尝试导入新的Composer卡时,PEM编码的证书错误

时间:2018-12-02 19:59:51

标签: hyperledger-composer

在Composer中设置网络时遇到一些问题。这是一个单一组织,我一直在关注并改编多组织教程https://hyperledger.github.io/composer/v0.19/tutorials/deploy-to-fabric-multi-org,以尝试使TLS正常工作。

当我尝试导入卡时,出现以下错误:

错误:无法从连接配置文件创建客户端。错误:需要PEM编码的证书。 命令失败

我已经在我的connection.json文件中检查了TLS证书:

{
    "name": "my-network",
    "x-type": "hlfv1",
    "version": "1.0.0",
    "client": {
        "organization": "Org1",
        "connection": {
            "timeout": {
                "peer": {
                    "endorser": "300",
                    "eventHub": "300",
                    "eventReg": "300"
                },
                "orderer": "300"
            }
        }
    },
    "channels": {
        "mychannel": {
            "orderers": [
                "orderer.my-network"
            ],
            "peers": {
                "peer0.org1.my-network": {
                    "endorsingPeer": true,
                    "chaincodeQuery": true,
                    "eventSource": true
                },
                "peer1.org1.my-network": {
                    "endorsingPeer": true,
                    "chaincodeQuery": true,
                    "eventSource": true
                },
		            "peer2.org1.my-network": {
                    "endorsingPeer": true,
                    "chaincodeQuery": true,
                    "eventSource": true
                }
            }
        }
    },
    "organizations": {
        "Org1": {
            "mspid": "Org1MSP",
            "peers": [
                "peer0.org1.my-network",
                "peer1.org1.my-network",
                "peer2.org1.my-network"
            ],
            "certificateAuthorities": [
                "ca.org1.my-network"
            ]
        }
    },
    "orderers": {
        "orderer.my-network": {
            "url": "grpcs://localhost:7050",
            "grpcOptions": {
                "ssl-target-name-override": "orderer.my-network"
            },
            "tlsCACerts": {
                "pem": "-----BEGIN CERTIFICATE-----\nMIICNTCCAdugAwIBAgIQKU7mM3knkhRfWjNtvaGaFDAKBggqhkjOPQQDAjBsMQsw\nCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy\nYW5jaXNjbzEUMBIGA1UEChMLbG9nLW5ldHdvcmsxGjAYBgNVBAMTEXRsc2NhLmxv\nZy1uZXR3b3JrMB4XDTE4MTIwMjE3NTAwNloXDTI4MTEyOTE3NTAwNlowbDELMAkG\nA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFu\nY2lzY28xFDASBgNVBAoTC2xvZy1uZXR3b3JrMRowGAYDVQQDExF0bHNjYS5sb2ct\nbmV0d29yazBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMtii2eOX2OjBtn9a0sT\nQBItTcmtxjmb2Rh4zf0140rZz0NipSeUpNjAxO2KH8CkYvqcByMJ6qz8gmQ9McAC\n7x2jXzBdMA4GA1UdDwEB/wQEAwIBpjAPBgNVHSUECDAGBgRVHSUAMA8GA1UdEwEB\n/wQFMAMBAf8wKQYDVR0OBCIEIKPPDTwOmt+IBPVylKfQ3ceqOrSiJBHclABKn5v2\n4Y6MMAoGCCqGSM49BAMCA0gAMEUCIQC5mQ5fJsj20JdX2F5dWpR+YQprbj+dIcST\noCM1L8lHYAIgI0Oq5VO6ucOMMw5e9CDsiCYU40sMAlgAJEYX/5AaZ1M=\n-----END CERTIFICATE-----\n"
            }
        }
    },
    "peers": {
        "peer0.org1.my-network": {
            "url": "grpcs://localhost:7051",
            "grpcOptions": {
                "ssl-target-name-override": "peer0.org1.my-network"
            },
            "tlsCACerts": {
                "pem": "-----BEGIN CERTIFICATE-----\nMIICSDCCAe+gAwIBAgIQUzZZpkSRmpv6cj8Bta1BezAKBggqhkjOPQQDAjB2MQsw\nCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy\nYW5jaXNjbzEZMBcGA1UEChMQb3JnMS5sb2ctbmV0d29yazEfMB0GA1UEAxMWdGxz\nY2Eub3JnMS5sb2ctbmV0d29yazAeFw0xODEyMDIxNzUwMDZaFw0yODExMjkxNzUw\nMDZaMHYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH\nEw1TYW4gRnJhbmNpc2NvMRkwFwYDVQQKExBvcmcxLmxvZy1uZXR3b3JrMR8wHQYD\nVQQDExZ0bHNjYS5vcmcxLmxvZy1uZXR3b3JrMFkwEwYHKoZIzj0CAQYIKoZIzj0D\nAQcDQgAEIdyjFaWd9I3kU+Kdh9z+vJttthzyFLPgcoXBWAT18zX7r7fRLxcBMF9d\nQazzpz2A55YG5rCm5NAeV3ugkHy5AaNfMF0wDgYDVR0PAQH/BAQDAgGmMA8GA1Ud\nJQQIMAYGBFUdJQAwDwYDVR0TAQH/BAUwAwEB/zApBgNVHQ4EIgQgYtzVJNNdNjo+\n4FVhytdhGQr1fT6PbXfV0mKt3AU2g48wCgYIKoZIzj0EAwIDRwAwRAIgH7ADGx8D\nZsyTbeZ12S+1tMRmGo1tx6xpPzUGYx7hcGcCICDps+r+lvHeTaKVpENDPJaj5hcd\nOXkvHWYb2/sMguGc\n-----END CERTIFICATE-----\n"
            }
        },
        "peer1.org1.my-network": {
            "url": "grpcs://localhost:8051",
            "grpcOptions": {
                "ssl-target-name-override": "peer1.org1.my-network" 
            },
            "tlsCACerts": {
                "pem": "-----BEGIN CERTIFICATE-----\nMIICSDCCAe+gAwIBAgIQUzZZpkSRmpv6cj8Bta1BezAKBggqhkjOPQQDAjB2MQsw\nCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy\nYW5jaXNjbzEZMBcGA1UEChMQb3JnMS5sb2ctbmV0d29yazEfMB0GA1UEAxMWdGxz\nY2Eub3JnMS5sb2ctbmV0d29yazAeFw0xODEyMDIxNzUwMDZaFw0yODExMjkxNzUw\nMDZaMHYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH\nEw1TYW4gRnJhbmNpc2NvMRkwFwYDVQQKExBvcmcxLmxvZy1uZXR3b3JrMR8wHQYD\nVQQDExZ0bHNjYS5vcmcxLmxvZy1uZXR3b3JrMFkwEwYHKoZIzj0CAQYIKoZIzj0D\nAQcDQgAEIdyjFaWd9I3kU+Kdh9z+vJttthzyFLPgcoXBWAT18zX7r7fRLxcBMF9d\nQazzpz2A55YG5rCm5NAeV3ugkHy5AaNfMF0wDgYDVR0PAQH/BAQDAgGmMA8GA1Ud\nJQQIMAYGBFUdJQAwDwYDVR0TAQH/BAUwAwEB/zApBgNVHQ4EIgQgYtzVJNNdNjo+\n4FVhytdhGQr1fT6PbXfV0mKt3AU2g48wCgYIKoZIzj0EAwIDRwAwRAIgH7ADGx8D\nZsyTbeZ12S+1tMRmGo1tx6xpPzUGYx7hcGcCICDps+r+lvHeTaKVpENDPJaj5hcd\nOXkvHWYb2/sMguGc\n-----END CERTIFICATE-----\n"
            }

        },
        "peer2.org1.my-network": {
            "url": "grpcs://localhost:9051",
            "gprcOptions": {
                "ssl-target-name-override": "peer2.org1.my-network"
            },
            "tlsCerts": {
                "pem": "-----BEGIN CERTIFICATE-----\nMIICSDCCAe+gAwIBAgIQUzZZpkSRmpv6cj8Bta1BezAKBggqhkjOPQQDAjB2MQsw\nCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy\nYW5jaXNjbzEZMBcGA1UEChMQb3JnMS5sb2ctbmV0d29yazEfMB0GA1UEAxMWdGxz\nY2Eub3JnMS5sb2ctbmV0d29yazAeFw0xODEyMDIxNzUwMDZaFw0yODExMjkxNzUw\nMDZaMHYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH\nEw1TYW4gRnJhbmNpc2NvMRkwFwYDVQQKExBvcmcxLmxvZy1uZXR3b3JrMR8wHQYD\nVQQDExZ0bHNjYS5vcmcxLmxvZy1uZXR3b3JrMFkwEwYHKoZIzj0CAQYIKoZIzj0D\nAQcDQgAEIdyjFaWd9I3kU+Kdh9z+vJttthzyFLPgcoXBWAT18zX7r7fRLxcBMF9d\nQazzpz2A55YG5rCm5NAeV3ugkHy5AaNfMF0wDgYDVR0PAQH/BAQDAgGmMA8GA1Ud\nJQQIMAYGBFUdJQAwDwYDVR0TAQH/BAUwAwEB/zApBgNVHQ4EIgQgYtzVJNNdNjo+\n4FVhytdhGQr1fT6PbXfV0mKt3AU2g48wCgYIKoZIzj0EAwIDRwAwRAIgH7ADGx8D\nZsyTbeZ12S+1tMRmGo1tx6xpPzUGYx7hcGcCICDps+r+lvHeTaKVpENDPJaj5hcd\nOXkvHWYb2/sMguGc\n-----END CERTIFICATE-----\n"
            }
        }
    },
    "certificateAuthorities": {
        "ca.org1.my-network": {
            "url": "http://localhost:7054",
            "caName": "ca_peerOrg1",
            "httpOptions": {
                "verify": false
            }
        }
    }
}

我还没有包含Couchdb,docker-compose-cli.yaml在下面:

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#

version: '2'

networks:
  byfn:

services:

  ca.org1.my-network:
    container_name: ca_peerOrg1
    image: hyperledger/fabric-ca
    environment:
      - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
      - FABRIC_CA_SERVER_CA_NAME=ca-org1
      - FABRIC_CA_SERVER_TLS_ENABLED=true
      - FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.my-network-cert.pem
      - FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/cc074f628fe7cb97e8147a8824fa564ddced245c324be7fb7660ee6fccf9cea2_sk
    ports:
      - "7054:7054"
    command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.org1.my-network-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/cc074f628fe7cb97e8147a8824fa564ddced245c324be7fb7660ee6fccf9cea2_sk -b admin:adminpw -d'
    volumes:
      - ./crypto-config/peerOrganizations/org1.my-network/ca/:/etc/hyperledger/fabric-ca-server-config
    networks:
      - byfn

  # Should be either 3, 5 or 7 zookeepers to avoid split-brain scenarios, and larger than 1 to avoid a single point of failure
  zookeeper0:
    container_name: zookeeper0
    image: hyperledger/fabric-zookeeper
    environment:
         - ZOO_MY_ID=1
         - ZOO_SERVERS=server.1=zookeeper0:2888:3888 server.2=zookeeper1:2888:3888 server.3=zookeeper2:2888:3888
    ports:
         - 2181
         - 2888
         - 3888
    networks:
         - byfn

  zookeeper1:
    container_name: zookeeper1
    image: hyperledger/fabric-zookeeper
    environment:
         - ZOO_MY_ID=2
         - ZOO_SERVERS=server.1=zookeeper0:2888:3888 server.2=zookeeper1:2888:3888 server.3=zookeeper2:2888:3888
    ports:
         - 2181
         - 2888
         - 3888
    networks:
         - byfn

  zookeeper2:
    container_name: zookeeper2
    image: hyperledger/fabric-zookeeper
    environment:
         - ZOO_MY_ID=3
         - ZOO_SERVERS=server.1=zookeeper0:2888:3888 server.2=zookeeper1:2888:3888 server.3=zookeeper2:2888:3888
    command: /bin/bash -c 'sleep 6000000000000000000'
    ports:
         - 2181
         - 2888
         - 3888
    networks:
         - byfn

  # Should be at least 4 nodes in the kafka cluster for crash tollerance
  kafka0:
        image: hyperledger/fabric-kafka
        container_name: kafka0
        environment:
            - KAFKA_LOG_RETENTION_MS=-1
            - KAFKA_MESSAGE_MAX_BYTES=103809024
            - KAFKA_REPLICA_FETCH_MAX_BYTES=103809024
            - KAFKA_BROKER_ID=0
            - KAFKA_ZOOKEEPER_CONNECT=zookeeper:2181
            - KAFKA_UNCLEAN_LEADER_ELECTION_ENABLE=false
            - KAFKA_DEFAULT_REPLICATION_FACTOR=3
            - KAFKA_MIN_INSYNC_REPLICAS=2
            - KAFKA_ZOOKEEPER_CONNECT=zookeeper0:2181,zookeeper1:2181,zookeeper2:2181
        ports:
            - 9092
        depends_on:
            - zookeeper0
            - zookeeper1
            - zookeeper2
        links:
            - zookeeper0:zookeeper0
            - zookeeper1:zookeeper1
            - zookeeper2:zookeeper2
        networks:
            - byfn

  kafka1:
        image: hyperledger/fabric-kafka
        container_name: kafka1
        environment:
            - KAFKA_LOG_RETENTION_MS=-1
            - KAFKA_MESSAGE_MAX_BYTES=103809024
            - KAFKA_REPLICA_FETCH_MAX_BYTES=103809024
            - KAFKA_BROKER_ID=1
            - KAFKA_ZOOKEEPER_CONNECT=zookeeper:2181
            - KAFKA_UNCLEAN_LEADER_ELECTION_ENABLE=false
            - KAFKA_DEFAULT_REPLICATION_FACTOR=3
            - KAFKA_MIN_INSYNC_REPLICAS=2
            - KAFKA_ZOOKEEPER_CONNECT=zookeeper0:2181,zookeeper1:2181,zookeeper2:2181
        ports:
            - 9092
        depends_on:
            - zookeeper0
            - zookeeper1
            - zookeeper2
        links:
            - zookeeper0:zookeeper0
            - zookeeper1:zookeeper1
            - zookeeper2:zookeeper2
        networks:
            - byfn

  kafka2:
        image: hyperledger/fabric-kafka
        container_name: kafka2
        environment:
            - KAFKA_LOG_RETENTION_MS=-1
            - KAFKA_MESSAGE_MAX_BYTES=103809024
            - KAFKA_REPLICA_FETCH_MAX_BYTES=103809024
            - KAFKA_BROKER_ID=2
            - KAFKA_ZOOKEEPER_CONNECT=zookeeper:2181
            - KAFKA_UNCLEAN_LEADER_ELECTION_ENABLE=false
            - KAFKA_DEFAULT_REPLICATION_FACTOR=3
            - KAFKA_MIN_INSYNC_REPLICAS=2
            - KAFKA_ZOOKEEPER_CONNECT=zookeeper0:2181,zookeeper1:2181,zookeeper2:2181
        ports:
            - 9092
        depends_on:
            - zookeeper0
            - zookeeper1
            - zookeeper2
        links:
            - zookeeper0:zookeeper0
            - zookeeper1:zookeeper1
            - zookeeper2:zookeeper2
        networks:
            - byfn

  kafka3:
        image: hyperledger/fabric-kafka
        container_name: kafka3
        environment:
            - KAFKA_LOG_RETENTION_MS=-1
            - KAFKA_MESSAGE_MAX_BYTES=103809024
            - KAFKA_REPLICA_FETCH_MAX_BYTES=103809024
            - KAFKA_BROKER_ID=3
            - KAFKA_ZOOKEEPER_CONNECT=zookeeper:2181
            - KAFKA_UNCLEAN_LEADER_ELECTION_ENABLE=false
            - KAFKA_DEFAULT_REPLICATION_FACTOR=3
            - KAFKA_MIN_INSYNC_REPLICAS=2
            - KAFKA_ZOOKEEPER_CONNECT=zookeeper0:2181,zookeeper1:2181,zookeeper2:2181
        ports:
            - 9092
        depends_on:
            - zookeeper0
            - zookeeper1
            - zookeeper2
        links:
            - zookeeper0:zookeeper0
            - zookeeper1:zookeeper1
            - zookeeper2:zookeeper2
        networks:
            - byfn

  orderer.my-network:
    extends:
      file:   base/docker-compose-base.yaml
      service: orderer.my-network
    container_name: orderer.my-network
    depends_on:
            - kafka0
            - kafka1
            - kafka2
            - kafka3
    links:
            - kafka0:kafka0
            - kafka1:kafka1
            - kafka2:kafka2
            - kafka3:kafka3
    networks:
      - byfn

  peer0.org1.my-network:
    container_name: peer0.org1.my-network
    extends:
      file:  base/docker-compose-base.yaml
      service: peer0.org1.my-network
    networks:
      - byfn

  peer1.org1.my-network:
    container_name: peer1.org1.my-network
    extends:
      file:  base/docker-compose-base.yaml
      service: peer1.org1.my-network
    networks:
      - byfn

  peer2.org1.my-network:
    container_name: peer2.org1.my-network
    extends:
      file:  base/docker-compose-base.yaml
      service: peer2.org1.my-network
    networks:
      - byfn

  cli:
    container_name: cli
    image: hyperledger/fabric-tools
    tty: true
    environment:
      - GOPATH=/opt/gopath
      - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
      - CORE_LOGGING_LEVEL=DEBUG
      - CORE_PEER_ID=cli
      - CORE_PEER_ADDRESS=peer0.org1.my-network:7051
      - CORE_PEER_LOCALMSPID=Org1MSP
      - CORE_PEER_TLS_ENABLED=true
      - CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.my-network/peers/peer0.org1.my-network/tls/server.crt
      - CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.my-network/peers/peer0.org1.my-network/tls/server.key
      - CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.my-network/peers/peer0.org1.my-network/tls/ca.crt
      - CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.my-network/users/Admin@org1.my-network/msp
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
    command: /bin/bash
    # command: /bin/bash -c './scripts/script.sh ${CHANNEL_NAME} ${DELAY} ${LANG}; sleep $TIMEOUT'
    volumes:
        - /var/run/:/host/var/run/
        - ./../chaincode/:/opt/gopath/src/github.com/chaincode
        - ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
        - ./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/
        - ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
    depends_on:
      - orderer.my-network
      - peer0.org1.my-network
      - peer1.org1.my-network
      - peer2.org1.my-network
    networks:
      - byfn

我不是使用byfn.sh来启动网络,而是使用以下方法手动启动:

docker-compose -f docker-compose-cli.yaml up -d

我尚未加载任何示例链码。我已经加入订购者和三个对等方到CLI中的频道。

启动网络时,证书颁发机构是否缺少某些内容?

在执行此操作时会遇到困难,因此非常感谢您的帮助。

非常感谢。

2 个答案:

答案 0 :(得分:1)

您的peer2.org1.my-network定义有误,您在应该将tlsCerts指定为tlsCACerts的情况下指定了该变量。

答案 1 :(得分:0)

我也面临着同样的问题:

  

✖安装业务网络。这可能需要一分钟...

     

错误:需要PEM编码的证书。命令失败

而且,在我的情况下,缺少 tlsCACerts pem证书

"tlsCACerts": {
                "pem": ""
              }

我使用以下命令提取了证书:

awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/ca.crt > ca-orderer.txt

并将ca-orderer.txt文件的内容粘贴到上述tlsCACerts pem属性中。