首页 文章

如何在fabric-ca中设置tls

提问于
浏览
1

我想在fabric-ca中启用tls,所以:

step:我modyfied fabric-ca-clien-config.yaml

tls:
  # TLS section for secure socket connection
  certfiles:
       - /Users/jiangnan/Documents/GOPATH/src/github.com/hyperledger/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
  client:
    certfile: /Users/jiangnan/Documents/GOPATH/src/github.com/hyperledger/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
    keyfile: /Users/jiangnan/Documents/GOPATH/src/github.com/hyperledger/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key


fabric-ca-server start -b admin:adminpw

但是当我注册时:

export FABRIC_CA_CLIENT_HOME=/Users/jiangnan/Documents/GOPATH/src/github.com/hyperledger/clients/admin
fabric-ca-client enroll -u https://admin:adminpw@localhost:7054

它出现

2018/09/28 13:36:33 [INFO] encoded CSR
Error: POST failure of request: POST https://localhost:7054/enroll
{"hosts":["jiangdeimac.cn.ibm.com"],"certificate_request":"-----BEGIN CERTIFICATE REQUEST-----\nMIIBSzCB8wIBADBdMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xp\nbmExFDASBgNVBAoTC0h5cGVybGVkZ2VyMQ8wDQYDVQQLEwZGYWJyaWMxDjAMBgNV\nBAMTBWFkbWluMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE6IAf/x032Df4byre\nGJ3dEI1ayE+8t8eyW5R/+ExvZJLk/OK7BrepO5HtHwYg3V2FkNwdB1iV2pq/yxTX\nthZIsqA0MDIGCSqGSIb3DQEJDjElMCMwIQYDVR0RBBowGIIWamlhbmdkZWltYWMu\nY24uaWJtLmNvbTAKBggqhkjOPQQDAgNHADBEAiBzNGIF1avzD9Tbkrh3Qh2E6gVN\nKlHsXiPOZTjpSVfO0wIgCkXYx0MTQseJfjdAgXZUE7dPQqEGRg2JxTOfI2PQi5c=\n-----END CERTIFICATE REQUEST-----\n","profile":"","crl_override":"","label":"","NotBefore":"0001-01-01T00:00:00Z","NotAfter":"0001-01-01T00:00:00Z","CAName":""}: Post https://localhost:7054/enroll: x509: certificate is valid for peer0.org1.example.com, peer0, not localhost

ca-server日志是“

2018/09/28 13:36:33 http: TLS handshake error from [::1]:57762: remote error: tls: bad certificate

所以我想知道如何使用fabric-ca设置tls?

hyperledger-fabric-ca

1 回答

  • 0

    您需要在启动时在服务器上配置TLS,实际上您已经稍微切换了客户端和服务器配置 . 启动服务器时,可以使用以下命令指定启用TLS并指定TLS证书和密钥 . 执行此命令将启动服务器,侦听安全端口 .

    fabric-ca-server start -b admin:adminpw --tls.enabled --tls.certfile /Users/jiangnan/Documents/GOPATH/src/github.com/hyperledger/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt --tls.keyfile /Users/jiangnan/Documents/GOPATH/src/github.com/hyperledger/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key

    然后在注册时在客户端上,您需要为此TLS证书指定信任根,您可以使用 tls.certfiles 标志来执行此操作 . 这看起来像:

    fabric-ca-client enroll -u https://admin:adminpw@localhost:7054 --tls.certfiles /Users/jiangnan/Documents/GOPATH/src/github.com/hyperledger/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt

    这应该允许客户端和服务器 Build TLS连接 .

    回复于

相关问题