如何在Fabric-CA中设置TLS

时间:2018-09-28 05:38:12

标签: hyperledger-fabric-ca

我想在fabric-ca中启用tls,所以:

步骤:我修改了fabric-ca-clien-config.yaml 

tls:
  # TLS section for secure socket connection
  certfiles:
       - /Users/jiangnan/Documents/GOPATH/src/github.com/hyperledger/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
  client:
    certfile: /Users/jiangnan/Documents/GOPATH/src/github.com/hyperledger/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
    keyfile: /Users/jiangnan/Documents/GOPATH/src/github.com/hyperledger/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key


fabric-ca-server start -b admin:adminpw

但是当我报名时:

export FABRIC_CA_CLIENT_HOME=/Users/jiangnan/Documents/GOPATH/src/github.com/hyperledger/clients/admin
fabric-ca-client enroll -u https://admin:adminpw@localhost:7054

它出现

2018/09/28 13:36:33 [INFO] encoded CSR
Error: POST failure of request: POST https://localhost:7054/enroll
{"hosts":["jiangdeimac.cn.ibm.com"],"certificate_request":"-----BEGIN CERTIFICATE REQUEST-----\nMIIBSzCB8wIBADBdMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xp\nbmExFDASBgNVBAoTC0h5cGVybGVkZ2VyMQ8wDQYDVQQLEwZGYWJyaWMxDjAMBgNV\nBAMTBWFkbWluMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE6IAf/x032Df4byre\nGJ3dEI1ayE+8t8eyW5R/+ExvZJLk/OK7BrepO5HtHwYg3V2FkNwdB1iV2pq/yxTX\nthZIsqA0MDIGCSqGSIb3DQEJDjElMCMwIQYDVR0RBBowGIIWamlhbmdkZWltYWMu\nY24uaWJtLmNvbTAKBggqhkjOPQQDAgNHADBEAiBzNGIF1avzD9Tbkrh3Qh2E6gVN\nKlHsXiPOZTjpSVfO0wIgCkXYx0MTQseJfjdAgXZUE7dPQqEGRg2JxTOfI2PQi5c=\n-----END CERTIFICATE REQUEST-----\n","profile":"","crl_override":"","label":"","NotBefore":"0001-01-01T00:00:00Z","NotAfter":"0001-01-01T00:00:00Z","CAName":""}: Post https://localhost:7054/enroll: x509: certificate is valid for peer0.org1.example.com, peer0, not localhost

ca服务器日志为“ 

2018/09/28 13:36:33 http: TLS handshake error from [::1]:57762: remote error: tls: bad certificate

所以我想知道如何使用fabric-ca设置tls?

1 个答案:

答案 0 :(得分:0)

您需要在启动时在服务器上配置TLS,实际上您需要稍微更改客户端和服务器的配置。启动服务器时,可以使用以下命令指定启用TLS并指定TLS证书和密钥。执行此命令将启动服务器,并在安全端口上侦听。

constraint_type

,然后在客户端上注册时需要指定此TLS证书的信任根,您可以使用fabric-ca-server start -b admin:adminpw --tls.enabled --tls.certfile /Users/jiangnan/Documents/GOPATH/src/github.com/hyperledger/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt --tls.keyfile /Users/jiangnan/Documents/GOPATH/src/github.com/hyperledger/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key 标志来指定。看起来像:

tls.certfiles

这应该允许客户端和服务器建立TLS连接。

相关问题
最新问题