我使用 fabric-ca-sdk(fabric-sdk-java/fabric-sdk-java/src/test/fixture/sdkintegration) 中的测试代码启动 ca 服务器。并使用 fabric sdk 注册订购者并获得来自响应的 .ca 文件。然后我将 ca 文件放到第一个网络演示中,并使用
docker-compose -f docker-compose-cli.yaml up -d
开始下单,但失败,日志为:
Failed to initialize local MSP: the supplied identity is not valid: x509: certificate signed by unknown authority (possibly because of "x509: ECDSA verification failure" while trying to verify candidate authority certificate "ca.example.com")
我用openssl查看ca server生成的pem文件,没有问题。如果您知道原因,请帮助我 问题。非常感谢你。 ca.example.com-cer.pem 文件信息如下:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:b1:1d:83:1e:86:57:f6:8f:0c:e1:d1:e9:84:14:0d
Signature Algorithm: ecdsa-with-SHA256
Issuer: C=US, ST=California, L=San Francisco, O=example.com, CN=ca.example.com
Validity
Not Before: Feb 25 12:43:29 2018 GMT
Not After : Feb 23 12:43:29 2028 GMT
Subject: C=US, ST=California, L=San Francisco, O=example.com, CN=ca.example.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
EC Public Key:
pub:
04:8f:70:81:96:e6:4c:c7:f5:c0:38:2d:4f:aa:35:
ea:1f:00:f5:a9:cd:93:69:44:93:ac:d2:89:34:e7:
ca:b1:73:34:3c:c3:28:3e:43:71:79:9b:a4:ce:5b:
e2:a6:57:6d:53:cf:9f:5d:52:c0:81:a7:73:a5:d8:
be:8e:6f:a8:3f
ASN1 OID: prime256v1
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Certificate Sign, CRL Sign
X509v3 Extended Key Usage:
2.5.29.37.0
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Subject Key Identifier:
19:B5:15:37:90:85:4D:AE:85:0A:0F:94:15:70:FC:3C:56:9B:87:87:23:93:3A:D5:A9:C3:19:D2:93:F2:D4:92
Signature Algorithm: ecdsa-with-SHA256
30:44:02:20:6a:f2:74:ab:b3:2c:fe:ff:20:2d:d9:fa:b9:3a:
54:46:43:cd:a7:f7:78:ff:a3:de:e2:7c:c0:b3:e5:6f:76:e8:
02:20:50:47:1d:ba:50:64:a3:a0:06:fc:70:a8:bc:95:2c:08:
5a:91:c5:e6:d2:b0:99:43:2e:52:fb:dd:e2:51:5a:d6
orderer.example.com-cert.pem 文件是:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2c:35:e7:3e:37:73:08:80:18:66:47:df:34:63:dc:0b:f4:44:b0:c0
Signature Algorithm: ecdsa-with-SHA256
Issuer: C=US, ST=California, L=San Francisco, O=example.com, CN=ca.example.com
Validity
Not Before: Jun 20 09:02:00 2018 GMT
Not After : Jun 20 09:07:00 2019 GMT
Subject: OU=orderer, CN=order.example.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
EC Public Key:
pub:
04:73:48:ae:95:c5:60:fd:c3:4c:94:61:98:97:18:
62:24:2f:bb:7e:e7:ad:02:10:15:78:12:6e:24:f2:
2f:33:8f:24:db:16:25:c7:9f:94:a4:e3:9c:10:0d:
11:d2:80:e9:f7:ff:e8:69:48:1a:85:65:b9:22:7e:
0a:b2:dc:26:d5
ASN1 OID: prime256v1
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
F0:26:72:32:C2:24:F0:DE:9E:C5:1C:11:7D:01:BD:96:16:62:C1:0E
X509v3 Authority Key Identifier:
keyid:19:B5:15:37:90:85:4D:AE:85:0A:0F:94:15:70:FC:3C:56:9B:87:87:23:93:3A:D5:A9:C3:19:D2:93:F2:D4:92
1.2.3.4.5.6.7.8.1:
{"attrs":{"hf.Affiliation":"","hf.EnrollmentID":"order.example.com","hf.Type":"orderer"}}
Signature Algorithm: ecdsa-with-SHA256
30:45:02:21:00:d9:87:88:6c:a0:2c:6d:80:c2:e3:6d:0f:b1:
26:b4:5e:24:02:24:6b:42:6f:16:72:7d:f0:eb:a9:e0:28:a4:
99:02:20:5f:4c:5b:57:28:96:55:ab:3f:55:07:1c:75:df:a7:
49:5e:90:5d:05:7c:b2:f8:e0:79:69:9d:d4:aa:6a:60:a1
最佳答案
发生这种情况是因为以前的构建。
使用 docker-compose -f docker-compose-cli.yaml down 不会删除 Docker 卷,并且出于未知原因,有时 docker 会使用证书安装旧卷。
因此,删除卷会有所帮助。
做:docker volume prune
警告:此命令将删除所有 docker 卷。
关于hyperledger-fabric - 无法使用结构中的 ca 服务器生成的 ca 文件启动排序器,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/50946380/