peerOrg1 | 2017/05/03 11:43:02 http: TLS handshake error from [::1]:55913: tls: oversized record received with length 21536
4) 我观察到docker编写的yaml文件正盯着带有命令标记的ca_peerOrg1容器(sh-c‘结构ca服务器启动--ca.certfile/etc/hyperledger/fabric ca服务器配置/org2.example.com-cert.pem--ca.keyfile/etc/hyperledger/fabric ca服务器配置/464d550fe9bf9e7d8976cdf59d5d472598f54058c354617c5c5fb0ddfd6e_sk-b管理员:adminpw'-d)

我在docker compose文件中添加了一个带有命令标记(sh-c'fabric CA server start-b admin:adminpw)的CA服务器详细信息,如下所示:

结构ca服务器: 图片:hyperledger/fabric ca 容器名称:结构ca服务器 端口: -“9054:7054”
环境: -FABRIC\u CA\u HOME=/etc/hyperledger/FABRIC CA服务器 卷数: -“/fabric ca server:/etc/hyperledger/fabric ca server” 命令:sh-c'fabric ca server start-b admin:adminpw'

5) 然后我登录到fabric ca服务器容器并执行以下命令

fabric-ca-client enroll -u http://admin:adminpw@localhost:7054
    fabric-ca-client register --id.name peer1 --id.type peer --id.affiliation org1.department1 --id.secret peer1pw
    export FABRIC_CA_CLIENT_HOME=$HOME/fabric-ca/clients/peer1
    fabric-ca-client enroll -u http://peer1:peer1pw@localhost:7054 -M $FABRIC_CA_CLIENT_HOME/msp

And this time it was successful. And MSP folder got created (with cacert,keystore,signcerts) in container.

export FABRIC_CA_CLIENT_HOME=$HOME/fabric-ca/clients/peer1
    fabric-ca-client getcacert -u http://2f67d7031c3f:7054 -M $FABRIC_CA_CLIENT_HOME/msp

And observed that msp folder got imported to ca_peerOrg1.
6) 因为我尝试在org1中添加对等,所以我再次登录到容器ca_peerOrg1 并使用以下命令从fabric ca服务器获取证书

fabric-ca-client enroll -u http://admin:adminpw@localhost:7054
    fabric-ca-client register --id.name peer1 --id.type peer --id.affiliation org1.department1 --id.secret peer1pw
    export FABRIC_CA_CLIENT_HOME=$HOME/fabric-ca/clients/peer1
    fabric-ca-client enroll -u http://peer1:peer1pw@localhost:7054 -M $FABRIC_CA_CLIENT_HOME/msp

And this time it was successful. And MSP folder got created (with cacert,keystore,signcerts) in container.

export FABRIC_CA_CLIENT_HOME=$HOME/fabric-ca/clients/peer1
    fabric-ca-client getcacert -u http://2f67d7031c3f:7054 -M $FABRIC_CA_CLIENT_HOME/msp

And observed that msp folder got imported to ca_peerOrg1.
7) 在hyperledger\fabric sdk node\test\fixtures\tls\peers\ 并使用证书复制新创建的cacert、密钥库、signcerts文件夹。并将/cacert/3002372bba75.pem重命名为/cacert/ca-cert.pem 我从peer0文件夹复制的admincerts文件夹 8) 另外5)在“\hyperledger\fabric sdk node\test\fixtures\channel\crypto config\PeerorOrganizations\org1.example.com\peers\”中创建了一个文件夹“peer1.org1.example.com”,并复制了cacert、keystore、signcerts、admincerts文件夹

9) 使用org1中的peer2条目更新了/hyperledger/fabric sdk节点/test/integration/e2e/config.json

{
        "test-network": {
                "orderer": {
                        "url": "grpcs://localhost:7050",
                        "server-hostname": "orderer0",
                        "tls_cacerts": "../../fixtures/tls/orderer/ca-cert.pem"
                },
                "org1": {
                        "name": "peerOrg1",
                        "mspid": "Org1MSP",
                        "ca": "https://localhost:7054",
                        "peer1": {
                                "requests": "grpcs://localhost:7051",
                                "events": "grpcs://localhost:7053",
                                "server-hostname": "peer0",
                                "tls_cacerts": "../../fixtures/tls/peers/peer0/ca-cert.pem"
                        },
                        "peer2": {
                                "requests": "grpcs://localhost:9051",
                                "events": "grpcs://localhost:9053",
                                "server-hostname": "peer1",
                                "tls_cacerts": "../../fixtures/tls/peers/peer1/ca-cert.pem"
                        }

                },
                "org2": {
                        "name": "peerOrg2",
                        "mspid": "Org2MSP",
                        "ca": "https://localhost:8054",
                        "peer1": {
                                "requests": "grpcs://localhost:8051",
                                "events": "grpcs://localhost:8053",
                                "server-hostname": "peer2",
                                "tls_cacerts": "../../fixtures/tls/peers/peer2/ca-cert.pem"
                        }
                }
        }
}
10) 又创建了一个docker文件“docker-compose_peer1.yaml”,该文件仅包含peer1的详细信息 并启动docker compose,现在这些容器已经启动(ca_peerOrg2、ca_peerOrg1、orderer0、couchdb、peer2、peer0、peer1、fabric ca server)

11) 在comaands下执行及其失败 Cd/hyperledger1.0.0/gopath/src/github.com/hyperledger/fabric-sdk-node/test/integration/e2e 节点create-channel.js 节点join-channel.js

routines:ssl3_get_server_certificate:certificate verify failed.
events.js:160
      throw er; // Unhandled 'error' event
      ^

Error: Connect Failed
    at ClientDuplexStream._emitStatusIfDone (/root/hyperledger1.0.0/gopath/src/github.com/hyperledger/fabric-sdk-node/node_modules/grpc/src/node/src/client.js:201:19)
    at ClientDuplexStream._readsDone (/root/hyperledger1.0.0/gopath/src/github.com/hyperledger/fabric-sdk-node/node_modules/grpc/src/node/src/client.js:
你能帮我知道我所遵循的步骤是正确的吗。请帮助我添加新的对等点。

当您在结构ca客户端的URL中指定“http”时,会出现错误“tls:接收长度为21536的超大记录”,但结构ca服务器是在启用tls的情况下启动的,因此正在侦听“https”。
但是,由于它在登录到容器时使用http在fabric ca客户端上工作,但在您的主机上不工作,因此我猜测,在您的主机上运行另一个fabric ca server实例,并且启用了TLS。

要为新的对等方生成加密材料(使用),您需要编辑crypto-config.yaml文件,然后执行:

cryptogen extend --config=./crypto-config.yaml
您可以在以下网址找到完整的指南:

你解决了吗?我也有同样的问题。