Hyperledger Fabric CA: http: TLS handshake error from 127.0.0.1:53356: tls: oversized record received with length 21536

Question

we have a very simple setup where we have spin up an instance of fabric-ca-server by running

/bin/bash -c "fabric-ca-server start -b admin:adminpw"

in a docker container as explained e.g., here. but when we try to enroll a user by running

root@a7094a09a3b7:/etc/hyperledger/fabric-ca-client# fabric-ca-client enroll -u http://user:userpw@localhost:7054

we get below error:

2018/12/07 21:06:17 [INFO] generating key: &{A:ecdsa S:256}
2018/12/07 21:06:17 [INFO] encoded CSR
Error: POST failure of request: POST http://localhost:7054/enroll
{"hosts":["a7094a09a3b7"],"certificate_request":"-----BEGIN CERTIFICATE REQUEST-----\nMIIBQzCB6wIBADBfMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xp\nbmExFDASBgNVBAoTC0h5cGVybGVkZ2VyMQ8wDQYDVQQLEwZGYWJyaWMxEDAOBgNV\nBAMTB3NqYWluNjgwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASiWBUZ5vG5i9X9\nAV8fdfuxFAFsWHeg4JRpNFs/m7knB3QaDWDbbk/G53gEbgyv2scg61cYMNdLDaYK\nGi9ywX0noCowKAYJKoZIhvcNAQkOMRswGTAXBgNVHREEEDAOggxhNzA5NGEwOWEz\nYjcwCgYIKoZIzj0EAwIDRwAwRAIgTY0gn18UIsKfOLgS33F41ORAlKNz2tZS6ip5\nXS03XNICIAE3C9nhv2d4ZrCcO+7rycWLoR6wEU6cnAqZsSf1Txz4\n-----END CERTIFICATE REQUEST-----\n","profile":"","crl_override":"","label":"","NotBefore":"0001-01-01T00:00:00Z","NotAfter":"0001-01-01T00:00:00Z","CAName":""}: Post http://localhost:7054/enroll: net/http: HTTP/1.x transport connection broken: malformed HTTP response "\x15\x03\x01\x00\x02\x02\x16"

and the fabric-ca-server output shows:

http: TLS handshake error from 127.0.0.1:53356: tls: oversized record received with length 21536

wondering what are we doing wrong here and how can we fix this?

Answer 1

Looks like you started the fabric-ca-server with TLS enabled and you are not using TLS with the fabric-ca-client. You need to specify https in your URL: fabric-ca-client enroll -u https://user:userpw@localhost:7054

Alternatively, disable TLS in the Fabric CA config.