2

我想在 fabric-ca 中启用 tls,所以:

步骤:我修改了 fabric-ca-clien-config.yaml

tls:
  # TLS section for secure socket connection
  certfiles:
       - /Users/jiangnan/Documents/GOPATH/src/github.com/hyperledger/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
  client:
    certfile: /Users/jiangnan/Documents/GOPATH/src/github.com/hyperledger/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
    keyfile: /Users/jiangnan/Documents/GOPATH/src/github.com/hyperledger/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key


fabric-ca-server start -b admin:adminpw

但是当我注册时:

export FABRIC_CA_CLIENT_HOME=/Users/jiangnan/Documents/GOPATH/src/github.com/hyperledger/clients/admin
fabric-ca-client enroll -u https://admin:adminpw@localhost:7054

它出现

2018/09/28 13:36:33 [INFO] encoded CSR
Error: POST failure of request: POST https://localhost:7054/enroll
{"hosts":["jiangdeimac.cn.ibm.com"],"certificate_request":"-----BEGIN CERTIFICATE REQUEST-----\nMIIBSzCB8wIBADBdMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xp\nbmExFDASBgNVBAoTC0h5cGVybGVkZ2VyMQ8wDQYDVQQLEwZGYWJyaWMxDjAMBgNV\nBAMTBWFkbWluMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE6IAf/x032Df4byre\nGJ3dEI1ayE+8t8eyW5R/+ExvZJLk/OK7BrepO5HtHwYg3V2FkNwdB1iV2pq/yxTX\nthZIsqA0MDIGCSqGSIb3DQEJDjElMCMwIQYDVR0RBBowGIIWamlhbmdkZWltYWMu\nY24uaWJtLmNvbTAKBggqhkjOPQQDAgNHADBEAiBzNGIF1avzD9Tbkrh3Qh2E6gVN\nKlHsXiPOZTjpSVfO0wIgCkXYx0MTQseJfjdAgXZUE7dPQqEGRg2JxTOfI2PQi5c=\n-----END CERTIFICATE REQUEST-----\n","profile":"","crl_override":"","label":"","NotBefore":"0001-01-01T00:00:00Z","NotAfter":"0001-01-01T00:00:00Z","CAName":""}: Post https://localhost:7054/enroll: x509: certificate is valid for peer0.org1.example.com, peer0, not localhost

ca-server 日志是“

2018/09/28 13:36:33 http: TLS handshake error from [::1]:57762: remote error: tls: bad certificate

所以我想知道如何使用fabric-ca设置tls?

4

1 回答 1

1

您需要在启动时在服务器上配置 TLS,实际上您已经稍微切换了客户端和服务器配置。启动服务器时,可以使用以下命令指定启用 TLS 并指定 TLS 证书和密钥。执行此命令将启动服务器,侦听安全端口。

fabric-ca-server start -b admin:adminpw --tls.enabled --tls.certfile /Users/jiangnan/Documents/GOPATH/src/github.com/hyperledger/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt --tls.keyfile /Users/jiangnan/Documents/GOPATH/src/github.com/hyperledger/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key

然后在客户端上,当您注册时,您需要为此 TLS 证书指定信任根,您可以使用该tls.certfiles标志来执行此操作。这看起来像:

fabric-ca-client enroll -u https://admin:adminpw@localhost:7054 --tls.certfiles /Users/jiangnan/Documents/GOPATH/src/github.com/hyperledger/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt

这应该允许客户端和服务器建立 TLS 连接。

于 2018-11-26T20:35:49.410 回答