Reputation: 417
Channel creation fails due to nonexistent setting orderer.tls.clientKey.file
I'm trying to create a channel with a CLI container in Kubernetes. However, it fails with the following error message:
Error: failed to create deliver client for orderer: failed to load config for OrdererClient: unable to load orderer.tls.clientKey.file: open : no such file or directory command terminated with exit code 1
I searched everywhere for a orderer.tls.clientKey.file setting - without success.
Question: Where should this setting be located?
I already tried it as environment variable at the CLI and at the orderer, also I introduced a new orderer section within the peer's core.yaml file - everything failed.
TLS, client authentication, NodeOUs are enabled (if that matters somehow).
HLF Version 2.1
Channel creation command:
export CORE_PEER_MSPCONFIGPATH=/config/admin/msp
peer channel create -c channel1 -f /config/peer/channel1.tx -o org1-orderer:30011 --outputBlock /channels/channel1.block --clientauth --tls --cafile /config/peer/tls-msp/tlscacerts/ca-cert.pem
CLI env vars:
env:
- name: FABRIC_LOGGING_SPEC
value: grpc=debug
- name: CORE_PEER_ID
value: org1-cli
- name: CORE_PEER_ADDRESS
value: org1-peer1:30151
- name: CORE_PEER_LOCALMSPID
value: Org1MSP
- name: CORE_PEER_TLS_ENABLED
value: "true"
- name: CORE_PEER_TLS_ROOTCERT_FILE
value: /config/peer/tls-msp/tlscacert/ca-cert.pem
- name: CORE_PEER_TLS_CLIENTAUTHREQUIRED
value: "true"
- name: CORE_PEER_TLS_CLIENTCERT_FILE
value: /config/peer/tls-msp/signcerts/cert.pem
- name: CORE_PEER_TLS_CLIENTKEY_FILE
value: /config/peer/tls-msp/keystore/key.pem
- name: CORE_PEER_MSPCONFIGPATH
value: /config/peer/msp
Upvotes: 0
Views: 202
Answers (1)
Reputation: 279
I am assuming you want Mutual TLS, as in server and client authentication. If that is the case, then (I think) you need the key file containing PEM-encoded private key to use for mutual TLS communication with the orderer endpoint in two places: the CLI environment variables like you have and in the create channel command itself.
- Try
--keyfile <Path to file containing PEM-encoded private key>in the CLI command.
Upvotes: 2
Related Questions
- Create Channel fails with failure to generate anchor peer update transaction
- failed to load certificates while trying to create channel following Hyperledger Fabric 'First Network' Tutorial
- When I try to create a channel using Hyperledger Fabric, the request fails
- Error: timeout waiting for channel creation -- While using Kafka Orderer of Fabric
- TLS Handshake Error while Creating Hyperledger Fabric Channel with Multiple Organisation Orderers
- Hyperledger fabric network(1.1.0) cannot create a channel between a peer and an orderer
- Hyperledger Fabric channel creation failure
- Error: error getting endorser client for channel
- Peer channel creation failed in Hyperledger Fabric
- Create channel on peer fails