Regarding admin/user identities created for Nodejs Client via Enrollment in Hyperledger Fabric

0
votes

I have below queries with regards to client/user identities created by enrollment process for nodejs client. When I try to enroll identities then fabric-ca issue certificates for that particular user. Certificate issued to that client has below properties.

Certificate Information: Common Name: admin Organization Unit: client Valid From: May 6, 2020 Valid To: May 6, 2021 Issuer: fabric-ca-server, Hyperledger

Now when I try to use the same identity to install and instantiate chaincode or interact with fabric runtime via TestAPI it throws below error :

2020-05-05 18:35:06.670 UTC [protoutils] ValidateProposalMessage -> WARN 0e4 channel [ichannel]: MSP error: the supplied identity is not valid: x509: certificate signed by unknown authority

I have created crypto certificates for all organizations using cryptogen tool. These certificates have been issued by the certificate authority defined in network-config.yaml file. I suspect that the difference in the certificate issuer it's causing identity issue. Please let me know if my understanding is correct.

If yes then how I can ensure that these nodejs client certificates are being used by the same certificate authority defined in network-config.yaml file.

1
node.jshyperledger-fabrichyperledger
Try fetching a channel config block from the CLI container. What I feel is, the channel does not have information of root certificates or the TLS root certificates of the issuer of the client identities. If it has that information filled, that root certificates do not match with issuer identity for the client certificates. - Chintan Rajvir
Some gap exists which is causing the above issue. I will try these steps. - RAJ SINGH
I was able to figure out the reason behind this issue. Correct identities were not picked dynamically from /etc/hyperledger/fabric-ca-server-config location due to which Fabric CA was issuing identities being enrolled instead of the Certificate Authorities of respective organizations. - RAJ SINGH
You can define path to root certificate and key in fabric-ca-server-config.yaml file to override the defaults. - Chintan Rajvir
Yes, I did update root cert and key file paths again post regenerating crypto configs. - RAJ SINGH

1 Answers

0
votes

I was able to resolve this issue by updating Certificate Authorities environment variables inside the docker-compose file. Earlier they were not getting picked from /etc/hyperledger/fabric-ca-server-config/ location.I did update path for below environment variables of all certificate Authorities before regenerating crypto configurations and restarting the whole network:

  • FABRIC_CA_SERVER_CA_KEYFILE
  • FABRIC_CA_SERVER_CA_CERTFILE

Note: TLS configs were disabled inside the network.

This has worked for me.