如何在Hyperledger Fabric 1.0中为组织中的新对等方生成证书

时间:2017-05-03 05:46:43

标签: ibm-cloud blockchain hyperledger hyperledger-fabric

我正在使用Hyperledger Fabric 1.0 fabric-node-sdk教程(https://github.com/hyperledger/fabric-sdk-node/test)。
    我已经将两个组织分别设置为peer(org1中的peer0和org2中的peer2)     我的要求是在每个组织中添加一个对等体(Org1中的peer1和Org2中的peer3)     我相信需要在\ tls文件夹中创建peer1和peer3文件夹并放置一些“.pem”文件     例如:
    “SRC \ github.com \ hyperledger \织物-SDK节点\测试\夹具\ TLS \同行\方1”
    “SRC \ github.com \ hyperledger \织物-SDK节点\测试\夹具\ TLS \同行\对等体3”
    “CA-cert.pem”
    “cert.pem”
    “key.pem”

并且还需要创建admincerts,cacerts,keystore,signcerts文件夹以及相应于以下文件夹中相应对等项的“.pem”

“织物-SDK节点\测试\夹具\通道\加密配置\ peerOrganizations \ org1.example.com \同行\ peer1.org1.example.com”
“fabric-sdk-node / test / fixtures / channel / crypto-config / peerOrganizations / org2.example.com / peers / peer3.org2.example.com”

能否请您帮助我了解生成这些证书文件的步骤,并将这些新同行注册到网络。

我尝试过CA客户端注册并注册peer to peerOrg1 

fabric-ca-client register --id.name peer3 --id.type peer --id.affiliation org1.department1 --id.secret peer3pw  
fabric-ca-client enroll -u http://peer3:peer3pw@localhost:7054 -M $FABRIC_CA_HOME/msp

但得到错误:

2017/05/03 09:18:30 http: TLS handshake error from [::1]:55890: tls: oversized record received with length 21536   
2017/05/03 09:19:04 http: TLS handshake error from 192.168.132.17:53220: tls: first record does not look like a TLS handshake
2017/05/03 09:19:04 http: TLS handshake error from 192.168.132.17:53221: tls: first record does not look like a TLS handshake
2017/05/03 09:20:25 http: TLS handshake error from [::1]:55891: tls: oversized record received with length 21536

我按照以下步骤在org1中添加了新的对等

1)在CA容器(ca_peerOrg1)

export FABRIC_CA_CLIENT_HOME=$HOME/fabric-ca/clients/admin
fabric-ca-client enroll -u http://admin:adminpw@localhost:7054
fabric-ca-client register --id.name peer1 --id.type peer --id.affiliation org1.department1 --id.secret peer1pw
export FABRIC_CA_CLIENT_HOME=$HOME/fabric-ca/clients/peer1
fabric-ca-client enroll -u http://peer1:peer1pw@localhost:7054 -M $FABRIC_CA_CLIENT_HOME/msp

我正在编写错误:

Post failure [Post http://localhost:7054/enroll : malformed HTTP response "\x15\x03\x01\x00\x02\x02\x16"] ; not sending

2)我在执行命令时将主机名替换为容器ID(e2598895c822),仍然得到相同的错误

3)ca_peerOrg1容器日志中的错误:

error : ca_peerOrg1 | 2017/05/03 11:43:02 http: TLS handshake error from [::1]:55913: tls: oversized record received with length 21536

4)我观察到docker组成的yaml文件正在用命令标签(sh -c'fabric-ca-server start -ca.certfile / etc / hyperledger / fabric-ca-server-config / org2)启动ca_peerOrg1容器。 example.com-cert.pem --ca.keyfile / etc / hyperledger / fabric-ca-server-config / 464d550fe9bf9e7d8976cdf59d1a5d472598f54c058c3546317c5c5fb0ddfd6e_sk -b admin:adminpw'-d)

我在docker compose文件中添加了一个带有命令标记(sh -c'fabric-ca-server start -b admin:adminpw)的CA服务器详细信息:

织物-CA-服务器:    image:hyperledger / fabric-ca    container_name:fabric-ca-server    端口:       - “9054:7054”
   环境:       - FABRIC_CA_HOME = / etc / hyperledger / fabric-ca-server    卷:       - “./fabric-ca-server:/etc/hyperledger/fabric-ca-server”    命令:sh -c'fabric-ca-server start -b admin:adminpw'

5)然后我登录了fabric-ca-server容器并在命令

下面执行了 
fabric-ca-client enroll -u http://admin:adminpw@localhost:7054
    fabric-ca-client register --id.name peer1 --id.type peer --id.affiliation org1.department1 --id.secret peer1pw
    export FABRIC_CA_CLIENT_HOME=$HOME/fabric-ca/clients/peer1
    fabric-ca-client enroll -u http://peer1:peer1pw@localhost:7054 -M $FABRIC_CA_CLIENT_HOME/msp

And this time it was successful. And MSP folder got created (with cacert,keystore,signcerts) in container.

6)因为我在org1中尝试添加Peer,所以我再次登录容器ca_peerOrg1     并使用以下命令从fabric-ca-server获得证书

export FABRIC_CA_CLIENT_HOME=$HOME/fabric-ca/clients/peer1
    fabric-ca-client getcacert -u http://2f67d7031c3f:7054 -M $FABRIC_CA_CLIENT_HOME/msp

And observed that msp folder got imported to ca_peerOrg1.

7)在hyperledger \ fabric-sdk-node \ test \ fixtures \ tls \ peers \中创建了一个文件夹peer1     并使用证书复制新创建的cacert,keystore,signcerts文件夹。并将/cacert/3002372bba75.pem重命名为/cacert/ca-cert.pem     我从peer0文件夹复制的admincerts文件夹 8)另外5)在“\ hyperledger \ fabric-sdk-node \ test \ fixtures \ channel \ crypto-config \ peerOrganizations \ org1.example.com \ peers \”中创建了一个文件夹“peer1.org1.example.com”,复制了cacert,keystore,signcerts,admincerts文件夹。

9)用org1中的peer2条目更新了/hyperledger/fabric-sdk-node/test/integration/e2e/config.json 

{
        "test-network": {
                "orderer": {
                        "url": "grpcs://localhost:7050",
                        "server-hostname": "orderer0",
                        "tls_cacerts": "../../fixtures/tls/orderer/ca-cert.pem"
                },
                "org1": {
                        "name": "peerOrg1",
                        "mspid": "Org1MSP",
                        "ca": "https://localhost:7054",
                        "peer1": {
                                "requests": "grpcs://localhost:7051",
                                "events": "grpcs://localhost:7053",
                                "server-hostname": "peer0",
                                "tls_cacerts": "../../fixtures/tls/peers/peer0/ca-cert.pem"
                        },
                        "peer2": {
                                "requests": "grpcs://localhost:9051",
                                "events": "grpcs://localhost:9053",
                                "server-hostname": "peer1",
                                "tls_cacerts": "../../fixtures/tls/peers/peer1/ca-cert.pem"
                        }

                },
                "org2": {
                        "name": "peerOrg2",
                        "mspid": "Org2MSP",
                        "ca": "https://localhost:8054",
                        "peer1": {
                                "requests": "grpcs://localhost:8051",
                                "events": "grpcs://localhost:8053",
                                "server-hostname": "peer2",
                                "tls_cacerts": "../../fixtures/tls/peers/peer2/ca-cert.pem"
                        }
                }
        }
}

10)再创建了一个docker文件“docker-compose_peer1.yaml”,其中只包含peer1的详细信息 并启动了docker compose,现在这些容器已启动(ca_peerOrg2,ca_peerOrg1,orderer0,couchdb,peer2,peer0,peer1,fabric-ca-server)

11)在comaands下面执行并且失败了 Cd /hyperledger1.0.0/gopath/src/github.com/hyperledger/fabric-sdk-node/test/integration/e2e node create-channel.js node join-channel.js 

routines:ssl3_get_server_certificate:certificate verify failed.
events.js:160
      throw er; // Unhandled 'error' event
      ^

Error: Connect Failed
    at ClientDuplexStream._emitStatusIfDone (/root/hyperledger1.0.0/gopath/src/github.com/hyperledger/fabric-sdk-node/node_modules/grpc/src/node/src/client.js:201:19)
    at ClientDuplexStream._readsDone (/root/hyperledger1.0.0/gopath/src/github.com/hyperledger/fabric-sdk-node/node_modules/grpc/src/node/src/client.js:
你能不能帮助我知道我所遵循的步骤是正确的。请帮我添加新的同行。

2 个答案:

答案 0 :(得分:2)

错误" tls:收到超长记录,长度为21536"当您指定" http"在fabric-ca-client的URL中,但fabric-ca-server在启用TLS的情况下启动,因此正在侦听" https"。 但是,由于在登录容器时在fabric-ca-client上使用http工作但在主机上不起作用,我的猜测是在主机上运行另一个fabric-ca-server实例并启用了TLS。 / p>

答案 1 :(得分:0)

要为新对等体生成加密材料(使用cryptogen extends),您需要编辑crypto-config.yaml文件,然后执行:

cryptogen extend --config=./crypto-config.yaml

您可以在

找到完整的指南

Extending Hyperledger Fabric Network: Adding a new peer

相关问题
最新问题