I am using a java sdk and getting an error while initializing a channel.
Channel mychannel = fabClient.getInstance().newChannel(Config.CHANNEL_NAME); Orderer orderer = fabClient.getInstance().newOrderer(Config.ORDERER_NAME, Config.ORDERER_URL); Peer peer0_org1 = fabClient.getInstance().newPeer(Config.ORG1_PEER_0, Config.ORG1_PEER_0_URL); Peer peer1_org1 = fabClient.getInstance().newPeer(Config.ORG1_PEER_1, Config.ORG1_PEER_1_URL); mychannel.addOrderer(orderer); mychannel.addPeer(peer0_org1); mychannel.addPeer(peer1_org1); mychannel.initialize();
I am getting the following error.
ERROR Channel - Sending proposal to peer0.org1.example.com failed because of: gRPC failure=Status{code=UNKNOWN, description=access denied: channel [mychannel] creator org [Org1MSP], cause=null} java.lang.Exception: io.grpc.StatusRuntimeException: UNKNOWN: access denied: channel [mychannel] creator org [Org1MSP]
Caused by: org.hyperledger.fabric.sdk.exception.TransactionException: org.hyperledger.fabric.sdk.exception.ProposalException: getConfigBlock for channel mychannel failed with peer peer1.org1.example.com. Status FAILURE, details: Sending proposal to peer1.org1.example.com failed because of: gRPC failure=Status{code=UNKNOWN, description=access denied: channel [mychannel] creator org [Org1MSP], cause=null}
This indicates that the signing CA certificate used by the Fabric CA Server to issue certificates does not match a certificate in the cacerts or intermediatecerts folder of the MSP used to make authorization checks.
The MSP which is used to make authorization checks depends on which operation you were performing when the error occurred. For example, if you were trying to install chaincode on a peer, the local MSP on the file system of the peer is used; otherwise, if you were performing some channel specific operation such as instantiating chaincode on a specific channel, the MSP in the genesis block or the most recent configuration block of the channel is used.
This can happen for multiple reasons including:
- You used cryptogen to generate your key material but did not start fabric-ca-server with the signing key and certificate generated by cryptogen.
- Stop fabric-ca-server.
- Copy crypto-config/peerOrganizations//ca/*pem to $FABRIC_CA_SERVER_HOME/ca-cert.pem.
- Copy crypto-config/peerOrganizations//ca/*_sk to $FABRIC_CA_SERVER_HOME/msp/keystore/.
- Start fabric-ca-server.
- Delete any previously issued enrollment certificates and get new certificates by enrolling again.
- You deleted and recreated the CA signing key and certificate used by the Fabric CA Server after generating the genesis block. This can happen if the Fabric CA Server is running in a docker container, the container was restarted, and its home directory is not on a volume mount. In this case, the Fabric CA Server will create a new CA signing key and certificate.
