我用Fabric-ca-sdk(fabric-sdk-java / fabric-sdk-java / src / test / fixture / sdkintegration)中的测试代码启动ca服务器,并使用fabric sdk注册订购者并获取来自响应的ca文件。然后将ca文件放入第一个网络演示中,并使用
docker-compose -f docker-compose-cli.yaml up -d
启动订单,但失败,日志为:
无法初始化本地MSP:提供的身份无效:x509:证书由未知授权机构签名(可能是由于尝试验证候选授权机构证书“ ca.example.com”时出现“ x509:ECDSA验证失败”)< / p>
我使用openssl检查ca服务器生成的pem文件,该文件没有任何问题。如果您知道有关的原因,请帮助我 题。非常感谢。 ca.example.com-cer.pem的文件信息如下:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:b1:1d:83:1e:86:57:f6:8f:0c:e1:d1:e9:84:14:0d
Signature Algorithm: ecdsa-with-SHA256
Issuer: C=US, ST=California, L=San Francisco, O=example.com, CN=ca.example.com
Validity
Not Before: Feb 25 12:43:29 2018 GMT
Not After : Feb 23 12:43:29 2028 GMT
Subject: C=US, ST=California, L=San Francisco, O=example.com, CN=ca.example.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
EC Public Key:
pub:
04:8f:70:81:96:e6:4c:c7:f5:c0:38:2d:4f:aa:35:
ea:1f:00:f5:a9:cd:93:69:44:93:ac:d2:89:34:e7:
ca:b1:73:34:3c:c3:28:3e:43:71:79:9b:a4:ce:5b:
e2:a6:57:6d:53:cf:9f:5d:52:c0:81:a7:73:a5:d8:
be:8e:6f:a8:3f
ASN1 OID: prime256v1
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Certificate Sign, CRL Sign
X509v3 Extended Key Usage:
2.5.29.37.0
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Subject Key Identifier:
19:B5:15:37:90:85:4D:AE:85:0A:0F:94:15:70:FC:3C:56:9B:87:87:23:93:3A:D5:A9:C3:19:D2:93:F2:D4:92
Signature Algorithm: ecdsa-with-SHA256
30:44:02:20:6a:f2:74:ab:b3:2c:fe:ff:20:2d:d9:fa:b9:3a:
54:46:43:cd:a7:f7:78:ff:a3:de:e2:7c:c0:b3:e5:6f:76:e8:
02:20:50:47:1d:ba:50:64:a3:a0:06:fc:70:a8:bc:95:2c:08:
5a:91:c5:e6:d2:b0:99:43:2e:52:fb:dd:e2:51:5a:d6
,orderer.example.com-cert.pem文件为:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2c:35:e7:3e:37:73:08:80:18:66:47:df:34:63:dc:0b:f4:44:b0:c0
Signature Algorithm: ecdsa-with-SHA256
Issuer: C=US, ST=California, L=San Francisco, O=example.com, CN=ca.example.com
Validity
Not Before: Jun 20 09:02:00 2018 GMT
Not After : Jun 20 09:07:00 2019 GMT
Subject: OU=orderer, CN=order.example.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
EC Public Key:
pub:
04:73:48:ae:95:c5:60:fd:c3:4c:94:61:98:97:18:
62:24:2f:bb:7e:e7:ad:02:10:15:78:12:6e:24:f2:
2f:33:8f:24:db:16:25:c7:9f:94:a4:e3:9c:10:0d:
11:d2:80:e9:f7:ff:e8:69:48:1a:85:65:b9:22:7e:
0a:b2:dc:26:d5
ASN1 OID: prime256v1
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
F0:26:72:32:C2:24:F0:DE:9E:C5:1C:11:7D:01:BD:96:16:62:C1:0E
X509v3 Authority Key Identifier:
keyid:19:B5:15:37:90:85:4D:AE:85:0A:0F:94:15:70:FC:3C:56:9B:87:87:23:93:3A:D5:A9:C3:19:D2:93:F2:D4:92
1.2.3.4.5.6.7.8.1:
{"attrs":{"hf.Affiliation":"","hf.EnrollmentID":"order.example.com","hf.Type":"orderer"}}
Signature Algorithm: ecdsa-with-SHA256
30:45:02:21:00:d9:87:88:6c:a0:2c:6d:80:c2:e3:6d:0f:b1:
26:b4:5e:24:02:24:6b:42:6f:16:72:7d:f0:eb:a9:e0:28:a4:
99:02:20:5f:4c:5b:57:28:96:55:ab:3f:55:07:1c:75:df:a7:
49:5e:90:5d:05:7c:b2:f8:e0:79:69:9d:d4:aa:6a:60:a1
答案 0 :(得分:0)
发生这种情况是由于以前的版本。
不会使用docker-compose -f docker-compose-cli.yaml down删除Docker卷,并且由于未知原因,有时Docker会使用证书挂载旧卷。
因此,删除卷将有所帮助。
要做:docker volume prune
警告:此命令将删除所有docker卷。