问题
fabric-ca-client enroll -u https://admin:adminpw@localhost:7054 -c fabric-ca-client-config.yaml
Error: POST failure [Post https://localhost:7054/enroll: x509: certificate is valid for example.com, not localhost]; not sending
fabric-ca-client-config.yaml
tls:
enabled: true
certfiles: crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/tls/ca.crt
client:
certfile: crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/tls/server.crt
keyfile: crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/tls/server.key
docker-compose.yaml
ca.org1.example.com:
image: hyperledger/fabric-ca
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca.org1.example.com
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
- FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/${PRIVATE_KEY}
ports:
- "7054:7054"
command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
volumes:
- ./crypto-config/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
container_name: ca.org1.example.com
fabric-ca-client
fabric-ca-client enroll -u https://admin:adminpw@example.com:7054 -c fabric-ca-client-config.yaml
Error: POST failure [Post https://example.com:7054/enroll: x509: certificate signed by unknown authority]; not sending
回答1:
The issue here is that the TLS server certificate which the fabric-ca-server is using was issued for the "example.com" and you are trying to access it as "localhost".
You can
- disable TLS for the fabric-ca-server just to move forward
- created a new TLS certificate for the fabric-ca-server which is valid for localhost (I believe that when fabric-ca-server auto generates the TLS cert it should be valid for localhost)
- add an entry to your hosts file mapping "example.com" to 127.0.0.1
来源:https://stackoverflow.com/questions/48680689/fabric-ca-how-to-generate-client-certfile-and-keyfile