I'm trying to connect from my local pc to my Fabric-CA server. The CA server is on a docker environment and I'm trying to launch my hyperledger fabric network with the use of SSL certificates. I tested using the command:
openssl s_client -connect 0.0.0.0:7054
and these errors come out that don't allow me to perform other functions on the network safely:
CONNECTED(00000003)
Can't use SSL_get_servername
depth=0 C = US, ST = North Carolina, O = Hyperledger, OU = Fabric, CN = 01258cf66abd
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = US, ST = North Carolina, O = Hyperledger, OU = Fabric, CN = 01258cf66abd
verify error:num=21:unable to verify the first certificate
verify return:1
depth=0 C = US, ST = North Carolina, O = Hyperledger, OU = Fabric, CN = 01258cf66abd
verify return:1
---
Certificate chain
0 s:C = US, ST = North Carolina, O = Hyperledger, OU = Fabric, CN = 01258cf66abd
i:C = US, ST = North Carolina, O = Hyperledger, OU = Fabric, CN = ca-org1.modbus2chain.com
a:PKEY: id-ecPublicKey, 256 (bit); sigalg: ecdsa-with-SHA256
v:NotBefore: Oct 13 18:11:00 2023 GMT; NotAfter: Oct 12 18:11:00 2024 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICZzCCAg6gAwIBAgIUNVP4nPdNAwqOnl1xoLBJAU4twrMwCgYIKoZIzj0EAwIw
cDELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRQwEgYDVQQK
EwtIeXBlcmxlZGdlcjEPMA0GA1UECxMGRmFicmljMSEwHwYDVQQDExhjYS1vcmcx
Lm1vZGJ1czJjaGFpbi5jb20wHhcNMjMxMDEzMTgxMTAwWhcNMjQxMDEyMTgxMTAw
WjBkMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExFDASBgNV
BAoTC0h5cGVybGVkZ2VyMQ8wDQYDVQQLEwZGYWJyaWMxFTATBgNVBAMTDDAxMjU4
Y2Y2NmFiZDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEYMrFHkh4d4jhOyYNr2
pgVVXj3tRQdTKAEhG8yRKcLbaCUmnvWfyRJcOkhDwQMcgWi3Q1oldKwwYwyWlBF7
5IyjgZEwgY4wDgYDVR0PAQH/BAQDAgOoMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
BgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSFigfWkEptaqPUAdpSv20n
YXPhuDAfBgNVHSMEGDAWgBTrhC/DiBO5TPVVF9jrBtUBdOYyGDAPBgNVHREECDAG
hwQAAAAAMAoGCCqGSM49BAMCA0cAMEQCIEB16m00sdatIBrIfW/a049noXNf6qSK
X0y1LVv8cSXYAiAEZ9VPRDsCCDrmWUFvJ3Do9lzE2oisfVTwiBMXRhTk7g==
-----END CERTIFICATE-----
subject=C = US, ST = North Carolina, O = Hyperledger, OU = Fabric, CN = 01258cf66abd
issuer=C = US, ST = North Carolina, O = Hyperledger, OU = Fabric, CN = ca-org1.modbus2chain.com
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 973 bytes and written 357 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 21 (unable to verify the first certificate)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_128_GCM_SHA256
Session-ID: 311FA2527934B1CA07F078FDA7214ADC671780547E010B17B919DDC4D3862143
Session-ID-ctx:
Resumption PSK: D1F320B61597431E191596EEF0FBC7C9BEC4C38494FE7681E1755675A169F083
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 604800 (seconds)
TLS session ticket:
0000 - ba b0 69 e8 c2 34 26 9a-f1 68 0a 71 80 2f 1b 93 ..i..4&..h.q./..
0010 - 41 56 c8 32 e3 37 f2 63-b8 45 00 bf 1e 7f 71 71 AV.2.7.c.E....qq
0020 - 2e 39 c2 12 ea 7a 6a 1f-d3 02 b0 20 99 ca 0d aa .9...zj.... ....
0030 - db ee 5c 1a 25 b7 f1 41-e7 d4 31 49 1a 2a 6b 15 ..\.%..A..1I.*k.
0040 - 5f 9a 07 52 90 39 14 34-af 7f 8b 7e da d1 b2 b3 _..R.9.4...~....
0050 - 95 4c d2 eb 89 be 14 ff-82 c4 22 53 85 7f 7f 8e .L........"S....
0060 - fc d3 2d 44 be 67 53 89-14 92 26 65 8b 19 b9 f6 ..-D.gS...&e....
0070 - 66 f
Start Time: 1697222773
Timeout : 7200 (sec)
Verify return code: 21 (unable to verify the first certificate)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
Can anyone give me some advice?
Why are trying to use openssl? Usual way is to either connect to the container and execute commands from within:
or having the fabric binaries in your local environment (fabric-samples/bin in your path) and running the commands directly to the ca, for example: