fabric-ca如何生成客户端certfile和密钥文件?

时间:2018-02-08 08:18:58

标签: hyperledger-fabric

fabric-ca-client enroll -u https://admin:adminpw@localhost:7054 -c fabric-ca-client-config.yaml
  

错误:POST失败[发布https://localhost:7054/enroll:x509:   证书对example.com有效,而不是localhost];不发送

织物-CA-客户config.yaml

TLS:

已启用:true

certfiles: crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/tls/ca.crt

客户端:

certfile: crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/tls/server.crt
keyfile: crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/tls/server.key

搬运工-compose.yaml

ca.org1.example.com:

image: hyperledger/fabric-ca
environment:
  - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
  - FABRIC_CA_SERVER_CA_NAME=ca.org1.example.com
  - FABRIC_CA_SERVER_TLS_ENABLED=true
  - FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
  - FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/${PRIVATE_KEY}
ports:
  - "7054:7054"
command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
volumes:
  - ./crypto-config/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
container_name: ca.org1.example.com
  

织物-CA-客户端

fabric-ca-client enroll -u https://admin:adminpw@example.com:7054 -c fabric-ca-client-config.yaml
  

错误:POST失败[发布https://example.com:7054/enroll:x509:由未知权限签名的证书];不发送

1 个答案:

答案 0 :(得分:0)

此处的问题是,Fabric-ca-server正在使用的TLS服务器证书是针对" example.com" 发出的,并且您尝试将其作为的"本地主机"

你可以

  • 为fabric-ca-server禁用TLS以便继续前进
  • 为fabric-ca-server创建了一个新的TLS证书,该证书对 localhost 有效(我相信当fabric-ca-server自动生成TLS证书时,它应该对localhost有效)< / LI>
  • 在主机文件中添加一个条目,将&#34; example.com&#34; 映射到 127.0.0.1