3

我使用fabric-ca-sdk(fabric-sdk-java/fabric-sdk-java/src/test/fixture/sdkintegration)中的测试代码启动ca服务器。并使用fabric sdk注册一个orderer并从中获取ca文件响应。然后我把 ca 文件放到第一个网络演示中,并使用

docker-compose -f docker-compose-cli.yaml up -d

启动命令,但失败,日志是:

无法初始化本地 MSP:提供的身份无效:x509:证书由未知权威签名(可能是因为“x509:ECDSA 验证失败”,同时尝试验证候选权威证书“ca.example.com”)

我用openssl查看ca server生成的pem文件,文件没有任何问题。如果您知道问题的原因,请帮助我。非常感谢你。ca.example.com-cer.pem 文件信息如下:

Certificate:
Data:
    Version: 3 (0x2)
    Serial Number:
        03:b1:1d:83:1e:86:57:f6:8f:0c:e1:d1:e9:84:14:0d
    Signature Algorithm: ecdsa-with-SHA256
    Issuer: C=US, ST=California, L=San Francisco, O=example.com, CN=ca.example.com
    Validity
        Not Before: Feb 25 12:43:29 2018 GMT
        Not After : Feb 23 12:43:29 2028 GMT
    Subject: C=US, ST=California, L=San Francisco, O=example.com, CN=ca.example.com
    Subject Public Key Info:
        Public Key Algorithm: id-ecPublicKey
        EC Public Key:
            pub: 
                04:8f:70:81:96:e6:4c:c7:f5:c0:38:2d:4f:aa:35:
                ea:1f:00:f5:a9:cd:93:69:44:93:ac:d2:89:34:e7:
                ca:b1:73:34:3c:c3:28:3e:43:71:79:9b:a4:ce:5b:
                e2:a6:57:6d:53:cf:9f:5d:52:c0:81:a7:73:a5:d8:
                be:8e:6f:a8:3f
            ASN1 OID: prime256v1
    X509v3 extensions:
        X509v3 Key Usage: critical
            Digital Signature, Key Encipherment, Certificate Sign, CRL Sign
        X509v3 Extended Key Usage: 
            2.5.29.37.0
        X509v3 Basic Constraints: critical
            CA:TRUE
        X509v3 Subject Key Identifier: 
            19:B5:15:37:90:85:4D:AE:85:0A:0F:94:15:70:FC:3C:56:9B:87:87:23:93:3A:D5:A9:C3:19:D2:93:F2:D4:92
Signature Algorithm: ecdsa-with-SHA256
    30:44:02:20:6a:f2:74:ab:b3:2c:fe:ff:20:2d:d9:fa:b9:3a:
    54:46:43:cd:a7:f7:78:ff:a3:de:e2:7c:c0:b3:e5:6f:76:e8:
    02:20:50:47:1d:ba:50:64:a3:a0:06:fc:70:a8:bc:95:2c:08:
    5a:91:c5:e6:d2:b0:99:43:2e:52:fb:dd:e2:51:5a:d6

并且 orderer.example.com-cert.pem 文件是:

Certificate:
Data:
    Version: 3 (0x2)
    Serial Number:
        2c:35:e7:3e:37:73:08:80:18:66:47:df:34:63:dc:0b:f4:44:b0:c0
    Signature Algorithm: ecdsa-with-SHA256
    Issuer: C=US, ST=California, L=San Francisco, O=example.com, CN=ca.example.com
    Validity
        Not Before: Jun 20 09:02:00 2018 GMT
        Not After : Jun 20 09:07:00 2019 GMT
    Subject: OU=orderer, CN=order.example.com
    Subject Public Key Info:
        Public Key Algorithm: id-ecPublicKey
        EC Public Key:
            pub: 
                04:73:48:ae:95:c5:60:fd:c3:4c:94:61:98:97:18:
                62:24:2f:bb:7e:e7:ad:02:10:15:78:12:6e:24:f2:
                2f:33:8f:24:db:16:25:c7:9f:94:a4:e3:9c:10:0d:
                11:d2:80:e9:f7:ff:e8:69:48:1a:85:65:b9:22:7e:
                0a:b2:dc:26:d5
            ASN1 OID: prime256v1
    X509v3 extensions:
        X509v3 Key Usage: critical
            Digital Signature
        X509v3 Basic Constraints: critical
            CA:FALSE
        X509v3 Subject Key Identifier: 
            F0:26:72:32:C2:24:F0:DE:9E:C5:1C:11:7D:01:BD:96:16:62:C1:0E
        X509v3 Authority Key Identifier: 
            keyid:19:B5:15:37:90:85:4D:AE:85:0A:0F:94:15:70:FC:3C:56:9B:87:87:23:93:3A:D5:A9:C3:19:D2:93:F2:D4:92

        1.2.3.4.5.6.7.8.1: 
            {"attrs":{"hf.Affiliation":"","hf.EnrollmentID":"order.example.com","hf.Type":"orderer"}}
Signature Algorithm: ecdsa-with-SHA256
    30:45:02:21:00:d9:87:88:6c:a0:2c:6d:80:c2:e3:6d:0f:b1:
    26:b4:5e:24:02:24:6b:42:6f:16:72:7d:f0:eb:a9:e0:28:a4:
    99:02:20:5f:4c:5b:57:28:96:55:ab:3f:55:07:1c:75:df:a7:
    49:5e:90:5d:05:7c:b2:f8:e0:79:69:9d:d4:aa:6a:60:a1
4

1 回答 1

1

这是由于以前的构建而发生的。
由于未知原因,Docker 卷不会被删除,docker-compose -f docker-compose-cli.yaml down有时 docker 会使用证书挂载旧卷。
因此,删除卷会有所帮助。
执行:docker volume prune
警告:此命令将删除所有 docker 卷。

于 2019-01-24T07:41:43.640 回答