Ssl Hyperledger结构相互TLS身份验证导致订购方错误:“0”;tls:坏证书“;
Ssl Hyperledger结构相互TLS身份验证导致订购方错误:“0”;tls:坏证书“;,ssl,hyperledger-fabric,hyperledger,Ssl,Hyperledger Fabric,Hyperledger,values.yaml文件的一部分,用于为订购方和同行提供服务: orderers: # cert/key pair generated by Letsencrypt for a single orderer # DNS name (e.g. ord0.network.example.com) # ORDERER_GENERAL_TLS_CERTIFICATE & ORDERER_GENERAL_TLS_PRIVATEKEY # mounted on /v
values.yaml
文件的一部分,用于为订购方和同行提供服务:
orderers:
# cert/key pair generated by Letsencrypt for a single orderer
# DNS name (e.g. ord0.network.example.com)
# ORDERER_GENERAL_TLS_CERTIFICATE & ORDERER_GENERAL_TLS_PRIVATEKEY
# mounted on /var/hyperledger/tls/server/pair/tls.crt
# mounted on /var/hyperledger/tls/server/pair/tls.key
tls: <k8s secret holding both tls.crt and tls.key>
# ORDERER_GENERAL_TLS_ROOTCAS
# mounted on /var/hyperledger/tls/server/cert/cert.pem
tlsRootCert: <k8s holding the letsencrypt x3 cross-signed certificate>
# ORDERER_GENERAL_TLS_CLIENTROOTCAS
# same as tlsRootCert
# mounted on /var/hyperledger/tls/client/cert/cert.pem
tlsClientRootCert: <k8s holding the letsencrypt x3 cross-signed certificate>
# cert/key generated by fabric-ca-client enroll for the
# NON admin identity "ord0"
# mounted on /var/hyperledger/msp/signcerts
cert: ord0-idcert
# mounted on /var/hyperledger/msp/keystore
key: ord0-idkey
# also generated by fabric-ca-client enroll for the
# NON admin identity "ord0"
# mounted on /var/hyperledger/admin_msp/cacerts/cert.pem
caCert: ord-ca-cert
当从peer0
POD内发出命令时,涉及与一个订购方(即ord0
)的通信,我们得到坏证书
错误:
对等通道连接完整命令:
CORE_PEER_MSPCONFIGPATH=/var/hyperledget/admin_msp \
peer channel join -o ord0.network.example.com:443 \
-b /var/hyperledger/mychannel.block \
--tls \
--cafile /var/hyperledger/tls/server/cert/cert.pem \
--certfile /var/hyperledger/tls/server/cert/cert.pem \
--keyfile /var/hyperledger/tls/client/pair/tls.key \
--clientauth
来自订购方的日志行:
2019-07-03 14:04:09.717 UTC [core.comm] ServerHandshake -> ERRO 68c TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=10.0.3.97:43398
2019-07-03 14:04:09.717 UTC [grpc] handleRawConn -> DEBU 68d grpc: Server.Serve failed to complete security handshake from "10.0.3.97:43398": remote error: tls: bad certificate
2019-07-03 14:04:10.599 UTC [core.comm] ServerHandshake -> ERRO 68e TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=10.0.3.97:43404
2019-07-03 14:04:10.599 UTC [grpc] handleRawConn -> DEBU 68f grpc: Server.Serve failed to complete security handshake from "10.0.3.97:43404": remote error: tls: bad certificate
2019-07-03 14:04:12.274 UTC [core.comm] ServerHandshake -> ERRO 690 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=10.0.3.97:43420
注:
10.0.3.97
是入口控制器的POD IP。注意解释-1?注意解释-1?
CORE_PEER_TLS_ENABLED=true
CORE_PEER_TLS_CLIENTAUTHREQUIRED=true
CORE_PEER_MSPCONFIGPATH=/var/hyperledget/admin_msp \
peer channel join -o ord0.network.example.com:443 \
-b /var/hyperledger/mychannel.block \
--tls \
--cafile /var/hyperledger/tls/server/cert/cert.pem \
--certfile /var/hyperledger/tls/server/cert/cert.pem \
--keyfile /var/hyperledger/tls/client/pair/tls.key \
--clientauth
2019-07-03 14:04:09.717 UTC [core.comm] ServerHandshake -> ERRO 68c TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=10.0.3.97:43398
2019-07-03 14:04:09.717 UTC [grpc] handleRawConn -> DEBU 68d grpc: Server.Serve failed to complete security handshake from "10.0.3.97:43398": remote error: tls: bad certificate
2019-07-03 14:04:10.599 UTC [core.comm] ServerHandshake -> ERRO 68e TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=10.0.3.97:43404
2019-07-03 14:04:10.599 UTC [grpc] handleRawConn -> DEBU 68f grpc: Server.Serve failed to complete security handshake from "10.0.3.97:43404": remote error: tls: bad certificate
2019-07-03 14:04:12.274 UTC [core.comm] ServerHandshake -> ERRO 690 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=10.0.3.97:43420