hyperledger/fabric-ca

Unable to get Fabric Network with TLS Chain of Trust of multiple Fabric CA Servers working!

aaronbeer81 opened this issue · 2 comments

aaronbeer81 commented

Hi everybody ;)

I'm stuck! Lately I'm trying to get a Hyperledger Fabric Network with multiple Fabric-CA's building a Chain Of Trust running. I read the Docs, checked out multiple Blog Posts about this topic, tried out various of different kinds of approaches... But I just can't get my Network up and running!

The relevant part of the network looks something like this
topology

The startup of the whole CA-Hierarchy is already working. And without the ca-root and ca-intermediate though, I managed to get it all running without any problems.

The error most probably lies in the Overall Generation of the TLS-Certificates or the Usage of them in the peers & orderers.
The error that I can't get rid off happens in all peers & orderers when starting them:

peer1

/etc/hyperledger/fabric/core.yaml: OK
patching file /etc/hyperledger/fabric/core.yaml
patch unexpectedly ends in middle of line
Hunk #1 succeeded at 546 with fuzz 1.
Running: peer node start
2021-11-17 14:28:33.081 CET [main] InitCmd -> ERRO 001 Cannot run peer because error when setting up MSP of type bccsp from directory /etc/hyperledger/crypto/peer/msp: the supplied identity is not valid: x509: certificate signed by unknown authority

orderer1

2021-11-17 14:33:27.672 CET [orderer.common.server] loadLocalMSP -> PANI 004 Failed to setup local msp with config: the supplied identity is not valid: x509: certificate signed by unknown authority
panic: Failed to setup local msp with config: the supplied identity is not valid: x509: certificate signed by unknown authority

Files

The project in the state described above with all the files (including Startup-Script, Config-Files, generated certificates in their MSP Structure) are to be inspected in the following repository:

Fabric Network Project

When you want the project to run in your kubernetes namespace, you have to delete the /artifacts/crypto-config folder and then run the ./start.sh script.

I would be very pleased if someone could tell me what I have to change in my Script and Configs to get this thing working!

denyeart commented

Please reserve github issues for Fabric code issues.

For getting help, see the community help resources mentioned at:
https://hyperledger-fabric.readthedocs.io/en/latest/CONTRIBUTING.html#getting-help

wojda commented

@aaronbeer81 Have you found the solution?