Simon Mullaney
Simon Mullaney

Reputation: 447

Handshake failed with fatal error SSL_ERROR_SSL

I'm following this tutorial https://hyperledger.github.io/composer/latest/tutorials/deploy-to-fabric-multi-org to deploy a composer blockchain business network to Hyperledger Fabric (multiple organizations)

I'm getting the following error however when trying to install the business network though:

 Installing business network. This may take a minute...E0424 16:44:04.865686000 140735870391104 ssl_transport_security.cc:989] Handshake failed with fatal error SSL_ERROR_SSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed.
E0424 16:44:04.868503000 140735870391104 ssl_transport_security.cc:989] Handshake failed with fatal error SSL_ERROR_SSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed.
E0424 16:44:04.870052000 140735870391104 ssl_transport_security.cc:989] Handshake failed with fatal error SSL_ERROR_SSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed.
E0424 16:44:04.870444000 140735870391104 ssl_transport_security.cc:989] Handshake failed with fatal error SSL_ERROR_SSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed.
⠴ Installing business network. This may take a minute...E0424 16:44:04.952667000 140735870391104 ssl_transport_security.cc:989] Handshake failed with fatal error SSL_ERROR_SSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed.
E0424 16:44:04.959653000 140735870391104 ssl_transport_security.cc:989] Handshake failed with fatal error SSL_ERROR_SSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed.
✖ Installing business network. This may take a minute...
Error: Error trying install business network. Error: No valid responses from any peers.
Response from attempted peer comms was an error: Error: 14 UNAVAILABLE: Connect Failed
Response from attempted peer comms was an error: Error: 14 UNAVAILABLE: Connect Failed
Command failed

My connection profile:

{
"name": "bamultiorg_blockaviation",
"x-type": "hlfv1",
"version": "1.0.0",
"channels": {
    "mychannel": {
        "orderers": [
            "orderer.blockaviation.com"
        ],
        "peers": {
            "peer0.org1.blockaviation.com": {
                "endorsingPeer": true,
                "chaincodeQuery": true,
                "eventSource": true
            },
            "peer1.org1.blockaviation.com": {
                "endorsingPeer": true,
                "chaincodeQuery": true,
                "eventSource": true
            },
            "peer0.org2.blockaviation.com": {
                "endorsingPeer": true,
                "chaincodeQuery": true,
                "eventSource": true
            },
            "peer1.org2.blockaviation.com": {
                "endorsingPeer": true,
                "chaincodeQuery": true,
                "eventSource": true
            }
        }
    }
},
"organizations": {
    "Org1": {
        "mspid": "Org1MSP",
        "peers": [
            "peer0.org1.blockaviation.com",
            "peer1.org1.blockaviation.com"
        ],
        "certificateAuthorities": [
            "ca.org1.blockaviation.com"
        ]
    },
    "Org2": {
        "mspid": "Org2MSP",
        "peers": [
            "peer0.org2.blockaviation.com",
            "peer1.org2.blockaviation.com"
        ],
        "certificateAuthorities": [
            "ca.org2.blockaviation.com"
        ]
    }
},
"orderers": {
    "orderer.blockaviation.com": {
        "url": "grpcs://172.16.2.210:7050",
        "grpcOptions": {
            "ssl-target-name-override": "orderer.blockaviation.com"
        },
        "tlsCACerts": {
            "pem": "-----BEGIN CERTIFICATE-----\nMIICTjCCAfSgAwIBAgIRAN2C8u1ClNbKuMDYbd+qh7QwCgYIKoZIzj0EAwIweDEL\nMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG\ncmFuY2lzY28xGjAYBgNVBAoTEWJsb2NrYXZpYXRpb24uY29tMSAwHgYDVQQDExd0\nbHNjYS5ibG9ja2F2aWF0aW9uLmNvbTAeFw0xODA0MjQxMzMzNTdaFw0yODA0MjEx\nMzMzNTdaMHgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYD\nVQQHEw1TYW4gRnJhbmNpc2NvMRowGAYDVQQKExFibG9ja2F2aWF0aW9uLmNvbTEg\nMB4GA1UEAxMXdGxzY2EuYmxvY2thdmlhdGlvbi5jb20wWTATBgcqhkjOPQIBBggq\nhkjOPQMBBwNCAARjdpW0qESlyKkFbCQH1o/abDpfev5M/UQzBqsH7mTYU20IXAWY\n4nvwlVLGFZm75hIEvtmvBPKm3nrL8Vn5aJVpo18wXTAOBgNVHQ8BAf8EBAMCAaYw\nDwYDVR0lBAgwBgYEVR0lADAPBgNVHRMBAf8EBTADAQH/MCkGA1UdDgQiBCB7+yU0\nXeKMBmwn6HxgKxXAMjrx5zteQBQBNaReHz1usjAKBggqhkjOPQQDAgNIADBFAiEA\nyBD4xSLwLZuJLg0kgAjWzsv1qb1PVMgK9W8sUs5GVgMCIHjFrumLV1HqyJP+TFN2\ns4u3g4NqClw41p884ZTZ40HY\n-----END CERTIFICATE-----\n"
        }
    }
},
"peers": {
    "peer0.org1.blockaviation.com": {
        "url": "grpcs://172.16.2.210:7051",
        "eventUrl": "grpcs://172.16.2.210:7053",
        "grpcOptions": {
            "ssl-target-name-override": "peer0.org1.blockaviation.com"
        },
        "tlsCACerts": {
            "pem": "-----BEGIN CERTIFICATE-----\nMIICYzCCAgqgAwIBAgIRANgyJ6qubBFmIsXh0dPNrzUwCgYIKoZIzj0EAwIwgYIx\nCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4g\nRnJhbmNpc2NvMR8wHQYDVQQKExZvcmcxLmJsb2NrYXZpYXRpb24uY29tMSUwIwYD\nVQQDExx0bHNjYS5vcmcxLmJsb2NrYXZpYXRpb24uY29tMB4XDTE4MDQyNDEzMzM1\nN1oXDTI4MDQyMTEzMzM1N1owgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxp\nZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMR8wHQYDVQQKExZvcmcxLmJs\nb2NrYXZpYXRpb24uY29tMSUwIwYDVQQDExx0bHNjYS5vcmcxLmJsb2NrYXZpYXRp\nb24uY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+G03JVSx5h5HJ7wzCAcO\nenLCRJqpeYNQt2TshtOtAgibSjC75l39WtloJ4KbLj5TbJYNZqJGt2KJmYsXYJMW\nEqNfMF0wDgYDVR0PAQH/BAQDAgGmMA8GA1UdJQQIMAYGBFUdJQAwDwYDVR0TAQH/\nBAUwAwEB/zApBgNVHQ4EIgQg2UExat3LFaP1KKpn2/zHBEEjxNCrPUZcKsdv44Uj\n2aUwCgYIKoZIzj0EAwIDRwAwRAIgZsy0sTNZ+ZBnQQHF0FoQQZF7SHUiIYOJbdqK\nX1BqVQwCIHALKpD8+dI0Uet8+JacdYF8rkoILXJUyKIMntnt8w2z\n-----END CERTIFICATE-----\n"
        }
    },
    "peer1.org1.blockaviation.com": {
        "url": "grpcs://172.16.2.210:8051",
        "eventUrl": "grpcs://172.16.2.210:8053",
        "grpcOptions": {
            "ssl-target-name-override": "peer1.org1.blockaviation.com"
        },
        "tlsCACerts": {
            "pem": "-----BEGIN CERTIFICATE-----\nMIICYzCCAgqgAwIBAgIRANgyJ6qubBFmIsXh0dPNrzUwCgYIKoZIzj0EAwIwgYIx\nCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4g\nRnJhbmNpc2NvMR8wHQYDVQQKExZvcmcxLmJsb2NrYXZpYXRpb24uY29tMSUwIwYD\nVQQDExx0bHNjYS5vcmcxLmJsb2NrYXZpYXRpb24uY29tMB4XDTE4MDQyNDEzMzM1\nN1oXDTI4MDQyMTEzMzM1N1owgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxp\nZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMR8wHQYDVQQKExZvcmcxLmJs\nb2NrYXZpYXRpb24uY29tMSUwIwYDVQQDExx0bHNjYS5vcmcxLmJsb2NrYXZpYXRp\nb24uY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+G03JVSx5h5HJ7wzCAcO\nenLCRJqpeYNQt2TshtOtAgibSjC75l39WtloJ4KbLj5TbJYNZqJGt2KJmYsXYJMW\nEqNfMF0wDgYDVR0PAQH/BAQDAgGmMA8GA1UdJQQIMAYGBFUdJQAwDwYDVR0TAQH/\nBAUwAwEB/zApBgNVHQ4EIgQg2UExat3LFaP1KKpn2/zHBEEjxNCrPUZcKsdv44Uj\n2aUwCgYIKoZIzj0EAwIDRwAwRAIgZsy0sTNZ+ZBnQQHF0FoQQZF7SHUiIYOJbdqK\nX1BqVQwCIHALKpD8+dI0Uet8+JacdYF8rkoILXJUyKIMntnt8w2z\n-----END CERTIFICATE-----\n"
        }
    },
    "peer0.org2.blockaviation.com": {
        "url": "grpcs://172.16.2.210:9051",
        "eventUrl": "grpcs://172.16.2.210:9053",
        "grpcOptions": {
            "ssl-target-name-override": "peer0.org2.blockaviation.com"
        },
        "tlsCACerts": {
            "pem": "-----BEGIN CERTIFICATE-----\nMIICYjCCAgmgAwIBAgIQCV72yu8oJa/dg8tBjdNM4zAKBggqhkjOPQQDAjCBgjEL\nMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG\ncmFuY2lzY28xHzAdBgNVBAoTFm9yZzIuYmxvY2thdmlhdGlvbi5jb20xJTAjBgNV\nBAMTHHRsc2NhLm9yZzIuYmxvY2thdmlhdGlvbi5jb20wHhcNMTgwNDI0MTMzMzU3\nWhcNMjgwNDIxMTMzMzU3WjCBgjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlm\nb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xHzAdBgNVBAoTFm9yZzIuYmxv\nY2thdmlhdGlvbi5jb20xJTAjBgNVBAMTHHRsc2NhLm9yZzIuYmxvY2thdmlhdGlv\nbi5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQLckq5PYPrb5ijt4XLCZ0s\nhuHUfGsYQCiGgOBUb9ejzEAW7CrWzY1ksNQDsqqYG6mzfk43CKMZ8gVtmt207KcI\no18wXTAOBgNVHQ8BAf8EBAMCAaYwDwYDVR0lBAgwBgYEVR0lADAPBgNVHRMBAf8E\nBTADAQH/MCkGA1UdDgQiBCAe35Brnt4qF7fBaRQUKhfh2JxFa8UrQLFjo7iaeRvT\nFjAKBggqhkjOPQQDAgNHADBEAiA3XTEBQHZ5LPUBi0nYRm8EbCDfZYmSqAfewNAC\nNWc45QIgcoolhg6mXlwYALAaE+4z3ubB9BBVrD0eRCpInGdGu6w=\n-----END CERTIFICATE-----\n"
        }
    },
    "peer1.org2.blockaviation.com": {
        "url": "grpcs://172.16.2.210:10051",
        "eventUrl": "grpcs://172.16.2.210:10053",
        "grpcOptions": {
            "ssl-target-name-override": "peer1.org2.blockaviation.com"
        },
        "tlsCACerts": {
            "pem": "-----BEGIN CERTIFICATE-----\nMIICYjCCAgmgAwIBAgIQCV72yu8oJa/dg8tBjdNM4zAKBggqhkjOPQQDAjCBgjEL\nMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG\ncmFuY2lzY28xHzAdBgNVBAoTFm9yZzIuYmxvY2thdmlhdGlvbi5jb20xJTAjBgNV\nBAMTHHRsc2NhLm9yZzIuYmxvY2thdmlhdGlvbi5jb20wHhcNMTgwNDI0MTMzMzU3\nWhcNMjgwNDIxMTMzMzU3WjCBgjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlm\nb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xHzAdBgNVBAoTFm9yZzIuYmxv\nY2thdmlhdGlvbi5jb20xJTAjBgNVBAMTHHRsc2NhLm9yZzIuYmxvY2thdmlhdGlv\nbi5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQLckq5PYPrb5ijt4XLCZ0s\nhuHUfGsYQCiGgOBUb9ejzEAW7CrWzY1ksNQDsqqYG6mzfk43CKMZ8gVtmt207KcI\no18wXTAOBgNVHQ8BAf8EBAMCAaYwDwYDVR0lBAgwBgYEVR0lADAPBgNVHRMBAf8E\nBTADAQH/MCkGA1UdDgQiBCAe35Brnt4qF7fBaRQUKhfh2JxFa8UrQLFjo7iaeRvT\nFjAKBggqhkjOPQQDAgNHADBEAiA3XTEBQHZ5LPUBi0nYRm8EbCDfZYmSqAfewNAC\nNWc45QIgcoolhg6mXlwYALAaE+4z3ubB9BBVrD0eRCpInGdGu6w=\n-----END CERTIFICATE-----\n"
        }
    }
},
"certificateAuthorities": {
    "ca.org1.blockaviation.com": {
        "url": "https://172.16.2.210:7054",
        "caName": "ca-org1",
        "httpOptions": {
            "verify": false
        }
    },
    "ca.org2.blockaviation.com": {
        "url": "https://172.16.2.210:8054",
        "caName": "ca-org2",
        "httpOptions": {
            "verify": false
        }
    }
}

I have checked that all the credentials in ~/.composer match up with the corresponding credentials in:

crypt-config/peerOrganizations/org1.blockaviation.com/peers/peer0.org1.blockaviation.com/tls/ca.crt
crypto-config/peerOrganizations/org2.blockaviation.com/peers/peer0.org2.blockaviation.com/tls/ca.crt

So I dont know why it is throwing an error if they do match up - Any help greatly appreciated...

Composer version: v0.19.1 Fabric V1.1.0

Upvotes: 4

Views: 14993

Answers (2)

Fady Ibrahim
Fady Ibrahim

Reputation: 382

One of the reasons is using unsuitable node version. To add the Long Term Support (LTS) subversion of Node.js v8, we can use these commands:

curl https://raw.githubusercontent.com/creationix/nvm/master/install.sh | bash
source ~/.profile 
nvm ls-remote
nvm install v8.16.0
nvm list
nvm use v8.16.0
node --version

Upvotes: 0

R Thatcher
R Thatcher

Reputation: 5570

You have target name overides set for the peers under grpc options, and you have verify:false set for the CAs - so it does not look like any host naming problem.

If you look at the logs for the Orderer, Peers and CA you will see more detail of the error you will probably find an MSP mismatch.

If errors in the logs don't point you to the immediate problem I would suggest searching through all your docker compose yaml files, and crypto-config.yaml and configtx.yaml for example or example.com as it is likely that one has been missed in your replacement with blockaviation. (Remember to also check the script.sh file, and the 2 yaml files in the base folder)

Upvotes: 1

Related Questions