MOHANRAJ PB
Reputation: 1
Hyperledger: Certificate Issue while bootstrapping the network
Receiving an error while bootstrapping the network - panic: Failed validating bootstrap block: initializing channelconfig failed: could not create channel Consortiums sub-group config: setting up the MSP manager failed: the supplied identity is not valid: x509: certificate signed by unknown authority. This error is specific to the TLS CA root certificate. (crypto/ca-cert of TLSCA). Am I anything missing here? Followed Fabric CA Operations guide for implementing the network on multihost environment.
Docker log-
2020-07-07 01:48:45.066 UTC [localconfig] completeInitialization -> WARN 001 General.GenesisFile should be replaced by General.BootstrapFile
2020-07-07 01:48:45.066 UTC [localconfig] completeInitialization -> INFO 002 Kafka.Version unset, setting to 0.10.2.0
2020-07-07 01:48:45.066 UTC [orderer.common.server] prettyPrintStruct -> INFO 003 Orderer config values:
General.ListenAddress = "0.0.0.0"
General.ListenPort = 7050
General.TLS.Enabled = true
General.TLS.PrivateKey = "/etc/hyperledger/ordererorg/ord1/tls-msp/keystore/key.pem"
General.TLS.Certificate = "/etc/hyperledger/ordererorg/ord1/tls-msp/signcerts/cert.pem"
General.TLS.RootCAs = [/etc/hyperledger/ordererorg/ord1/tls-msp/tlscacerts/tls-ca-tls-cvs-org-7054.pem]
General.TLS.ClientAuthRequired = false
General.TLS.ClientRootCAs = []
General.Cluster.ListenAddress = ""
General.Cluster.ListenPort = 0
General.Cluster.ServerCertificate = ""
General.Cluster.ServerPrivateKey = ""
General.Cluster.ClientCertificate = "/etc/hyperledger/ordererorg/ord1/tls-msp/signcerts/cert.pem"
General.Cluster.ClientPrivateKey = "/etc/hyperledger/ordererorg/ord1/tls-msp/keystore/key.pem"
General.Cluster.RootCAs = [/etc/hyperledger/ordererorg/ord1/tls-msp/tlscacerts/tls-ca-tls-cvs-org-7054.pem]
General.Cluster.DialTimeout = 5s
General.Cluster.RPCTimeout = 7s
General.Cluster.ReplicationBufferSize = 20971520
General.Cluster.ReplicationPullTimeout = 5s
General.Cluster.ReplicationRetryTimeout = 5s
General.Cluster.ReplicationBackgroundRefreshInterval = 5m0s
General.Cluster.ReplicationMaxRetries = 12
General.Cluster.SendBufferSize = 10
General.Cluster.CertExpirationWarningThreshold = 168h0m0s
General.Cluster.TLSHandshakeTimeShift = 0s
General.Keepalive.ServerMinInterval = 1m0s
General.Keepalive.ServerInterval = 2h0m0s
General.Keepalive.ServerTimeout = 20s
General.ConnectionTimeout = 0s
General.GenesisMethod = "file"
General.GenesisFile = "/etc/hyperledger/ordererorg/ord1/genesis.block"
General.BootstrapMethod = "file"
General.BootstrapFile = "/etc/hyperledger/ordererorg/ord1/genesis.block"
General.Profile.Enabled = false
General.Profile.Address = "0.0.0.0:6060"
General.LocalMSPDir = "/etc/hyperledger/ordererorg/ord1/msp"
General.LocalMSPID = "OrdererMSP"
General.BCCSP.ProviderName = "SW"
General.BCCSP.SwOpts.SecLevel = 256
General.BCCSP.SwOpts.HashFamily = "SHA2"
General.BCCSP.SwOpts.Ephemeral = true
General.BCCSP.SwOpts.FileKeystore.KeyStorePath = ""
General.BCCSP.SwOpts.DummyKeystore =
General.BCCSP.SwOpts.InmemKeystore =
General.Authentication.TimeWindow = 15m0s
General.Authentication.NoExpirationChecks = false
FileLedger.Location = "/var/hyperledger/production/orderer"
FileLedger.Prefix = "hyperledger-fabric-ordererledger"
Kafka.Retry.ShortInterval = 5s
Kafka.Retry.ShortTotal = 10m0s
Kafka.Retry.LongInterval = 5m0s
Kafka.Retry.LongTotal = 12h0m0s
Kafka.Retry.NetworkTimeouts.DialTimeout = 10s
Kafka.Retry.NetworkTimeouts.ReadTimeout = 10s
Kafka.Retry.NetworkTimeouts.WriteTimeout = 10s
Kafka.Retry.Metadata.RetryMax = 3
Kafka.Retry.Metadata.RetryBackoff = 250ms
Kafka.Retry.Producer.RetryMax = 3
Kafka.Retry.Producer.RetryBackoff = 100ms
Kafka.Retry.Consumer.RetryBackoff = 2s
Kafka.Verbose = true
Kafka.Version = 0.10.2.0
Kafka.TLS.Enabled = false
Kafka.TLS.PrivateKey = ""
Kafka.TLS.Certificate = ""
Kafka.TLS.RootCAs = []
Kafka.TLS.ClientAuthRequired = false
Kafka.TLS.ClientRootCAs = []
Kafka.SASLPlain.Enabled = false
Kafka.SASLPlain.User = ""
Kafka.SASLPlain.Password = ""
Kafka.Topic.ReplicationFactor = 1
Debug.BroadcastTraceDir = "data/logs"
Debug.DeliverTraceDir = ""
Consensus = map[SnapDir:/var/hyperledger/production/orderer/etcdraft/snapshot WALDir:/var/hyperledger/production/orderer/etcdraft/wal]
Operations.ListenAddress = "127.0.0.1:8443"
Operations.TLS.Enabled = false
Operations.TLS.PrivateKey = ""
Operations.TLS.Certificate = ""
Operations.TLS.RootCAs = []
Operations.TLS.ClientAuthRequired = false
Operations.TLS.ClientRootCAs = []
Metrics.Provider = "disabled"
Metrics.Statsd.Network = "udp"
Metrics.Statsd.Address = "127.0.0.1:8125"
Metrics.Statsd.WriteInterval = 30s
Metrics.Statsd.Prefix = ""
2020-07-07 01:48:45.078 UTC [orderer.common.server] initializeServerConfig -> INFO 004 Starting orderer with TLS enabled
2020-07-07 01:48:45.088 UTC [fsblkstorage] NewProvider -> INFO 005 Creating new file ledger directory at /var/hyperledger/production/orderer/chains
2020-07-07 01:48:45.092 UTC [orderer.common.server] Main -> PANI 006 Failed validating bootstrap block: initializing channelconfig failed: could not create channel Consortiums sub-group config: setting up the MSP manager failed: the supplied identity is not valid: x509: certificate signed by unknown authority
panic: Failed validating bootstrap block: initializing channelconfig failed: could not create channel Consortiums sub-group config: setting up the MSP manager failed: the supplied identity is not valid: x509: certificate signed by unknown authority
goroutine 1 [running]:
github.com/hyperledger/fabric/vendor/go.uber.org/zap/zapcore.(*CheckedEntry).Write(0xc0001c8580, 0x0, 0x0, 0x0)
/go/src/github.com/hyperledger/fabric/vendor/go.uber.org/zap/zapcore/entry.go:230 +0x545
github.com/hyperledger/fabric/vendor/go.uber.org/zap.(*SugaredLogger).log(0xc0001ae310, 0x1191704, 0x100c164, 0x25, 0xc00033f910, 0x1, 0x1, 0x0, 0x0, 0x0)
/go/src/github.com/hyperledger/fabric/vendor/go.uber.org/zap/sugar.go:234 +0x100
github.com/hyperledger/fabric/vendor/go.uber.org/zap.(*SugaredLogger).Panicf(...)
/go/src/github.com/hyperledger/fabric/vendor/go.uber.org/zap/sugar.go:159
github.com/hyperledger/fabric/common/flogging.(*FabricLogger).Panicf(...)
/go/src/github.com/hyperledger/fabric/common/flogging/zap.go:74
github.com/hyperledger/fabric/orderer/common/server.Main()
/go/src/github.com/hyperledger/fabric/orderer/common/server/main.go:130 +0x1354
main.main()
/go/src/github.com/hyperledger/fabric/cmd/orderer/main.go:15 +0x20
configtx.yaml -
---
Organizations:
- &OrdererMSP
Name: OrdererMSP
ID: OrdererMSP
MSPDir: /home/ubuntu/fabric-samples/cvs/OrgMSP/orderer.cvs.org/msp
Policies:
Readers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Writers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Admins:
Type: Signature
Rule: "OR('OrdererMSP.admin')"
OrdererEndpoints:
- ord1.ordererorg.cvs.org:7050
- ord2.ordererorg.cvs.org:7050
- ord3.ordererorg.cvs.org:7050
- &TestOrg1MSP
Name: TestOrg1MSP
ID: TestOrg1MSP
MSPDir: /home/ubuntu/fabric-samples/cvs/OrgMSP/TestOrg1.cvs.org/msp
Policies:
Readers:
Type: Signature
Rule: "OR('TestOrg1MSP.admin', 'TestOrg1MSP.peer', 'TestOrg1MSP.client')"
Writers:
Type: Signature
Rule: "OR('TestOrg1MSP.admin', 'TestOrg1MSP.client')"
Admins:
Type: Signature
Rule: "OR('TestOrg1MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('TestOrg1MSP.peer')"
AnchorPeers:
- Host: peer1.TestOrg1.cvs.org
Port: 7051
- &TestOrg2MSP
Name: TestOrg2MSP
ID: TestOrg2MSP
MSPDir: /home/ubuntu/fabric-samples/cvs/OrgMSP/TestOrg2.cvs.org/msp
Policies:
Readers:
Type: Signature
Rule: "OR('TestOrg2MSP.admin', 'TestOrg2MSP.peer', 'TestOrg2MSP.client')"
Writers:
Type: Signature
Rule: "OR('TestOrg2MSP.admin', 'TestOrg2MSP.client')"
Admins:
Type: Signature
Rule: "OR('TestOrg2MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('TestOrg2MSP.peer')"
AnchorPeers:
- Host: peer1.TestOrg2.cvs.org
Port: 7051
- &TestOrg3MSP
Name: TestOrg3MSP
ID: TestOrg3MSP
MSPDir: /home/ubuntu/fabric-samples/cvs/OrgMSP/TestOrg3.cvs.org/msp
Policies:
Readers:
Type: Signature
Rule: "OR('TestOrg3MSP.admin', 'TestOrg3MSP.peer', 'TestOrg3MSP.client')"
Writers:
Type: Signature
Rule: "OR('TestOrg3MSP.admin', 'TestOrg3MSP.client')"
Admins:
Type: Signature
Rule: "OR('TestOrg3MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('TestOrg3MSP.peer')"
AnchorPeers:
- Host: peer1.TestOrg3.cvs.org
Port: 7051
Capabilities:
Channel: &ChannelCapabilities
V2_0: true
Orderer: &OrdererCapabilities
V2_0: true
Application: &ApplicationCapabilities
V2_0: true
Application: &ApplicationDefaults
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
LifecycleEndorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Endorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: ord1.ordererorg.cvs.org
Port: 7050
ClientTLSCert: /home/ubuntu/fabric-samples/cvs/OrgMSP/ord1.ordererorg.cvs.org/cert.pem
ServerTLSCert: /home/ubuntu/fabric-samples/cvs/OrgMSP/ord1.ordererorg.cvs.org/cert.pem
- Host: ord2.ordererorg.cvs.org
Port: 7050
ClientTLSCert: /home/ubuntu/fabric-samples/cvs/OrgMSP/ord2.ordererorg.cvs.org/cert.pem
ServerTLSCert: /home/ubuntu/fabric-samples/cvs/OrgMSP/ord2.ordererorg.cvs.org/cert.pem
- Host: ord3.ordererorg.cvs.org
Port: 7050
ClientTLSCert: /home/ubuntu/fabric-samples/cvs/OrgMSP/ord3.ordererorg.cvs.org/cert.pem
ServerTLSCert: /home/ubuntu/fabric-samples/cvs/OrgMSP/ord3.ordererorg.cvs.org/cert.pem
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
ThreeOrgsChannel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *TestOrg1MSP
- *TestOrg2MSP
- *TestOrg3MSP
Capabilities:
<<: *ApplicationCapabilities
SampleMultiNodeEtcdRaft:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: etcdraft
Addresses:
- ord1.ordererorg.cvs.org:7050
- ord2.ordererorg.cvs.org:7050
- ord3.ordererorg.cvs.org:7050
Organizations:
- *OrdererMSP
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *OrdererMSP
Consortiums:
SampleConsortium:
Organizations:
- *TestOrg1MSP
- *TestOrg2MSP
- *TestOrg3MSP
channel1:
<<: *ChannelDefaults
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *TestOrg1MSP
- *TestOrg2MSP
Capabilities:
<<: *ApplicationCapabilities
channel2:
<<: *ChannelDefaults
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *TestOrg2MSP
- *TestOrg3MSP
Capabilities:
<<: *ApplicationCapabilities
Upvotes: 0
Views: 622
Answers (1)
Bibek Poudel
Reputation: 116
I cannot say much without looking at your code. But it looks like you have either invalid or expired certificates(crypto materials). You need to make sure that you are using same crypto materials for Generating Genesis Block, Creating Channel, and for the Orderer. Try regenerating the crypto materials and see if it works.
Upvotes: 0
Related Questions
- AccessException: composer network ping does not generate certificates
- Handshake failed with fatal error SSL_ERROR_SSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
- Hyperledger Fabric NodeOUs with CA Server Failed validating bootstrap block. MSP manager failed
- Strange error message in Hyperledger Fabric
- failed to load certificates while trying to create channel following Hyperledger Fabric 'First Network' Tutorial
- Handshake failed with fatal error SSL_ERROR_SSL
- Error: PEM encoded certificate is required
- Hyperledger Composer: fabric-ca request register failed with errors after machine restart
- Error while Initializating Fabric-CA server
- hyperledger tls certificate not trusted