fabric-ca 如何生成客户端证书文件和密钥文件?
fabric-ca How to generate client certfile and keyfile?
fabric-ca-client enroll -u https://admin:adminpw@localhost:7054 -c fabric-ca-client-config.yaml
Error: POST failure [Post https://localhost:7054/enroll: x509:
certificate is valid for example.com, not localhost]; not sending
fabric-ca-client-config.yaml
tls:
启用:真
certfiles: crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/tls/ca.crt
客户:
certfile: crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/tls/server.crt
keyfile: crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/tls/server.key
docker-compose.yaml
大约org1.example.com:
image: hyperledger/fabric-ca
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca.org1.example.com
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
- FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/${PRIVATE_KEY}
ports:
- "7054:7054"
command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
volumes:
- ./crypto-config/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
container_name: ca.org1.example.com
fabric-ca-client
fabric-ca-client enroll -u https://admin:adminpw@example.com:7054 -c fabric-ca-client-config.yaml
Error: POST failure [Post https://example.com:7054/enroll: x509: certificate signed by unknown authority]; not sending
这里的问题是 fabric-ca-server 使用的 TLS 服务器证书是为 "example.com" 颁发的,而您正试图访问它"localhost".
你可以
- 为 fabric-ca-server 禁用 TLS 只是为了继续前进
- 为 fabric-ca-server 创建了一个新的 TLS 证书,它对 localhost 有效(我相信当 fabric-ca-server 自动生成 TLS 证书时,它应该是对本地主机有效)
- 在主机文件中添加一个条目,将 "example.com" 映射到 127.0.0.1
fabric-ca-client enroll -u https://admin:adminpw@localhost:7054 -c fabric-ca-client-config.yaml
Error: POST failure [Post https://localhost:7054/enroll: x509: certificate is valid for example.com, not localhost]; not sending
fabric-ca-client-config.yaml
tls:
启用:真
certfiles: crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/tls/ca.crt
客户:
certfile: crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/tls/server.crt
keyfile: crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/tls/server.key
docker-compose.yaml
大约org1.example.com:
image: hyperledger/fabric-ca
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca.org1.example.com
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
- FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/${PRIVATE_KEY}
ports:
- "7054:7054"
command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
volumes:
- ./crypto-config/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
container_name: ca.org1.example.com
fabric-ca-client
fabric-ca-client enroll -u https://admin:adminpw@example.com:7054 -c fabric-ca-client-config.yaml
Error: POST failure [Post https://example.com:7054/enroll: x509: certificate signed by unknown authority]; not sending
这里的问题是 fabric-ca-server 使用的 TLS 服务器证书是为 "example.com" 颁发的,而您正试图访问它"localhost".
你可以
- 为 fabric-ca-server 禁用 TLS 只是为了继续前进
- 为 fabric-ca-server 创建了一个新的 TLS 证书,它对 localhost 有效(我相信当 fabric-ca-server 自动生成 TLS 证书时,它应该是对本地主机有效)
- 在主机文件中添加一个条目,将 "example.com" 映射到 127.0.0.1