1174
Reputation: 131
Docker network, No targets have presented acceptable certificates
I moved from runnodes to docker-compose with party[a/b] and notary node. One use case which was working with runnodes does not work anymore, obviously it must be related to the new network setup. I tried to download the tools but most download links don't work. Can anyone give me a hint please what I can do? A rest-server calls party-a via rpc, it throws an error though after a while like this:
api-gateway | D 17:47:23 71 RPCClientProxyHandler.artemisMessageHandler - Got message from RPC server Observation(id=99f3bc35-10ec-4b0f-8fa2-15156fec43e4, timestamp: 2019-06-25T17:47:15.587Z, entityType: Invocation, content=[rx.Notification@66fc17ad OnNext [(0, Starting), (0, Generating transaction.), (0, Verifying contract constraints.), (0, Signing transaction with our private key.), (1, Collecting signatures from counterparties.), (1, Verifying collected signatures.), (0, Gathering the counterparty's signature.), (1, Collecting signatures from counterparties.), (1, Verifying collected signatures.), (0, Obtaining notary signature and recording transaction.), (1, Requesting signature by notary service), (2, Requesting signature by Notary service), (2, Validating response from Notary service), (1, Broadcasting transaction to participants), (0, Done)]], deduplicationIdentity=fb9d4547-bd57-4b50-81e0-a6a01077b4a2)
party-a | [ERROR] 17:47:25+0000 [nioEventLoopGroup-2-1] netty.AMQPChannelHandler.invoke - Provided certificate subject O=PartyA, L=London, C=GB not in expected set [O=Notary, L=London, C=GB] {allowedRemoteLegalNames=O=Notary, L=London, C=GB, localCert=O=PartyA, L=London, C=GB, remoteAddress=localhost/127.0.0.1:10002, remoteCert=O=PartyA, L=London, C=GB, serverMode=false}
party-a | [ERROR] 17:47:25+0000 [nioEventLoopGroup-2-1] netty.AMQPClient.invoke - Blocking future connection attempts to localhost:10002 due to bad certificate on endpoint
party-a | [ERROR] 17:47:26+0000 [nioEventLoopGroup-2-2] netty.AMQPClient.nextTarget - No targets have presented acceptable certificates for [O=Notary, L=London, C=GB]. Halting retries
Docker Compose:
version: '3'
services:
notary:
depends_on:
- "party-a"
container_name: notary
image: notary
build: build/nodes/Notary
party-a:
container_name: party-a
image: party-a
build: build/nodes/PartyA
party-b:
depends_on:
- "party-a"
container_name: party-b
image: party-b
build: build/nodes/PartyB
api-gateway:
depends_on:
- "notary"
container_name: api-gateway
image: api-gateway
build: server/
ports:
- 8080:8080
Deploy nodes:
task deployNodes(type: net.corda.plugins.Dockerform, dependsOn: ['jar']) {
nodeDefaults {
cordapp project(':contracts')
cordapp project(':workflows')
}
node {
name "O=Notary,L=London,C=GB"
rpcUsers = rpcUsersList
notary = [validating: false]
useTestClock true
p2pAddress "localhost:10002"
rpcSettings {
address("0.0.0.0:10003")
adminAddress("0.0.0.0:10004")
}
}
node {
name "O=PartyA,L=London,C=GB"
rpcUsers = [[user: "user1", "password": "test", "permissions": ["ALL"]]]
useTestClock true
p2pAddress "localhost:10002"
rpcSettings {
address("0.0.0.0:10003")
adminAddress("0.0.0.0:10004")
}
}
node {
name "O=PartyB,L=New York,C=US"
rpcUsers = rpcUsersList
useTestClock true
p2pAddress "localhost:10002"
rpcSettings {
address("0.0.0.0:10003")
adminAddress("0.0.0.0:10004")
}
}
new File('build/nodes').mkdir()
new File('build/nodes/docker-compose.yml')
}
API gateway connecting to Party A:
FROM java:8
ADD build/libs/server-0.1.jar server-0.1.jar
ENV JPDA_ADDRESS="8000"
ENV JPDA_TRANSPORT="dt_socket"
ENTRYPOINT ["java", \
"-jar", \
"server-0.1.jar", \
"--config.rpc.host=party-a", \
"--config.rpc.port=10003", \
"--config.rpc.username=user1", \
"--config.rpc.password=test"]
Upvotes: 0
Views: 304
Answers (1)
Chris Chabot
Reputation: 274
You will want to replace the localhost part with the docket network's IP addresses: https://docs.docker.com/v17.09/engine/userguide/networking/#default-networks
Also make sure to expose the right ports on each container so that they can be accessed by the other containers: https://docs.docker.com/compose/networking/
I suspect that the error you're getting is because PartyA is connecting to it's self, and not to the container that's running the notary node
Upvotes: 2
Related Questions
- Docker: Could not read CA certificate: no such file or directory
- Docker CE for Windows - SSL connection could not be established. remote certificate is invalid according to the validation procedure
- Error response from daemon: Get https://192.168.1.5/v2/: x509: certificate signed by unknown authority
- Docker Build Error https://registry-1.docker.io/v2/: x509: certificate is valid
- Running Corda 3.3 in Docker
- Need help setting up a dev/test Corda Network with docker
- Your connection is not private (this certificate can't be verified up to a trusted verification authority)
- Corda 3.3 nodes do not interact in docker network (yo-cordapp)
- Error in dockers when using network builder to start up
- docker error: x509: certificate signed by unknown authority