无法使用结构中的ca服务器生成的ca文件启动定购器

时间:2018-06-20 10:45:38

标签: hyperledger-fabric hyperledger-fabric-ca

我用Fabric-ca-sdk(fabric-sdk-java / fabric-sdk-java / src / test / fixture / sdkintegration)中的测试代码启动ca服务器,并使用fabric sdk注册订购者并获取来自响应的ca文件。然后将ca文件放入第一个网络演示中,并使用

  

docker-compose -f docker-compose-cli.yaml up -d

启动订单,但失败,日志为:

  

无法初始化本地MSP:提供的身份无效:x509:证书由未知授权机构签名(可能是由于尝试验证候选授权机构证书“ ca.example.com”时出现“ x509:ECDSA验证失败”)< / p>

我使用openssl检查ca服务器生成的pem文件,该文件没有任何问题。如果您知道有关的原因,请帮助我 题。非常感谢。 ca.example.com-cer.pem的文件信息如下:

Certificate:
Data:
    Version: 3 (0x2)
    Serial Number:
        03:b1:1d:83:1e:86:57:f6:8f:0c:e1:d1:e9:84:14:0d
    Signature Algorithm: ecdsa-with-SHA256
    Issuer: C=US, ST=California, L=San Francisco, O=example.com, CN=ca.example.com
    Validity
        Not Before: Feb 25 12:43:29 2018 GMT
        Not After : Feb 23 12:43:29 2028 GMT
    Subject: C=US, ST=California, L=San Francisco, O=example.com, CN=ca.example.com
    Subject Public Key Info:
        Public Key Algorithm: id-ecPublicKey
        EC Public Key:
            pub: 
                04:8f:70:81:96:e6:4c:c7:f5:c0:38:2d:4f:aa:35:
                ea:1f:00:f5:a9:cd:93:69:44:93:ac:d2:89:34:e7:
                ca:b1:73:34:3c:c3:28:3e:43:71:79:9b:a4:ce:5b:
                e2:a6:57:6d:53:cf:9f:5d:52:c0:81:a7:73:a5:d8:
                be:8e:6f:a8:3f
            ASN1 OID: prime256v1
    X509v3 extensions:
        X509v3 Key Usage: critical
            Digital Signature, Key Encipherment, Certificate Sign, CRL Sign
        X509v3 Extended Key Usage: 
            2.5.29.37.0
        X509v3 Basic Constraints: critical
            CA:TRUE
        X509v3 Subject Key Identifier: 
            19:B5:15:37:90:85:4D:AE:85:0A:0F:94:15:70:FC:3C:56:9B:87:87:23:93:3A:D5:A9:C3:19:D2:93:F2:D4:92
Signature Algorithm: ecdsa-with-SHA256
    30:44:02:20:6a:f2:74:ab:b3:2c:fe:ff:20:2d:d9:fa:b9:3a:
    54:46:43:cd:a7:f7:78:ff:a3:de:e2:7c:c0:b3:e5:6f:76:e8:
    02:20:50:47:1d:ba:50:64:a3:a0:06:fc:70:a8:bc:95:2c:08:
    5a:91:c5:e6:d2:b0:99:43:2e:52:fb:dd:e2:51:5a:d6

,orderer.example.com-cert.pem文件为:

Certificate:
Data:
    Version: 3 (0x2)
    Serial Number:
        2c:35:e7:3e:37:73:08:80:18:66:47:df:34:63:dc:0b:f4:44:b0:c0
    Signature Algorithm: ecdsa-with-SHA256
    Issuer: C=US, ST=California, L=San Francisco, O=example.com, CN=ca.example.com
    Validity
        Not Before: Jun 20 09:02:00 2018 GMT
        Not After : Jun 20 09:07:00 2019 GMT
    Subject: OU=orderer, CN=order.example.com
    Subject Public Key Info:
        Public Key Algorithm: id-ecPublicKey
        EC Public Key:
            pub: 
                04:73:48:ae:95:c5:60:fd:c3:4c:94:61:98:97:18:
                62:24:2f:bb:7e:e7:ad:02:10:15:78:12:6e:24:f2:
                2f:33:8f:24:db:16:25:c7:9f:94:a4:e3:9c:10:0d:
                11:d2:80:e9:f7:ff:e8:69:48:1a:85:65:b9:22:7e:
                0a:b2:dc:26:d5
            ASN1 OID: prime256v1
    X509v3 extensions:
        X509v3 Key Usage: critical
            Digital Signature
        X509v3 Basic Constraints: critical
            CA:FALSE
        X509v3 Subject Key Identifier: 
            F0:26:72:32:C2:24:F0:DE:9E:C5:1C:11:7D:01:BD:96:16:62:C1:0E
        X509v3 Authority Key Identifier: 
            keyid:19:B5:15:37:90:85:4D:AE:85:0A:0F:94:15:70:FC:3C:56:9B:87:87:23:93:3A:D5:A9:C3:19:D2:93:F2:D4:92

        1.2.3.4.5.6.7.8.1: 
            {"attrs":{"hf.Affiliation":"","hf.EnrollmentID":"order.example.com","hf.Type":"orderer"}}
Signature Algorithm: ecdsa-with-SHA256
    30:45:02:21:00:d9:87:88:6c:a0:2c:6d:80:c2:e3:6d:0f:b1:
    26:b4:5e:24:02:24:6b:42:6f:16:72:7d:f0:eb:a9:e0:28:a4:
    99:02:20:5f:4c:5b:57:28:96:55:ab:3f:55:07:1c:75:df:a7:
    49:5e:90:5d:05:7c:b2:f8:e0:79:69:9d:d4:aa:6a:60:a1

1 个答案:

答案 0 :(得分:0)

发生这种情况是由于以前的版本。
不会使用docker-compose -f docker-compose-cli.yaml down删除Docker卷,并且由于未知原因,有时Docker会使用证书挂载旧卷。
因此,删除卷将有所帮助。
要做:docker volume prune
警告:此命令将删除所有docker卷。