我正在尝试遵循Hyperledger Fabric教程[1],并使Node.js SDK与我的网络一起运行。我已经在管理员服务器上成功注册了管理员,但是,在尝试下一步(注册新用户)时,出现关于使用自签名证书的错误。
我什至不知道错误所指的是哪个证书。 CA服务器使用的证书显然是自签名的,因为它们是根证书。 adminIdentity的证书来自CA服务器本身,该证书是在上一个注册步骤中获得的。
我的ca-server容器上的日志没有任何错误,触发请求甚至不会在其中产生任何日志条目。
来自fabric-samples/fabcar
和fabric-samples/basic-network
的(未更改)示例代码显然可以正常工作。据我所知,SDK代码在功能上与示例相同,因此我怀疑该错误隐藏在配置中的某个地方。
这是我的registerUser.js
文件:
/*
* SPDX-License-Identifier: Apache-2.0
*/
'use strict';
const FabricCAServices = require('fabric-ca-client');
const { FileSystemWallet, X509WalletMixin } = require('fabric-network');
const fs = require('fs');
const path = require('path');
const ccpPath = path.resolve(__dirname, '..', '..', 'fabric-network', 'connection.json');
const ccpJSON = fs.readFileSync(ccpPath, 'utf8');
const ccp = JSON.parse(ccpJSON);
async function main() {
try {
// Create a new CA client for interacting with the CA.
const caURL = ccp.certificateAuthorities['ca.org1.org'].url;
const ca = new FabricCAServices(caURL);
// Create a new file system based wallet for managing identities.
const walletPath = path.join(process.cwd(), 'org1', 'wallet');
const wallet = new FileSystemWallet(walletPath);
console.log(`Wallet path: ${walletPath}`);
// Check to see if we've already enrolled the admin user.
const adminExists = await wallet.exists('admin');
if (adminExists) {
console.log('An identity for the admin user "admin" already exists in the wallet');
return;
}
// Enroll the admin user, and import the new identity into the wallet.
const enrollment = await ca.enroll({ enrollmentID: 'admin', enrollmentSecret: 'adminpw' });
const identity = X509WalletMixin.createIdentity('Org1MSP', enrollment.certificate, enrollment.key.toBytes());
wallet.import('admin', identity);
console.log('Successfully enrolled admin user "admin" and imported it into the wallet');
} catch (error) {
console.error(`Failed to enroll admin user "admin": ${error}`);
process.exit(1);
}
}
main();
...以及我的connection.json
文件:
{
"name": "OrganisationOne",
"version": "1.0.0",
"client": {
"organization": "Org1",
"connection": {
"timeout": {
"peer": {
"endorser": "300"
}
}
}
},
"organizations": {
"Org1": {
"mspid": "Org1MSP",
"peers": [
"peer0.org1.org",
"peer1.org1.org"
],
"certificateAuthorities": [
"ca.org1.org"
]
}
},
"peers": {
"peer0.org1.org": {
"url": "grpcs://localhost:7051",
"tlsCACerts": {
"path": "crypto-config/peerOrganizations/org1.org/tlsca/tlsca.org1.org-cert.pem"
},
"grpcOptions": {
"ssl-target-name-override": "peer0.org1.org"
}
},
"peer1.org1.org": {
"url": "grpcs://localhost:8051",
"tlsCACerts": {
"path": "crypto-config/peerOrganizations/org1.org/tlsca/tlsca.org1.org-cert.pem"
},
"grpcOptions": {
"ssl-target-name-override": "peer1.org1.org"
}
}
},
"certificateAuthorities": {
"ca.org1.org": {
"url": "https://localhost:7054",
"caName": "ca.org1.org"
}
}
}
我希望用户已成功注册,相反,我收到以下错误:
Failed to register user "user1": Error: Calling register endpoint failed with error [Error: self signed certificate]
该如何解决此错误,甚至获得有关此错误的更多有用信息?
答案 0 :(得分:0)
在certificateAuthorities
属性中指定此connection.json文件内部
"httpOptions": {
"verify": false
}
对我有用
答案 1 :(得分:0)
最近我自己打过,我应该更了解;)
错误是因为注册用户的CLI不喜欢从CA接收回自签名证书。在许多环境中,这是默认设置,因此在1.4.10中听到默认设置更改为false很有帮助。