Comments (7)
There is information on certificate renewal and how to accomplish this when certificates have already expired here:
https://hyperledger-fabric.readthedocs.io/en/latest/certs_management.html#certificate-renewal
from fabric-ca.
Thanks for the information.
I have tried running the below :
fabric-ca-client reenroll --csr.keyrequest.reusekey --mspdir organizations/peerOrganizations/org.com/users/[email protected]/msp/keystore/ -u https://admin:adminpw@localhost:7056 --tls.certfiles /opt/docker/hyperledger/org/organizations/peerOrganizations/org.com/tlsca/tlsca.org.com-cert.pem
But I am getting the below error though my ca admin is already enrolled:
Could you please help as to what I am missing?
from fabric-ca.
Hello @bestbeforetoday ,
I have tried the below:
- Log into the Server running the CA Server
- Update the fabric-ca-client-config.yaml on /opt/docker/hyperledger/org1/organizations/peerOrganizations/org1.com with the hostname of the peer
- Run the below:
export FABRIC_CA_CLIENT_HOME=/opt/docker/hyperledger/org1/organizations/peerOrganizations/org1.com
export FABRIC_CA_CLIENT_TLS_CERTFILES=/opt/docker/hyperledger/org1/organizations/peerOrganizations/org1.com/peers/peer0.org1.com/tls/ca.crt
export MSP_DIR=/opt/docker/hyperledger/org1/organizations/peerOrganizations/org1.com/peers/peer0.org1.com/msp
export CA_SERVER=https://admin:[email protected]:7056
-
Check fabric client identity:
fabric-ca-client identity list -u https://admin:[email protected]:7056/ --tls.certfiles $FABRIC_CA_CLIENT_TLS_CERTFILES -
Reenroll the certificate:
fabric-ca-client reenroll --csr.keyrequest.reusekey --caname ca-org1 --mspdir $MSP_DIR -u $CA_SERVER --tls.certfiles $FABRIC_CA_CLIENT_TLS_CERTFILES -
Copy /opt/docker/hyperledger/org1/organizations/peerOrganizations/org1.com/peers/peer0.org1.com/msp/signcerts/cert.pem to the destination vm in peer directory.
-
Restart Peer
Now for restart, I ran docker-compose down and then docker-compose up.
After running docker-compose up, I am facing a panic error as below now:
2023-05-24 13:05:58.870 UTC 043b WARN [lifecycle] handleMetadataUpdatesForChannel -> no metadata found on channel 'testchannel': could not get channel config for channel 'testchannel'
2023-05-24 13:05:58.870 UTC 043c DEBU [lockbasedtxmgr] invokeNamespaceListeners -> Invoking listener for state changes:lifecycle cache listener
2023-05-24 13:05:58.870 UTC 043d DEBU [cceventmgmt] HandleStateUpdates -> Channel [testchannel]: Handling state updates in LSCC namespace - stateUpdates=map[string][]*kvrwset.KVWrite{"_lifecycle":[]*kvrwset.KVWrite{(*kvrwset.KVWrite)(0xc003d534f0), (*kvrwset.KVWrite)(0xc003d53540)}}
2023-05-24 13:05:58.870 UTC 043e INFO [cceventmgmt] HandleStateUpdates -> Channel [testchannel]: Handling deploy or update of chaincode [msgchaincode-exp-llp]
2023-05-24 13:05:58.870 UTC 043f DEBU [statecouchdb] GetState -> GetState(). ns=_lifecycle, key=namespaces/metadata/msgchaincode-exp-llp
2023-05-24 13:05:58.871 UTC 0440 DEBU [statecouchdb] GetState -> GetState(). ns=_lifecycle, key=namespaces/fields/msgchaincode-exp-llp/EndorsementInfo
2023-05-24 13:05:58.871 UTC 0441 DEBU [statecouchdb] GetState -> GetState(). ns=_lifecycle, key=namespaces/fields/msgchaincode-exp-llp/Collections
2023-05-24 13:05:58.871 UTC 0442 DEBU [cceventmgmt] HandleChaincodeDeploy -> Channel [testchannel]: Handling chaincode deploy event for chaincode [[]]
2023-05-24 13:05:58.871 UTC 0443 DEBU [lockbasedtxmgr] invokeNamespaceListeners -> Invoking listener for state changes:lscc state listener
2023-05-24 13:05:58.871 UTC 0444 DEBU [statecouchdb] GetState -> GetState(). ns=_lifecycle, key=namespaces/metadata/msgchaincode-exp-llp
2023-05-24 13:05:58.871 UTC 0445 DEBU [statecouchdb] GetState -> GetState(). ns=_lifecycle, key=namespaces/fields/msgchaincode-exp-llp/Sequence
2023-05-24 13:05:58.871 UTC 0446 DEBU [statecouchdb] GetState -> GetState(). ns=_lifecycle, key=namespaces/fields/msgchaincode-exp-llp/EndorsementInfo
2023-05-24 13:05:58.871 UTC 0447 DEBU [statecouchdb] GetState -> GetState(). ns=_lifecycle, key=namespaces/fields/msgchaincode-exp-llp/ValidationInfo
2023-05-24 13:05:58.871 UTC 0448 DEBU [statecouchdb] GetState -> GetState(). ns=_lifecycle, key=namespaces/fields/msgchaincode-exp-llp/Collections
2023-05-24 13:05:58.871 UTC 0449 DEBU [statecouchdb] GetState -> GetState(). ns=_lifecycle, key=namespaces/metadata/msgchaincode-exp-llp
2023-05-24 13:05:58.871 UTC 044a DEBU [statecouchdb] GetState -> GetState(). ns=_lifecycle, key=namespaces/fields/msgchaincode-exp-llp/EndorsementInfo
2023-05-24 13:05:58.871 UTC 044b DEBU [statecouchdb] GetState -> GetState(). ns=_lifecycle, key=namespaces/fields/msgchaincode-exp-llp/Collections
2023-05-24 13:05:58.871 UTC 044c INFO [gossip.gossip] Stop -> Stopping gossip
2023-05-24 13:05:58.871 UTC 044d DEBU [gossip.gossip] handlePresumedDead -> Exiting
2023-05-24 13:05:58.871 UTC 044e DEBU [gossip.gossip] acceptMessages -> Exiting
2023-05-24 13:05:58.871 UTC 044f DEBU [gossip.discovery] handleMessages -> Stopped
2023-05-24 13:05:58.871 UTC 0450 INFO [gossip.discovery] Stop -> Stopping
2023-05-24 13:05:58.871 UTC 0451 INFO [gossip.discovery] Stop -> Stopped
2023-05-24 13:05:58.871 UTC 0452 DEBU [gossip.discovery] handleEvents -> Stopped
2023-05-24 13:05:58.871 UTC 0453 INFO [gossip.comm] Stop -> Stopping
2023-05-24 13:05:58.871 UTC [grpc] InfoDepth -> DEBU 01c [core]Channel Connectivity change to SHUTDOWN
2023-05-24 13:05:58.871 UTC 0454 DEBU [gossip.comm] serviceConnection -> Closing reading from stream
2023-05-24 13:05:58.871 UTC [grpc] InfoDepth -> DEBU 01d [core]Subchannel Connectivity change to SHUTDOWN
2023-05-24 13:05:58.871 UTC 0455 DEBU [gossip.comm] writeToStream -> Closing writing to stream
2023-05-24 13:05:58.871 UTC 0456 DEBU [gossip.comm] Stop -> Shut down connection store, connection count: 0
2023-05-24 13:05:58.871 UTC 0457 DEBU [gossip.comm] readFromStream -> Got error, aborting: rpc error: code = Canceled desc = context canceled
2023-05-24 13:05:58.871 UTC [grpc] InfoDepth -> DEBU 01e [transport]transport: loopyWriter.run returning. connection error: desc = "transport is closing"
2023-05-24 13:05:58.871 UTC 0458 DEBU [gossip.comm] func1 -> Exiting Accept() loop
2023-05-24 13:05:58.871 UTC 0459 INFO [gossip.comm] Stop -> Stopped
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x1056c06]
goroutine 1 [running]:
github.com/hyperledger/fabric/common/policies.SignatureSetToValidIdentities({0xc0000117b8, 0x1, 0x9d90e7?}, {0x0, 0x0})
/go/src/github.com/hyperledger/fabric/common/policies/policy.go:368 +0x126
github.com/hyperledger/fabric/common/cauthdsl.(*policy).EvaluateSignedData(0xc003e92f00, {0xc0000117b8?, 0x0?, 0x9?})
/go/src/github.com/hyperledger/fabric/common/cauthdsl/policy.go:91 +0xa5
github.com/hyperledger/fabric/core/common/privdata.(*MembershipProvider).AmMemberOf(0xc00026a770, {0xc0037c2f10?, 0xc00251dfa8?}, 0xc003e966c0)
/go/src/github.com/hyperledger/fabric/core/common/privdata/membershipinfo.go:60 +0x20e
github.com/hyperledger/fabric/core/ledger/kvledger.(*collElgNotifier).elgEnabled(0xc000314cc0, {0xc0037c2f10, 0xc}, 0x14?, 0xa?)
/go/src/github.com/hyperledger/fabric/core/ledger/kvledger/coll_elg_notifier.go:132 +0x39
github.com/hyperledger/fabric/core/ledger/kvledger.(*collElgNotifier).elgEnabledCollNames(0xc000287350?, {0xc0037c2f10, 0xc}, 0xc003d2e462?, 0xc003e9c0c0?)
/go/src/github.com/hyperledger/fabric/core/ledger/kvledger/coll_elg_notifier.go:117 +0x258
github.com/hyperledger/fabric/core/ledger/kvledger.(*collElgNotifier).HandleStateUpdates(0xc000314cc0, 0xc003d21c00)
/go/src/github.com/hyperledger/fabric/core/ledger/kvledger/coll_elg_notifier.go:70 +0x2f3
github.com/hyperledger/fabric/core/ledger/kvledger/txmgmt/txmgr.(*LockBasedTxMgr).invokeNamespaceListeners(0xc0003fbc00)
/go/src/github.com/hyperledger/fabric/core/ledger/kvledger/txmgmt/txmgr/lockbased_txmgr.go:470 +0x3e7
github.com/hyperledger/fabric/core/ledger/kvledger/txmgmt/txmgr.(*LockBasedTxMgr).ValidateAndPrepare(0xc0003fbc00, 0xc003d24408, 0x0?)
/go/src/github.com/hyperledger/fabric/core/ledger/kvledger/txmgmt/txmgr/lockbased_txmgr.go:183 +0x38d
github.com/hyperledger/fabric/core/ledger/kvledger/txmgmt/txmgr.(*LockBasedTxMgr).CommitLostBlock(0xc0003029a0?, 0xc003d24408)
/go/src/github.com/hyperledger/fabric/core/ledger/kvledger/txmgmt/txmgr/lockbased_txmgr.go:584 +0xc6
github.com/hyperledger/fabric/core/ledger/kvledger.(*kvLedger).recommitLostBlocks(0x16cbb60?, 0x44, 0x44, {0xc003d29530?, 0x1, 0x1})
/go/src/github.com/hyperledger/fabric/core/ledger/kvledger/kv_ledger.go:481 +0x2db
github.com/hyperledger/fabric/core/ledger/kvledger.(*kvLedger).syncStateAndHistoryDBWithBlockstore(0xc0003029a0)
/go/src/github.com/hyperledger/fabric/core/ledger/kvledger/kv_ledger.go:409 +0x3c5
github.com/hyperledger/fabric/core/ledger/kvledger.(*kvLedger).recoverDBs(0xc0003029a0?)
/go/src/github.com/hyperledger/fabric/core/ledger/kvledger/kv_ledger.go:354 +0x5c
github.com/hyperledger/fabric/core/ledger/kvledger.newKVLedger(0xc0003028f0)
/go/src/github.com/hyperledger/fabric/core/ledger/kvledger/kv_ledger.go:164 +0x5de
github.com/hyperledger/fabric/core/ledger/kvledger.(*Provider).open(0xc00026a8c0, {0xc0037c2f10, 0xc}, 0x0, 0x0)
/go/src/github.com/hyperledger/fabric/core/ledger/kvledger/kv_ledger_provider.go:378 +0x4a6
github.com/hyperledger/fabric/core/ledger/kvledger.(*Provider).Open(0xc00026a8c0, {0xc0037c2f10, 0xc})
/go/src/github.com/hyperledger/fabric/core/ledger/kvledger/kv_ledger_provider.go:330 +0x127
github.com/hyperledger/fabric/core/ledger/ledgermgmt.(*LedgerMgr).OpenLedger(0xc000296e80, {0xc0037c2f10, 0xc})
/go/src/github.com/hyperledger/fabric/core/ledger/ledgermgmt/ledger_mgmt.go:211 +0x193
github.com/hyperledger/fabric/core/peer.(*Peer).Initialize(0xc0000001e0, 0xc0037e8120, 0x1973c7e?, {0x1b4dbc0?, 0xc0037bb8f0}, {0x1b5cec8, 0xc000287350}, {0x1b4bd60, 0xc0027435e0}, {0x1b50460, ...}, ...)
/go/src/github.com/hyperledger/fabric/core/peer/peer.go:512 +0x269
github.com/hyperledger/fabric/internal/peer/node.serve({0x1430ac0?, 0xc000215d18?, 0xc000215cf0?})
/go/src/github.com/hyperledger/fabric/internal/peer/node/start.go:770 +0x4e9a
github.com/hyperledger/fabric/internal/peer/node.glob..func6(0x23a3cc0?, {0x2437948?, 0x0?, 0x0?})
/go/src/github.com/hyperledger/fabric/internal/peer/node/start.go:129 +0x56
github.com/spf13/cobra.(*Command).execute(0x23a3cc0, {0x2437948, 0x0, 0x0})
/go/src/github.com/hyperledger/fabric/vendor/github.com/spf13/cobra/command.go:762 +0x67c
github.com/spf13/cobra.(*Command).ExecuteC(0x23a4640)
/go/src/github.com/hyperledger/fabric/vendor/github.com/spf13/cobra/command.go:852 +0x2dc
github.com/spf13/cobra.(*Command).Execute(...)
/go/src/github.com/hyperledger/fabric/vendor/github.com/spf13/cobra/command.go:800
main.main()
/go/src/github.com/hyperledger/fabric/cmd/peer/main.go:56 +0x392
from fabric-ca.
I have enabled FABRIC_CA_SERVER_CA_REENROLLIGNORECERTEXPIRY as true for CA-Server and my CA-Server is of version 1.5.5 but still while reenrolling I am getting the below error:
Error: Failed to reenroll 'peer0': POST failure of request: POST https://0.0.0.0:8054/reenroll
{"hosts":["peer0.org1.com","0.0.0.0"],"certificate_request":"-----BEGIN CERTIFICATE REQUEST-----\nMIIBCDCBrwIBADAQMQ4wDAYDVQQDEwVwZWVyMDBZMBMGByqGSM49AgEGCCqGSM49\nAwEHA0IABCwVvW+GXz0fkiz4fNsOyoYwRQ7iVwHo+bhqZ6Hq7VsOURWY4Yi9zUBi\nleXwdNqQVBD2g+fZVUV8goHwuRXGyAagPTA7BgkqhkiG9w0BCQ4xLjAsMCoGA1Ud\nEQQjMCGCGXBlZXIwLmN1c3RvbXNjbGllbnQwNS5jb22HBAAAAAAwCgYIKoZIzj0E\nAwIDSAAwRQIhAIHL5+uL76aDMdbrgBOEvJSb9g3BofFGofAx1gNB7edOAiA7hQh3\n/G1bv73lzKuYwR9WL72LJ7uHN0tPQptRYGua0Q==\n-----END CERTIFICATE REQUEST-----\n","profile":"tls","crl_override":"","label":"","NotBefore":"0001-01-01T00:00:00Z","NotAfter":"0001-01-01T00:00:00Z","CAName":"tlsca-org1"}: Post https://0.0.0.0:8054/reenroll: x509: certificate has expired or is not yet valid
Please help!
from fabric-ca.
This problem is solved. Looked like that the TLS CA Certs and CA Certs, all of them had expired and needed renewal. Hence closing this ticket.
from fabric-ca.
Related Issues (20)
- Register the intermediate CA bootstrap identity with the organization (root) CA 403 Forbidden
- Invalid token format; expecting 2 parts separated by
- Problem replicating Fabric CA Operations Guide
- Identity Mixer: Using IBM/mathlib instead of AMCL
- How fabric-ca can run on macos HOT 1
- Problem building fabric-ca-client on arm64 HOT 1
- Idemix MSP Folder Structure incompatible with what Fabric expects HOT 7
- Issue with re-enrolling certificates HOT 1
- Interoperability tests are failing with latest CA updates HOT 1
- Hyperledger's BCCSP is failing to initialize with our PKCS11 package. HOT 4
- Orderer port number in docker-compose.yaml
- Regiter and enroll all Hypereledger Fabric users and peers on LdapServer
- Expose Postgres database connection configuration properties including max connection lifetime HOT 1
- Fabric CA with postgres DB: register new user fails with Authorization failure HOT 1
- Fix expired testdata certificate
- Possible error on YAML file HOT 1
- documentation contains broken link
- Vulnerable dependencies in CA documentation
- fabric-ca-client and fabric-ca-server build fails on s390x in v1.5.7 - likely due to commit d575f40e HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fabric-ca.