Hyperledger Fabric ECDSA verification failure" while trying to verify candidate authority certificate

Question

I am in the process of upgrading Hyperledger network from 1.4.9 to 2.2.10. As some people said that try to first create new 2.2.X peer from scratch and make these peer join the channel. I have two organisations in my network and i have generated crypto material for both organisations and build up both peer/couchdb respectively. I also checked if peers are up and running correctly by performing the command peer channel list and the output was no channel as expected. I then fetch genesis block of the channel I need my new peers to join and using that block I ran the command of peer channel join -b {channel-name}_0.block and 1st organisation peer joined the channel and started recommitting the blocks whereas my 2nd organisation is unable to connect to the orderer (context deadline exceeded) and for orderer I am getting logs such as

2023-04-07 10:55:42.628 UTC [core.comm] ServerHandshake -> ERRO 552b Server TLS handshake failed in 1.71185ms with error tls: failed to verify client certificate: x509: certificate signed by unknown authority (possibly because of "x509: ECDSA verification failure" while trying to verify candidate authority certificate "ca-{org2name}2") server=Orderer remoteaddress=10.0.0.2:47382

I have created this new peer using the 2nd Org CA so it is representing the correct name in CN of the certificates. Any help would be appreciated, Thank you (edited)

I have tried hosting it on different servers. I have created admins/peer/user certificates through Fabric-ca shell and facing the same error.

Answer 1

Check if CORE_PEER_TLS_ROOTCERT_FILE is correctly pointing to the authority certificate (tls cert)

For example

export CORE_PEER_TLS_ROOTCERT_FILE=/mypath/organizations/peerOrganizations/org0.example.ma/msp/tlscacerts/ca.crt