Reputation: 708
Finding private key and certificate fails for FABRIC-CA
I was able to successfully run through "Build Your First Network" tutorial. Next, I've started following the tutorial "Write Your First Application". I'm using release 1.1. Here, when I'm issuing the ./startFabric.sh node command, it is able to spin up all the docker containers except the FABRIC_CA.
On checking the logs I found that it is not able to find the matching private for the certificate specified. To give it a try, I regenerated the certificates, genesis block and channel transaction again. I specified these newly generated certificate file and the key file in the services section for CA in the "docker-compose.yml" file.
Steps that I've followed till now:
- Killed the stale/active containers using:
docker rm -f $(docker ps -aq) - Cleared the cached network using:
docker network prune. - Installed the node packages.
- Supplied the command:
startFabric.sh node. - Name of my CA container is "ca.example.com". So tried streaming the CA logs using:
docker logs -f ca.example.com
The last step spits out the following error:
Error: Failed to find private key for certificate in '/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem': Could not find matching private key for SKI: Failed getting key for SKI [[121 3 161 188 208 43 162 82 194 238 60 39 201 202 175 48 142 53 142 226 34 112 214 8 95 124 86 11 87 93 41 229]]: Key with SKI 7903a1bcd02ba252c2ee3c27c9caaf308e358ee22270d6085f7c560b575d29e5 not found in /etc/hyperledger/fabric-ca-server/msp/keystore
Am I missing out on any step?
P.S. Similar question is asked a few days ago but remains unanswered due to lack of information. Link: CA stack service failed to start.
Upvotes: 2
Views: 2141
Answers (2)
Reputation: 1088
It seems that ca.org1.example.com-cert.pem cannot correctly mounted on Fabric-ca container. Two recommend that you should try to fix it.
- carefully check the docker-compose.yaml file that you mentioned above about ca volumes and environments configuration. Trace the source path of the ca key if you can.
- Remember to replace the FABRIC_CA_SERVER_CA_KEYFILE parameter at
envandcommandin yaml if you regenerate the certification.
Upvotes: 2
Reputation: 1276
remove fabric-samples and clone from https://github.com/hyperledger/fabric-samples works for me
Upvotes: 0
Related Questions
- Hyperledger Fabric CA Authorization failure
- Hyperledger fabric Private key using Fabric-CA -server
- hyperledger fabric : Could not find matching private key for SKI
- Error: PEM encoded certificate is required
- How to generate tls certificate and keys with fabric-ca
- Error while Initializating Fabric-CA server
- PEM encoded certificate is required
- Failed Error: Private key missing from key store. Can not establish the signing identity for user admin
- Fabric-Ca server setup issue
- Hyperledger fabric ca V1 . fabric-ca-client error