Failed to deserialize creater identity , the supplied identity is not valid error in Hyperledger

Question

I have been trying to get going on using the SDK to invoke a function from an installed chaincode, but I have ran into an issue, which I am struggling to resolve. The javascript program I built was a mix of the test/integration/client.js file and the fabcar/invoke.js. When I run the script though, I am getting the following error when running the transaction proposal:

error: [client-utils.js]: sendPeersProposal - Promise is rejected: Error: Failed to deserialize creator identity, err The supplied identity is not valid, Verify() returned x509: certificate signed by unknown authority

I know my issue is due to not using the right certificate, but I don't know where I am not using that correct certificate. I created the crypto-config directory using the following script:

 ../src/github.com/hyperledger/fabric/build//bin/cryptogen generate --config=./crypto-config.yaml
../src/github.com/hyperledger/fabric/build//bin/configtxgen --profile OrdererGenesis -outputBlock ./channel-artifacts/genesis.block
../src/github.com/hyperledger/fabric/build//bin/configtxgen --profile Channel --outputCreateChannelTx ./channel-artifacts/channel.tx -channelID $CHANNEL_NAME
../src/github.com/hyperledger/fabric/build//bin/configtxgen --profile Channel -outputAnchorPeersUpdate ./channel-artifacts/CorpMSPanchors.tx -channelID $CHANNEL_NAME -asOrg CorpMSP
../src/github.com/hyperledger/fabric/build//bin/configtxgen --profile Channel -outputAnchorPeersUpdate ./channel-artifacts/EngMSPanchors.tx -channelID $CHANNEL_NAME -asOrg EngMSP

Here is the code where I add my peer and my channel:

    let data = fs.readFileSync(network[org].peers['peer1']['tls_cacerts']);
          var peer = client.newPeer(
                network[org].peers['peer1'].requests,
              {
                    pem: Buffer.from(data).toString(),
                    'ssl-target-name-override': network[org].peers['peer1']['server-hostname']
                });
            console.log("- Peer set up, setting up channel");
            channel = client.newChannel(utils.getConfigSetting('channelName'));
            channel.addPeer(peer);
            data = fs.readFileSync(network.orderer['tls_cacerts']);
            channel.addOrderer(client.newOrderer(network.orderer['url']), {
                pem: Buffer.from(data).toString(),
                'ssl-target-name-override': network.orderer['server-hostname']
            });
            target.push(peer);

and here is the configuration of my network:

{
    "tmpdir": "/tmp/hfc_test_kvs",
    "channelName" : "mychannel",
    "chaincodeId" : "blockparty",
    "network-config": {
        "orderer": {
            "url": "grpcs://orderer.example.com:7050",
            "server-hostname": "orderer.example.com",
            "tls_cacerts": "./crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem"
        },
        "org1": {
            "name": "Corp",
            "mspid": "CorpMSP",
            "username": "Admin",
            "peers": {
                "peer1": {
                    "requests": "grpcs://peer0.corp.example.com:7051",
                    "events": "grpcs://peer0.corp.example.com:7053",
                    "server-hostname": "peer0.corp.example.com",
                    "tls_cacerts": "./crypto-config/peerOrganizations/corp.example.com/peers/peer0.corp.example.com/tls/server.crt"
                },
            "admin": {
                "key": "./crypto-config/peerOrganizations/corp.example.com/users/Admin@corp.example.com/msp/keystore",
                "cert": "./crypto-config/peerOrganizations/corp.example.com/users/Admin@corp.example.com/msp/signcerts"
            }
        },

As requested, here are some snippets of my crypto-config.yaml:

OrdererOrgs:
  - Name: Orderer
    Domain: example.com
    Specs:
      - Hostname: orderer
PeerOrgs:
  - Name: Corp
    Domain: corp.example.com
    Specs:
      - Hostname: peer0
      - Hostname: peer1
      - Hostname: peer2
    Users:
      Count: 1

and my configtx.yaml:

Profiles:

    OrdererGenesis:
        Orderer:
            <<: *OrdererDefaults
            Organizations:
                - *OrdererOrg
        Consortiums:
            SampleConsortium:
                Organizations:
                    - *Corp
                    - *Eng
    Channel:
        Consortium: SampleConsortium
        Application:
            <<: *ApplicationDefaults
            Organizations:
                - *Corp
                - *Eng

################################################################################
#
#   Section: Organizations
#
#   - This section defines the different organizational identities which will
#   be referenced later in the configuration.
#
################################################################################
Organizations:

    # SampleOrg defines an MSP using the sampleconfig.  It should never be used
    # in production but may be used as a template for other definitions
    - &OrdererOrg
        # DefaultOrg defines the organization which is used in the sampleconfig
        # of the fabric.git development environment
        Name: OrdererOrg

        # ID to load the MSP definition as
        ID: OrdererMSP

        # MSPDir is the filesystem path which contains the MSP configuration
        MSPDir: crypto-config/ordererOrganizations/example.com/msp

    - &Corp
        # DefaultOrg defines the organization which is used in the sampleconfig
        # of the fabric.git development environment
        Name: CorpMSP

        # ID to load the MSP definition as
        ID: CorpMSP

        MSPDir: crypto-config/peerOrganizations/corp.example.com/msp

        AnchorPeers:
            # AnchorPeers defines the location of peers which can be used
            # for cross org gossip communication.  Note, this value is only
            # encoded in the genesis block in the Application section context
            - Host: peer0.corp.example.com
              Port: 7051

Any thoughts on which certificate I am supposed to use to properly submit the transaction proposal and then the transaction? I am not using a ca-server and I am not using the docker containers either. The environment works as I am able to invoke the chaincode using peer chaincode invoke command, so I know it works, but I am not sure which certificate, I am supposed to use in the client.newPeer and the client.newChannel functions.

Thanks a lot for reading, Bertrand.

Answer 1

I think you will need a certificate for client Admin. Preferably signed by either corp.example.com or peer#.corp.example.com. The certificate chain for corp.example.com is already present in the your MSPDir/ca folder. So that should do the trick.