Reputation: 11
Hyperledger Composer : Error: failed to request identity. Unsupported certificate purpose
I am following a hyperledger composer tutorial (url :https://hyperledger.github.io/composer/latest/tutorials/deploy-to-fabric-multi-org) for deploying a Hyperledger Composer blockchain business network to Hyperledger Fabric (multiple organizations).
I am not able to execute step 15. while executing command :
composer identity request -c PeerAdmin@byfn-network-org1 -u admin -s adminpw -d alice
I am getting the following error:
Error: failed to request identity. Error trying to enroll user and return certificates. Error: Calling enrollment endpoint failed with error [Error: unsupported certificate purpose]
Note : CA server is running.
Can anyone suggest a workaround to make the above command execute please?
Please find the edited question. I have added below the connection.json file for the details.
{
"name": "byfn-network",
"x-type": "hlfv1",
"version": "1.0.0",
"channels": {
"mychannel": {
"orderers": [
"orderer.example.com"
],
"peers": {
"peer0.org1.example.com": {
"endorsingPeer": true,
"chaincodeQuery": true,
"eventSource": true
},
"peer1.org1.example.com": {
"endorsingPeer": true,
"chaincodeQuery": true,
"eventSource": true
},
"peer0.org2.example.com": {
"endorsingPeer": true,
"chaincodeQuery": true,
"eventSource": true
},
"peer1.org2.example.com": {
"endorsingPeer": true,
"chaincodeQuery": true,
"eventSource": true
}
}
}
},
"organizations": {
"Org1": {
"mspid": "Org1MSP",
"peers": [
"peer0.org1.example.com",
"peer1.org1.example.com"
],
"certificateAuthorities": [
"ca.org1.example.com"
]
},
"Org2": {
"mspid": "Org2MSP",
"peers": [
"peer0.org2.example.com",
"peer1.org2.example.com"
],
"certificateAuthorities": [
"ca.org2.example.com"
]
}
},
"orderers": {
"orderer.example.com": {
"url": "grpcs://localhost:7050",
"grpcOptions": {
"ssl-target-name-override": "orderer.example.com"
},
"tlsCACerts": {
"pem": "-----BEGIN CERTIFICATE-----\nMIICNjCCAdygAwIBAgIRAJJu67ezVNCJ4gM4zInHf/wwCgYIKoZIzj0EAwIwbDEL\nMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG\ncmFuY2lzY28xFDASBgNVBAoTC2V4YW1wbGUuY29tMRowGAYDVQQDExF0bHNjYS5l\neGFtcGxlLmNvbTAeFw0xODA1MTgwNTUwMThaFw0yODA1MTUwNTUwMThaMGwxCzAJ\nBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJh\nbmNpc2NvMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEaMBgGA1UEAxMRdGxzY2EuZXhh\nbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS1UB9Mbi0TXhCatds9\nn0jIB27R+2zOLlNpxCqNeZdRiMrIYyrX6EV5leFxwf4/MbHhAtK3Ji/rOQP9m57N\nb9IMo18wXTAOBgNVHQ8BAf8EBAMCAaYwDwYDVR0lBAgwBgYEVR0lADAPBgNVHRMB\nAf8EBTADAQH/MCkGA1UdDgQiBCDvbLbBi42xUsDE6QBAcgT1apjg23G3esLYg2h3\nJv3aUTAKBggqhkjOPQQDAgNIADBFAiEA4Gt4Z5i2vgoWgYX0gfOVnk2xhXzoHSga\nvlX0dbuurPgCIEhBWR/Bm2JMA9Hux9DVX3dqU56UM0dXaxzl2m6jMW7n\n-----END CERTIFICATE-----\n"
}
}
},
"peers": {
"peer0.org1.example.com": {
"url": "grpcs://localhost:7051",
"eventUrl": "grpcs://localhost:7053",
"grpcOptions": {
"ssl-target-name-override": "peer0.org1.example.com"
},
"tlsCACerts": {
"pem": "-----BEGIN CERTIFICATE-----\nMIICSTCCAfCgAwIBAgIRALIlDShhaFDpMZPEO77RDiwwCgYIKoZIzj0EAwIwdjEL\nMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG\ncmFuY2lzY28xGTAXBgNVBAoTEG9yZzEuZXhhbXBsZS5jb20xHzAdBgNVBAMTFnRs\nc2NhLm9yZzEuZXhhbXBsZS5jb20wHhcNMTgwNTE4MDU1MDE4WhcNMjgwNTE1MDU1\nMDE4WjB2MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE\nBxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQb3JnMS5leGFtcGxlLmNvbTEfMB0G\nA1UEAxMWdGxzY2Eub3JnMS5leGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49\nAwEHA0IABClWp8EhhP+vNjaGjTTd3WFTXvwQ8TzHdZaQz9+G77YBPknILmG6ojO2\nC9vI7QQGHJjEJKzaqyCXBVTwnHYnK6yjXzBdMA4GA1UdDwEB/wQEAwIBpjAPBgNV\nHSUECDAGBgRVHSUAMA8GA1UdEwEB/wQFMAMBAf8wKQYDVR0OBCIEINj7sKXMJ1H+\nanNgqm13/1cZeQPqVmp2lM/YGslKcSxOMAoGCCqGSM49BAMCA0cAMEQCIG/W7ht1\nBnccqNWPRvMSzym2ALP56frZuCt1VXnLlGU8AiBOEd0sJ0KlGOeOgYKo3SckNASq\nI6IEmvqwSphYNtEjpw==\n-----END CERTIFICATE-----\n"
}
},
"peer1.org1.example.com": {
"url": "grpcs://localhost:8051",
"eventUrl": "grpcs://localhost:8053",
"grpcOptions": {
"ssl-target-name-override": "peer1.org1.example.com"
},
"tlsCACerts": {
"pem": "-----BEGIN CERTIFICATE-----\nMIICSTCCAfCgAwIBAgIRALIlDShhaFDpMZPEO77RDiwwCgYIKoZIzj0EAwIwdjEL\nMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG\ncmFuY2lzY28xGTAXBgNVBAoTEG9yZzEuZXhhbXBsZS5jb20xHzAdBgNVBAMTFnRs\nc2NhLm9yZzEuZXhhbXBsZS5jb20wHhcNMTgwNTE4MDU1MDE4WhcNMjgwNTE1MDU1\nMDE4WjB2MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE\nBxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQb3JnMS5leGFtcGxlLmNvbTEfMB0G\nA1UEAxMWdGxzY2Eub3JnMS5leGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49\nAwEHA0IABClWp8EhhP+vNjaGjTTd3WFTXvwQ8TzHdZaQz9+G77YBPknILmG6ojO2\nC9vI7QQGHJjEJKzaqyCXBVTwnHYnK6yjXzBdMA4GA1UdDwEB/wQEAwIBpjAPBgNV\nHSUECDAGBgRVHSUAMA8GA1UdEwEB/wQFMAMBAf8wKQYDVR0OBCIEINj7sKXMJ1H+\nanNgqm13/1cZeQPqVmp2lM/YGslKcSxOMAoGCCqGSM49BAMCA0cAMEQCIG/W7ht1\nBnccqNWPRvMSzym2ALP56frZuCt1VXnLlGU8AiBOEd0sJ0KlGOeOgYKo3SckNASq\nI6IEmvqwSphYNtEjpw==\n-----END CERTIFICATE-----\n"
}
},
"peer0.org2.example.com": {
"url": "grpcs://localhost:9051",
"eventUrl": "grpcs://localhost:9053",
"grpcOptions": {
"ssl-target-name-override": "peer0.org2.example.com"
},
"tlsCACerts": {
"pem": "-----BEGIN CERTIFICATE-----\nMIICSTCCAe+gAwIBAgIQIPrCKDtyMOXV7yYWEF/FETAKBggqhkjOPQQDAjB2MQsw\nCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy\nYW5jaXNjbzEZMBcGA1UEChMQb3JnMi5leGFtcGxlLmNvbTEfMB0GA1UEAxMWdGxz\nY2Eub3JnMi5leGFtcGxlLmNvbTAeFw0xODA1MTgwNTUwMThaFw0yODA1MTUwNTUw\nMThaMHYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH\nEw1TYW4gRnJhbmNpc2NvMRkwFwYDVQQKExBvcmcyLmV4YW1wbGUuY29tMR8wHQYD\nVQQDExZ0bHNjYS5vcmcyLmV4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0D\nAQcDQgAEOiTR1rnVMPeONz/1R6ZE+oomhRv7XS8EDqQGGOGOHGw4yaPQIZDwNi0+\nTGwUW2A50KfIq+7N0yw81GjM9eCL5aNfMF0wDgYDVR0PAQH/BAQDAgGmMA8GA1Ud\nJQQIMAYGBFUdJQAwDwYDVR0TAQH/BAUwAwEB/zApBgNVHQ4EIgQgL1Mh2vjSEzwk\nXUngtDYFlZXtRhiijOjXqHLQXsQfu0cwCgYIKoZIzj0EAwIDSAAwRQIhAPWEqaqZ\nmFXmqmoa9w7iYtC9T5ZkYU6dlq/8PDHEcIuZAiBn25xxePB8eqoRQqvzmimd+HYq\nfdnGXkP2ijWzn3YUYg==\n-----END CERTIFICATE-----\n"
}
},
"peer1.org2.example.com": {
"url": "grpcs://localhost:10051",
"eventUrl": "grpcs://localhost:10053",
"grpcOptions": {
"ssl-target-name-override": "peer1.org2.example.com"
},
"tlsCACerts": {
"pem": "-----BEGIN CERTIFICATE-----\nMIICSTCCAe+gAwIBAgIQIPrCKDtyMOXV7yYWEF/FETAKBggqhkjOPQQDAjB2MQsw\nCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy\nYW5jaXNjbzEZMBcGA1UEChMQb3JnMi5leGFtcGxlLmNvbTEfMB0GA1UEAxMWdGxz\nY2Eub3JnMi5leGFtcGxlLmNvbTAeFw0xODA1MTgwNTUwMThaFw0yODA1MTUwNTUw\nMThaMHYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH\nEw1TYW4gRnJhbmNpc2NvMRkwFwYDVQQKExBvcmcyLmV4YW1wbGUuY29tMR8wHQYD\nVQQDExZ0bHNjYS5vcmcyLmV4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0D\nAQcDQgAEOiTR1rnVMPeONz/1R6ZE+oomhRv7XS8EDqQGGOGOHGw4yaPQIZDwNi0+\nTGwUW2A50KfIq+7N0yw81GjM9eCL5aNfMF0wDgYDVR0PAQH/BAQDAgGmMA8GA1Ud\nJQQIMAYGBFUdJQAwDwYDVR0TAQH/BAUwAwEB/zApBgNVHQ4EIgQgL1Mh2vjSEzwk\nXUngtDYFlZXtRhiijOjXqHLQXsQfu0cwCgYIKoZIzj0EAwIDSAAwRQIhAPWEqaqZ\nmFXmqmoa9w7iYtC9T5ZkYU6dlq/8PDHEcIuZAiBn25xxePB8eqoRQqvzmimd+HYq\nfdnGXkP2ijWzn3YUYg==\n-----END CERTIFICATE-----\n"
}
}
},
"certificateAuthorities": {
"ca.org1.example.com": {
"url": "https://localhost:7054",
"caName": "ca-org1",
"httpOptions": {
"verify": true
}
},
"ca.org2.example.com": {
"url": "https://localhost:8054",
"caName": "ca-org2",
"httpOptions": {
"verify": true
}
}
}
}
Upvotes: 0
Views: 492
Answers (2)
Reputation: 11
Error : failed to request identity. Error trying to enroll user and return certificates. Error: Calling enrollment endpoint failed with error [Error: unsupported certificate purpose].
Got the solution for above mentioned error from the link (https://github.com/hyperledger/composer/issues/3808) and the error has been resolved.
Somehow the composer CLI is not correctly connecting to the Fabric CA when it is behind HTTPS.
This can be alleviated by turning off verification in connection.json file.
"certificateAuthorities": {
"myca.example.com": {
"url": "https://myca.example.com:443",
"caName": "myca.example.com",
"httpOptions": {
"verify": false
}
}
Upvotes: 0
Reputation: 5570
If you are following the tutorial "as is" rather than using it as a basis for a custom fabric, then this is likely to be a problem with the certificates pasted into the connection.json file. The correct certificates need to be pasted into the file in the right places, but they also need to be in one long string with no line breaks. (the \n characters indicate a line break but there should be no actual line break.) The certificate should start with -----BEGIN CERTIFICATE-----\n and have the matching end certificate at the end.
If the problem persists you should post your connection.json file, and any errors in the CA container log for org1.
Upvotes: 0
Related Questions
- AccessException: composer network ping does not generate certificates
- Hyperledger fabric: fabric-ca request register failed with errors [[{"code":20,"message":"Authorization failure"}]]
- Authorization failure while issuing identity hyperledger composer
- Error: failed to request identity. Error trying to enroll user and return certificates
- Unable to issue identity in Hyperledger Composer
- Hyperledger Composer Error Identity has not been registered once issued
- Hyperledger Composer: Error: failed to request identity. Error trying to enroll user and return certificates
- hyperledger tls certificate not trusted
- composer identity issue Authorization failure error hyperldeger composer v0.15.0
- Could not obtain certification chain, err The supplied identity is not valid , Verify() returned x509: certificate has expired or is not yet valid