When I try to join a orderer to a channel with osnadmin pointing to the orderer channel API, it is returning me the following error:
Status: 400 { "error": "cannot join: failed to determine cluster membership from join-block: failed to validate config metadata of ordering config: consenter node0.orderer.green:7050 has invalid certificate: verifying tls client cert with serial number : x509: certificate signed by unknown authority" }
I have used two root fabric-ca's for creating the certificates: one for tls certificates and one for the organization certificates.
The consenter the error is pointing to, is configured in the configtx.yaml as follows:
EtcdRaft:
Consenters:
- Host: node0.orderer.green
Port: 7050
ServerTLSCert: ordererOrganizations/orderer.green/orderers/node0.orderer.green/tls/signcerts/cert.pem
ClientTLSCert: ordererOrganizations/orderer.green/orderers/node0.orderer.green/tls/signcerts/cert.pem
These certificates are registered and enrolled from the tls ca. The osnadmin ca-file is the tls ca root certificate and the --client.cert and client.key are pointing to a certificate registered and enrolled on the samen tls ca.
I am using fabric-version 2.3.3, but also tried 2.4.7, same error. I have been trying to figure this out for days already. Any help or tips are appreciated!
I have tried every possible combination of certificates to configure in the configtx.yaml file. Listing the channels with osnadmin on the same orderer channel API works fine.