Reputation: 726
Cannot operate with Node SDK + Mutual TLS on my network
I had my network with 1 cli, 1 ca, 1 orderer, 2 peers. I had to move to 3 orderers and I read that I need to implement TLS to let them communicate. I am using Hyperledger 1.4.3 and Node SDK 1.4.4.
Now my peers, cli, ca and orderers have TLS and everything seems working since I've instantiated and installed chaincode and also invoked the chaincode by the cli, using --tls when necessary. Raft orderers correctly elect the leader, peers communicate by gossip, etc. So, from the pov of the network, everything seems fine.
Now I need to update my Node.sdk app, which is very similar to the one provided by fabric-samples. I was used to enroll the admin, the user, and then connect to the network with:
gateway = new Gateway()
await gateway.connect(ccp, { wallet, identity: 'user1', discovery: {enabled:false} });
const network = await gateway.getNetwork(channelName);
Thanks to network, I was used to invoke the contract and make calls. This is no longer working since I am using TLS.
I read that I need to modify the connection profile, that now has "tlsCACerts" inside peers and certificate authorities, since I am only interested in releasing certificates for an admin-user and next make a query on a peer. The tls cert for peer points to peerOrganization/ORGNAME/peers/PEERNAME/tls/ca.crt while tls cert for CA points to peerOrganization/ORGNAME/tlsca/ca.crt. On enrollAdmin and registerUser, when I use the ca.enroll() function, I've also added the profile: 'tls' as option.
Anyways, I cannot do the query because when I call the getNetwork the answer on the debug console is:
Unabled to initialize channel. Attempted to contact 1 Peers. Last error was Error: 2 UNKNOWN: access denied: channel [CHANNELNAME] creator org [ORGMSP].
I checked inside the peer1, that I am contacting, and I see
channel [CHANNELNAME]: MSP error: the supplied identity is not valid: x509: certificate signed by unknown authority
I am stuck here, any help would be appreciated.
Upvotes: 1
Views: 93
Answers (1)
Reputation: 4133
TLS means client request server to send his certificate and client will verify Mutual TLS means both client and server need to share certificates each other both verify each other
So if you triggered on mutual TLS then client also must send his certificate
Please follow the detailed instruction from half node sdk tutorial
https://fabric-sdk-node.github.io/tutorial-mutual-tls.html
Upvotes: 1
Related Questions
- Hyperledger Fabric: ServerHandshake TLS handshake bad certificate server=PeerServer AND ServerHandshake TLS handshake EOF
- TLS handshake fails between organizations
- Hyperledger fabric: TLS Handshake fails with error "no TLS certificate sent" using intermediate CA certificate
- Node SDK v2 Gateway cannot connect to peer
- Hyperledger Node SDK - Handshake failed with fatal error SSL routines:tls_process_server_certificate:certificate verify failed
- Hyperledger Fabric - Error on Invoke / TLS handshake failed with error tls: first record does not look like a TLS handshake
- Error initializing the network channel from node sdk in hyperledger fabric
- Hyperledger Fabric SDK not starting TLS handshake
- peers not joining channel and error with TLS connection (IP SANs error)
- Fail to connect to Hyperledger Fabric using NodeJS SDK with TLS enabled