Question

fabric-ca-client enroll -u https://admin:adminpw@localhost:7054 -c fabric-ca-client-config.yaml

错误：POST失败[发布https://localhost:7054/enroll：x509：证书对example.com有效，而不是localhost];不发送

织物-CA-客户config.yaml

TLS：

已启用：true

certfiles: crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/tls/ca.crt

客户端：

certfile: crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/tls/server.crt
keyfile: crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/tls/server.key

搬运工-compose.yaml

ca.org1.example.com：

image: hyperledger/fabric-ca
environment:
  - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
  - FABRIC_CA_SERVER_CA_NAME=ca.org1.example.com
  - FABRIC_CA_SERVER_TLS_ENABLED=true
  - FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
  - FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/${PRIVATE_KEY}
ports:
  - "7054:7054"
command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
volumes:
  - ./crypto-config/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
container_name: ca.org1.example.com

织物-CA-客户端

fabric-ca-client enroll -u https://admin:adminpw@example.com:7054 -c fabric-ca-client-config.yaml

错误：POST失败[发布https://example.com:7054/enroll：x509：由未知权限签名的证书];不发送

Answer 1

此处的问题是，Fabric-ca-server正在使用的TLS服务器证书是针对＆＃34; example.com＆＃34; 发出的，并且您尝试将其作为的＆＃34;本地主机＆＃34;

你可以

为fabric-ca-server禁用TLS以便继续前进

为fabric-ca-server创建了一个新的TLS证书，该证书对 localhost 有效（我相信当fabric-ca-server自动生成TLS证书时，它应该对localhost有效）< / LI>
在主机文件中添加一个条目，将＆＃34; example.com＆＃34; 映射到 127.0.0.1

fabric-ca如何生成客户端certfile和密钥文件？

1 个答案: