在Hyperledger Fabric中尝试发现服务时拒绝访问

时间:2020-01-29 22:04:23

标签: hyperledger-fabric

我正在尝试使用发现服务

# discover --configFile conf.yaml --peerTLSCA ./crypto-config/peerOrganizations/ha-dev/users/User1\@ha-dev/tls/ca.crt --userKey ./crypto-config/peerOrganizations/ha-dev/users/User1\@ha-dev/msp/keystore/key.pem --userCert ./crypto-config/peerOrganizations/ha-dev/users/User1\@ha-dev/msp/tlscacerts/tlsca.ha-dev-cert.pem --MSP HAMSP saveConfig

2020-01-29 21:41:17.051 UTC [bccsp] initBCCSP -> DEBU 001 Initialize BCCSP [SW]

然后我执行发现命令:

# discover --configFile conf.yaml peers --channel mrrc  --server blockchain-hapeer1:30110
2020-01-29 21:41:26.442 UTC [bccsp] initBCCSP -> DEBU 001 Initialize BCCSP [SW]
2020-01-29 21:41:26.980 UTC [grpc] DialContext -> DEBU 002 parsed scheme: ""
2020-01-29 21:41:26.980 UTC [grpc] DialContext -> DEBU 003 scheme "" not registered, fallback to default scheme
2020-01-29 21:41:26.981 UTC [grpc] watcher -> DEBU 004 ccResolverWrapper: sending new addresses to cc: [{blockchain-hapeer1:30110 0  <nil>}]
2020-01-29 21:41:26.981 UTC [grpc] switchBalancer -> DEBU 005 ClientConn switching balancer to "pick_first"
2020-01-29 21:41:26.981 UTC [grpc] HandleSubConnStateChange -> DEBU 006 pickfirstBalancer: HandleSubConnStateChange: 0xc0003262a0, CONNECTING
2020-01-29 21:41:26.985 UTC [grpc] HandleSubConnStateChange -> DEBU 007 pickfirstBalancer: HandleSubConnStateChange: 0xc0003262a0, READY
access denied

我在同伴中看到此错误:

2020-01-29 22:17:46.311 UTC [cauthdsl] deduplicate -> ERRO 043 Principal deserialization failure (the supplied identity is not valid: x509: certificate signed by unknown authority) for identity 0
2020-01-29 22:17:46.311 UTC [discovery] processQuery -> WARN 044 got query for channel mrrc from 10.244.1.120:56254 but it isn't eligible: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Writers' sub-policies to be satisfied
2020-01-29 22:17:46.311 UTC [comm.grpc.server] 1 -> INFO 045 unary call completed grpc.service=discovery.Discovery grpc.method=Discover grpc.request_deadline=2020-01-29T22:17:56.304Z grpc.peer_address=10.244.1.120:56254 grpc.code=OK grpc.call_duration=493.602µs

我怎么才能知道cryptogen为该对等体生成的所有文件中必须使用哪个根CERT,密钥和用户证书文件?

1 个答案:

答案 0 :(得分:1)

您需要使用--userCert ./crypto-config/peerOrganizations/ha-dev/users/User1\@ha-dev/msp/signcerts/cert.pem

相关问题
最新问题