我遇到了在多组织,多对等网络之上部署composer的问题 . 我的网络有两个CA,一个订单和六个对等点(每个组织两个) .
网络使用TLS,这给了我一些问题 . 当运行composer network ping -n network2 -p org1 -i user -s pass时
我收到了SSL错误; E0913 16:54:49.855499904 120141 ssl_transport_security.c:921]握手失败,出现致命错误SSL_ERROR_SSL:错误:14090086:SSL例程:ssl3_get_server_certificate:证书验证失败 .
E0913 16:54:49.864638248 120141 ssl_transport_security.c:921]握手失败并发生致命错误SSL_ERROR_SSL:错误:14090086:SSL例程:ssl3_get_server_certificate:证书验证失败 .
E0913 16:54:49.865108661 120141 ssl_transport_security.c:921]握手失败,出现致命错误SSL_ERROR_SSL:错误:14090086:SSL例程:ssl3_get_server_certificate:证书验证失败 .
E0913 16:54:49.865506771 120141 ssl_transport_security.c:921]握手失败并发生致命错误SSL_ERROR_SSL:错误:14090086:SSL例程:ssl3_get_server_certificate:证书验证失败 .
错误:尝试ping时出错 . 错误:尝试查询链码时出错 . 错误:连接失败命令失败
这是我的连接文件;
{ "type": "hlfv1", "name": "org1", "orderers": [ { "url" : "grpcs://localhost:7050", "cert" : "-----BEGIN CERTIFICATE-----removed-----END CERTIFICATE-----\n" } ], "ca": { "url": "http://localhost:7054", "name": "ca_peerOrg1", "trustedRoots": [""], "verify": true }, "peers": [ { "requestURL": "grpcs://localhost:7051", "eventURL": "grpcs://localhost:7053", "cert" : "-----BEGIN CERTIFICATE-----removed-----END CERTIFICATE-----\n" }, { "requestURL": "grpcs://localhost:8051", "eventURL": "grpcs://localhost:8053", "cert" : "-----BEGIN CERTIFICATE-----removed-----END CERTIFICATE-----\n" } ], "keyValStore": "/home/paul/.composer-credentials", "channel": "mychannel", "mspID": "Org1MSP", "timeout": "300", "globalcert": "", "maxSendSize": -1, "maxRecvSize": -1 }
cert的值与用于启动CA的.pem文件的内容相匹配(sh -c'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.org1 . example.com-cert.pem)
有什么想法我如何使用TLS?没有任何作曲家命令正在工作,他们都给了我相同的错误
1 回答
如果您使用cryptogen生成证书,那么您的组织将有tls文件夹,其中包含您需要放入连接配置文件的公共证书 . 用于CA配置的证书不是要使用的正确证书 .