I'm having a problem registering a new user via my Fabric CA.
I'm using the Hyperledger Fabric Python SDK and I'm using the register function of the CAClient()
object, here the entire code:
cli = Client(net_profile="network.json")
org1_admin = cli.get_user(org_name='org1.modbus2chain.com', name='Admin')
ca_admin_org1 = cli.get_user(org_name='org1.modbus2chain.com',name="admin")
ca_certs_path="/crypto-material/peerOrganizations/org1.modbus2chain.com/ca/ca-cert.pem"
ca_client = CAClient(target="https://0.0.0.0:7054",ca_certs_path=ca_certs_path,ca_name='ca-org1',cryptoPrimitives=ecies())
req = {
'enrollmentID': 'User1',
'enrollmentSecret': 'User1pw',
'affiliation': 'org1.department1',
'role': 'user',
'attrs': [
{'name': 'hf.Registrar.Roles', 'value': 'user'},
{'name': 'hf.Registrar.Attributes', 'value': 'hf.Registrar.Roles'}
]
}
secret = ca_client.register(req, registrar=org1_admin._enrollment)
Other useful information: I provide you with all the files I use:
network.json (config file for the network)
{
"name": "Modbus2Chain",
"description": "Modbus2Chain Project course for IoT security and Data security",
"version": "0.1",
"client": {
"organization": "Org1",
"credentialStore": {
"path": "/tmp/hfc-kvs",
"cryptoStore": {
"path": "/tmp/hfc-cvs"
},
"wallet": "wallet-name"
}
},
"organizations": {
"orderer0.modbus2chain.com":{
"mspid":"OrdererMSP",
"orderers": [
"orderer.modbus2chain.com"
],
"certificateAuthorities": [
"ca-orderer"
],
"users": {
"Admin": {
"cert": "../crypto-material/ordererOrganizations/modbus2chain.com/users/[email protected]/msp/signcerts/[email protected]",
"private_key": "../crypto-material/ordererOrganizations/modbus2chain.com/users/[email protected]/msp/keystore/priv_sk"
}
}
},
"org1.modbus2chain.com": {
"mspid": "Org1MSP",
"peers": [
"peer0.org1.modbus2chain.com"
],
"certificateAuthorities": [
"ca-org1"
],
"users": {
"Admin": {
"cert": "../crypto-material/peerOrganizations/org1.modbus2chain.com/users/[email protected]/msp/signcerts/[email protected]",
"private_key": "../crypto-material/peerOrganizations/org1.modbus2chain.com/users/[email protected]/msp/keystore/priv_sk"
}
}
},
"org2.modbus2chain.com": {
"mspid": "Org2MSP",
"peers": [
"peer0.org2.modbus2chain.com"
],
"certificateAuthorities": [
"ca-org2"
],
"users": {
"Admin": {
"cert": "../crypto-material/peerOrganizations/org2.modbus2chain.com/users/[email protected]/msp/signcerts/[email protected]",
"private_key": "../crypto-material/peerOrganizations/org2.modbus2chain.com/users/[email protected]/msp/keystore/priv_sk"
}
}
},
"org3.modbus2chain.com": {
"mspid": "Org3MSP",
"peers": [
"peer0.org3.modbus2chain.com"
],
"certificateAuthorities": [
"ca-org3"
],
"users": {
"Admin": {
"cert": "../crypto-material/peerOrganizations/org3.modbus2chain.com/users/[email protected]/msp/signcerts/[email protected]",
"private_key": "../crypto-material/peerOrganizations/org3.modbus2chain.com/users/[email protected]/msp/keystore/priv_sk"
}
}
}
},
"orderers": {
"orderer0.modbus2chain.com": {
"url": "localhost:7050",
"grpcOptions": {
"grpc.ssl_target_name_override": "orderer.modbus2chain.com",
"grpc-max-send-message-length": 15
},
"tlsCACerts": {
"path": "../crypto-material/ordererOrganizations/modbus2chain.com/tlsca/tlsca.modbus2chain.com-cert.pem"
}
}
},
"peers": {
"peer0.org1.modbus2chain.com": {
"url": "localhost:7051",
"eventUrl": "localhost:7051",
"grpcOptions": {
"grpc.ssl_target_name_override": "peer0.org1.modbus2chain.com",
"grpc.http2.keepalive_time": 15
},
"tlsCACerts": {
"path": "../crypto-material/peerOrganizations/org1.modbus2chain.com/peers/peer0.org1.modbus2chain.com/msp/tlscacerts/tlsca.org1.modbus2chain.com-cert.pem"
}
},
"peer0.org2.modbus2chain.com": {
"url": "localhost:8051",
"eventUrl": "localhost:8051",
"grpcOptions": {
"grpc.ssl_target_name_override": "peer0.org2.modbus2chain.com",
"grpc.http2.keepalive_time": 15
},
"tlsCACerts": {
"path": "../crypto-material/peerOrganizations/org2.modbus2chain.com/peers/peer0.org2.modbus2chain.com/msp/tlscacerts/tlsca.org2.modbus2chain.com-cert.pem"
}
},
"peer0.org3.modbus2chain.com": {
"url": "localhost:8052",
"eventUrl": "localhost:8052",
"grpcOptions": {
"grpc.ssl_target_name_override": "peer0.org3.modbus2chain.com",
"grpc.http2.keepalive_time": 15
},
"tlsCACerts": {
"path": "../crypto-material/peerOrganizations/org3.modbus2chain.com/peers/peer0.org3.modbus2chain.com/msp/tlscacerts/tlsca.org3.modbus2chain.com-cert.pem"
}
}
},
"certificateAuthorities": {
"ca-org1": {
"url": "https://localhost:9050",
"grpcOptions": {
"verify": false
},
"tlsCACerts": {
"path": "/home/alexcav/go/src/GitHub/Modbus2Chain/crypto-material/peerOrganizations/org1.modbus2chain.com/ca/ca.org1.modbus2chain.com-cert.pem"
},
"registrar": [
{
"enrollId": "admin",
"enrollSecret": "adminpw"
}
]
},
"ca-org2": {
"url": "https://localhost:8051",
"grpcOptions": {
"verify": true
},
"tlsCACerts": {
"path": "../crypto-material/peerOrganizations/org2.modbus2chain.com/ca/org2.modbus2chain.com-cert.pem"
},
"registrar": [
{
"enrollId": "admin",
"enrollSecret": "adminpw"
}
]
},
"ca-org3": {
"url": "https://localhost:8052",
"grpcOptions": {
"verify": true
},
"tlsCACerts": {
"path": "../crypto-material/peerOrganizations/org3.modbus2chain.com/ca/org3.modbus2chain.com-cert.pem"
},
"registrar": [
{
"enrollId": "admin",
"enrollSecret": "adminpw"
}
]
}
}}
Here are the configurations of the Docker containers, for the CA and for the organizations (I provide one to give you an idea):
ca-org1:
version: "3.8"
volumes:
ca-org1.modbus2chain.com:
networks:
apnet:
services:
ca-org1:
container_name: ca-org1.modbus2chain.com
image: hyperledger/fabric-ca
volumes:
- ../crypto-material/caOrganizations/ca-org1.modbus2chain.com/ca/:/etc/hyperledger/fabric-ca-server
- ca-org1.modbus2chain.com:/var/hyperledger/fabric-ca-server-config
- ../crypto-material/peerOrganizations/org1.modbus2chain.com/tlsca:/etc/hyperledger/fabric-ca-server/tlsca
environment:
- FABRIC_CA_SERVER_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_CA_NAME=ca-org1.modbus2chain.com
- FABRIC_CA_SERVER_CSR_CN=rca-org1
- FABRIC_CA_SERVER_CSR_HOSTS=0.0.0.0
- FABRIC_CA_SERVER_DEBUG=true
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server/tlsca/tlsca.org1.modbus2chain.com-cert.pem
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server/tlsca/priv_sk
working_dir: /etc/hyperledger/fabric-ca-server
command: /bin/bash -c 'fabric-ca-server start -d -b admin:adminpw --port 9050'
ports:
- 9050:9050
networks:
- apnet
org1:
version: "3.8"
volumes:
peer0.org1.modbus2chain.com:
networks:
apnet:
services:
peer0.org1.modbus2chain.com:
networks:
- apnet
container_name: peer0.org1.modbus2chain.com
image: hyperledger/fabric-peer:2.1
volumes:
- ../crypto-material/peerOrganizations/org1.modbus2chain.com/peers/peer0.org1.modbus2chain.com/msp:/etc/hyperledger/fabric/msp
- ../crypto-material/peerOrganizations/org1.modbus2chain.com/peers/peer0.org1.modbus2chain.com/tls:/etc/hyperledger/fabric/tls
- peer0.org1.modbus2chain.com:/var/hyperledger/production
environment:
# Generic peer variables
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
# Specific peer variables
- CORE_PEER_ID=peer0.org1.modbus2chain.com
- CORE_PEER_ADDRESS=peer0.org1.modbus2chain.com:7051
- CORE_PEER_LISTENADDRESS=0.0.0.0:7051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org1.modbus2chain.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.modbus2chain.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_TLS_CLIENTAUTHREQUIRED=true
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
ports:
- 7051:7051
Searching online I read that the error is due to the fact that the admin (registrar) is as if he were not present.
Am I missing something? Could you tell me how to solve it?
Thanks in advance for the help.
EDIT
Logs of the Docker Container where the CA is located: Enroll operation
2023/10/13 19:45:33 [INFO] 192.168.192.1:36490 POST /enroll 404 19 "CA 'ca-org1' does not exist"
Registration operation:
2023/10/13 20:15:25 [INFO] 192.168.224.1:33600 POST /register 401 26 "Untrusted certificate: Failed to verify certificate: x509: certificate signed by unknown authority"
2023/10/13 20:17:22 [DEBUG] Received request for /register
2023/10/13 20:17:22 [DEBUG] Caller is using a x509 certificate
2023/10/13 20:17:22 [DEBUG] Failed to verify token based on new authentication header requirements: %!s(<nil>)
2023/10/13 20:17:22 [DEBUG] Certicate Dates: NotAfter = 2033-10-10 20:05:00 +0000 UTC NotBefore = 2023-10-13 20:05:00 +0000 UTC
2023/10/13 20:17:22 [INFO] 192.168.224.1:41390 POST /register 401 26 "Untrusted certificate: Failed to verify certificate: x509: certificate signed by unknown authority"
All the logs for more details:
2023/10/13 20:10:13 [DEBUG] Home directory: /etc/hyperledger/fabric-ca-server/ca
2023/10/13 20:10:13 [DEBUG] parent server URL: ''
2023/10/13 20:10:13 [INFO] Created default configuration file at /etc/hyperledger/fabric-ca-server/ca/fabric-ca-server-config.yaml
2023/10/13 20:10:13 [INFO] Starting server in home directory: /etc/hyperledger/fabric-ca-server/ca
2023/10/13 20:10:13 [DEBUG] Set log level:
2023/10/13 20:10:13 [INFO] Server Version: v1.5.6
2023/10/13 20:10:13 [INFO] Server Levels: &{Identity:2 Affiliation:1 Certificate:1 Credential:1 RAInfo:1 Nonce:1}
2023/10/13 20:10:13 [DEBUG] Making server filenames absolute
2023/10/13 20:10:13 [DEBUG] Initializing default CA in directory /etc/hyperledger/fabric-ca-server/ca
2023/10/13 20:10:13 [DEBUG] Init CA with home /etc/hyperledger/fabric-ca-server/ca and config {Version:v1.5.6 Cfg:{Identities:{PasswordAttempts:10 AllowRemove:false} Affiliations:{AllowRemove:false}} CA:{Name:ca-org1.modbus2chain.com Keyfile: Certfile:ca-cert.pem Chainfile:ca-chain.pem ReenrollIgnoreCertExpiry:false} Signing:0xc0004568c0 CSR:{CN:ca-org1.modbus2chain.com Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[0.0.0.0] KeyRequest:0xc000514020 CA:0xc0002c4060 SerialNumber:} Registry:{MaxEnrollments:-1 Identities:[{ Name:**** Pass:**** Type:client Affiliation: MaxEnrollments:0 Attrs:map[hf.AffiliationMgr:1 hf.GenCRL:1 hf.IntermediateCA:1 hf.Registrar.Attributes:* hf.Registrar.DelegateRoles:* hf.Registrar.Roles:* hf.Revoker:1] }]} Affiliations:map[org1:[department1 department2] org2:[department1]] LDAP:{ Enabled:false URL:ldap://****:****@<host>:<port>/<base> UserFilter:(uid=%s) GroupFilter:(memberUid=%s) Attribute:{[uid member] [{ }] map[groups:[{ }]]} TLS:{false [] { }} } DB:{ Type:sqlite3 Datasource:fabric-ca-server.db TLS:{false [] { }} } CSP:0xc0002c4270 Client:<nil> Intermediate:{ParentServer:{ URL: CAName: } TLS:{Enabled:false CertFiles:[] Client:{KeyFile: CertFile:}} Enrollment:{ Name: Secret:**** CAName: AttrReqs:[] Profile: Label: CSR:<nil> Type:x509 }} CRL:{Expiry:24h0m0s} Idemix:{Curve:amcl.Fp256bn IssuerPublicKeyfile: IssuerSecretKeyfile: RevocationPublicKeyfile: RevocationPrivateKeyfile: RHPoolSize:1000 NonceExpiration:15s NonceSweepInterval:15m}}
2023/10/13 20:10:13 [DEBUG] CA Home Directory: /etc/hyperledger/fabric-ca-server/ca
2023/10/13 20:10:13 [DEBUG] Checking configuration file version 'v1.5.6' against server version: 'v1.5.6'
2023/10/13 20:10:13 [DEBUG] Initializing BCCSP: &{ProviderName:SW SwOpts:0xc0002c42d0 PluginOpts:<nil> Pkcs11Opts:<nil>}
2023/10/13 20:10:13 [DEBUG] Initializing BCCSP with software options &{SecLevel:256 HashFamily:SHA2 FileKeystore:0xc000457e40 DummyKeystore:<nil> InmemKeystore:<nil>}
2023/10/13 20:10:13 [DEBUG] Initialize key material
2023/10/13 20:10:13 [DEBUG] Making CA filenames absolute
2023/10/13 20:10:13 [WARNING] &{69 The specified CA certificate file /etc/hyperledger/fabric-ca-server/ca/ca-cert.pem does not exist}
2023/10/13 20:10:13 [DEBUG] Root CA certificate request: {CN:ca-org1.modbus2chain.com Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[0.0.0.0] KeyRequest:0xc000012918 CA:0xc0002c4060 SerialNumber:}
2023/10/13 20:10:13 [INFO] generating key: &{A:ecdsa S:256}
2023/10/13 20:10:13 [DEBUG] generate key from request: algo=ecdsa, size=256
2023/10/13 20:10:13 [INFO] encoded CSR
2023/10/13 20:10:13 [DEBUG] validating configuration
2023/10/13 20:10:13 [DEBUG] validate local profile
2023/10/13 20:10:13 [DEBUG] profile is valid
2023/10/13 20:10:13 [INFO] signed certificate with serial number 457368510771668864787940486973138537049759113486
2023/10/13 20:10:13 [INFO] The CA key and certificate were generated for CA ca-org1.modbus2chain.com
2023/10/13 20:10:13 [INFO] The key was stored by BCCSP provider 'SW'
2023/10/13 20:10:13 [INFO] The certificate is at: /etc/hyperledger/fabric-ca-server/ca/ca-cert.pem
2023/10/13 20:10:13 [DEBUG] Initializing DB
2023/10/13 20:10:13 [DEBUG] Initializing 'sqlite3' database at '/etc/hyperledger/fabric-ca-server/ca/fabric-ca-server.db'
2023/10/13 20:10:13 [DEBUG] Using sqlite database, connect to database in home (/etc/hyperledger/fabric-ca-server/ca/fabric-ca-server.db) directory
2023/10/13 20:10:13 [DEBUG] Creating SQLite database (/etc/hyperledger/fabric-ca-server/ca/fabric-ca-server.db) if it does not exist...
2023/10/13 20:10:13 [DEBUG] Creating users table if it does not exist
2023/10/13 20:10:13 [DEBUG] Creating affiliations table if it does not exist
2023/10/13 20:10:13 [DEBUG] Creating certificates table if it does not exist
2023/10/13 20:10:13 [DEBUG] Creating credentials table if it does not exist
2023/10/13 20:10:13 [DEBUG] Creating revocation_authority_info table if it does not exist
2023/10/13 20:10:13 [DEBUG] Creating nonces table if it does not exist
2023/10/13 20:10:13 [DEBUG] Creating properties table if it does not exist
2023/10/13 20:10:13 [DEBUG] Successfully opened sqlite3 DB
2023/10/13 20:10:13 [DEBUG] Initializing identity registry
2023/10/13 20:10:13 [DEBUG] Initialized DB identity registry
2023/10/13 20:10:13 [DEBUG] Checking database levels '&{Identity:0 Affiliation:0 Certificate:0 Credential:0 RAInfo:0 Nonce:0}' against server levels '&{Identity:2 Affiliation:1 Certificate:1 Credential:1 RAInfo:1 Nonce:1}'
2023/10/13 20:10:13 [DEBUG] Migrating users table...
2023/10/13 20:10:13 [DEBUG] Upgrade identity table to level 1
2023/10/13 20:10:13 [DEBUG] Creating users table if it does not exist
2023/10/13 20:10:13 [DEBUG] Upgrade identity table to level 2
2023/10/13 20:10:13 [DEBUG] Creating users table if it does not exist
2023/10/13 20:10:13 [DEBUG] Migrating affiliation table...
2023/10/13 20:10:13 [DEBUG] Upgrade affiliations table to level 1
2023/10/13 20:10:13 [DEBUG] Creating affiliations table if it does not exist
2023/10/13 20:10:13 [DEBUG] Upgrade certificates table...
2023/10/13 20:10:13 [DEBUG] Upgrade certificates table to level 1
2023/10/13 20:10:13 [DEBUG] Creating certificates table if it does not exist
2023/10/13 20:10:13 [DEBUG] Migrating credentials table...
2023/10/13 20:10:13 [DEBUG] Migrating nonces table...
2023/10/13 20:10:13 [DEBUG] Migrating revocation_authority_info table...
2023/10/13 20:10:13 [DEBUG] Loading identity table
2023/10/13 20:10:13 [DEBUG] Loading identity 'admin'
2023/10/13 20:10:13 [DEBUG] DB: Getting identity admin
2023/10/13 20:10:13 [DEBUG] Max enrollment value verification - User specified max enrollment: 0, CA max enrollment: -1
2023/10/13 20:10:13 [DEBUG] DB: Add identity admin
2023/10/13 20:10:13 [DEBUG] Successfully added identity admin to the database
2023/10/13 20:10:13 [DEBUG] Registered identity: { Name:**** Pass:**** Type:client Affiliation: MaxEnrollments:-1 Attrs:map[hf.AffiliationMgr:1 hf.GenCRL:1 hf.IntermediateCA:1 hf.Registrar.Attributes:* hf.Registrar.DelegateRoles:* hf.Registrar.Roles:* hf.Revoker:1] }
2023/10/13 20:10:13 [DEBUG] Successfully loaded identity table
2023/10/13 20:10:13 [DEBUG] Loading affiliations table
2023/10/13 20:10:13 [DEBUG] DB: Add affiliation org2
2023/10/13 20:10:13 [DEBUG] Affiliation 'org2' added
2023/10/13 20:10:13 [DEBUG] DB: Add affiliation org2.department1
2023/10/13 20:10:13 [DEBUG] Affiliation 'org2.department1' added
2023/10/13 20:10:13 [DEBUG] DB: Add affiliation org1
2023/10/13 20:10:13 [DEBUG] Affiliation 'org1' added
2023/10/13 20:10:13 [DEBUG] DB: Add affiliation org1.department1
2023/10/13 20:10:13 [DEBUG] Affiliation 'org1.department1' added
2023/10/13 20:10:13 [DEBUG] DB: Add affiliation org1.department2
2023/10/13 20:10:13 [DEBUG] Affiliation 'org1.department2' added
2023/10/13 20:10:13 [DEBUG] Successfully loaded affiliations table
2023/10/13 20:10:13 [INFO] Initialized sqlite3 database at /etc/hyperledger/fabric-ca-server/ca/fabric-ca-server.db
2023/10/13 20:10:13 [DEBUG] Initializing enrollment signer
2023/10/13 20:10:13 [DEBUG] validating configuration
2023/10/13 20:10:13 [DEBUG] validate local profile
2023/10/13 20:10:13 [DEBUG] profile is valid
2023/10/13 20:10:13 [DEBUG] validate local profile
2023/10/13 20:10:13 [DEBUG] profile is valid
2023/10/13 20:10:13 [DEBUG] validate local profile
2023/10/13 20:10:13 [DEBUG] profile is valid
2023/10/13 20:10:13 [DEBUG] CA initialization successful
2023/10/13 20:10:13 [DEBUG] Initializing Idemix issuer...
2023/10/13 20:10:13 [DEBUG] Using curve amcl.Fp256bn for Idemix
2023/10/13 20:10:13 [INFO] The issuer key was successfully stored. The public key is at: /etc/hyperledger/fabric-ca-server/ca/IssuerPublicKey, secret key is at: /etc/hyperledger/fabric-ca-server/ca/msp/keystore/IssuerSecretKey
2023/10/13 20:10:13 [DEBUG] Intializing revocation authority for issuer 'ca-org1.modbus2chain.com'
2023/10/13 20:10:13 [DEBUG] Initialize Idemix issuer revocation key material
2023/10/13 20:10:13 [INFO] Idemix issuer revocation public and secret keys were generated for CA 'ca-org1.modbus2chain.com'
2023/10/13 20:10:13 [INFO] The revocation key was successfully stored. The public key is at: /etc/hyperledger/fabric-ca-server/ca/IssuerRevocationPublicKey, private key is at: /etc/hyperledger/fabric-ca-server/ca/msp/keystore/IssuerRevocationPrivateKey
2023/10/13 20:10:13 [DEBUG] Intializing nonce manager for issuer 'ca-org1.modbus2chain.com'
2023/10/13 20:10:13 [INFO] Home directory for default CA: /etc/hyperledger/fabric-ca-server/ca
2023/10/13 20:10:13 [DEBUG] 1 CA instance(s) running on server
2023/10/13 20:10:13 [INFO] Operation Server Listening on 127.0.0.1:9443
2023/10/13 20:10:13 [DEBUG] TLS is enabled
2023/10/13 20:10:13 [DEBUG] TLS enabled but either certificate or key file does not exist, automatically generating TLS credentials
2023/10/13 20:10:13 [DEBUG] TLS CSR: {CN:ca-org1.modbus2chain.com Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[0.0.0.0] KeyRequest:0xc000514020 CA:<nil> SerialNumber:}
2023/10/13 20:10:13 [DEBUG] GenCSR &{CN:ca-org1.modbus2chain.com Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[0.0.0.0] KeyRequest:0xc000514020 CA:<nil> SerialNumber:}
2023/10/13 20:10:13 [DEBUG] Initializing client with config: &{URL: MSPDir: TLS:{Enabled:false CertFiles:[] Client:{KeyFile: CertFile:}} Enrollment:{ Name: Secret:**** CAName: AttrReqs:[] Profile: Label: CSR:<nil> Type: } CSR:{CN: Names:[] Hosts:[] KeyRequest:<nil> CA:<nil> SerialNumber:} ID:{Name: Type: Secret: MaxEnrollments:0 Affiliation: Attributes:[] CAName:} Revoke:{Name: Serial: AKI: Reason: CAName: GenCRL:false} CAInfo:{CAName:} CAName: CSP:0xc0002c4270 Debug:false LogLevel: Idemix:{Curve:}}
2023/10/13 20:10:13 [DEBUG] Initializing BCCSP: &{ProviderName:SW SwOpts:0xc0002c42d0 PluginOpts:<nil> Pkcs11Opts:<nil>}
2023/10/13 20:10:13 [DEBUG] Initializing BCCSP with software options &{SecLevel:256 HashFamily:SHA2 FileKeystore:0xc000457e40 DummyKeystore:<nil> InmemKeystore:<nil>}
2023/10/13 20:10:13 [DEBUG] CurveID for Idemix not specified, defaulting to amcl.Fp256bn
2023/10/13 20:10:13 [INFO] generating key: &{A:ecdsa S:256}
2023/10/13 20:10:13 [DEBUG] generate key from request: algo=ecdsa, size=256
2023/10/13 20:10:13 [INFO] encoded CSR
2023/10/13 20:10:13 [INFO] signed certificate with serial number 251487906000426891359440052191912770898175783265
2023/10/13 20:10:13 [DEBUG] DB: Insert Certificate
2023/10/13 20:10:13 [DEBUG] Saved serial number as hex 2c0d1b94025274c0c6b69bbb22efc44da730f161
2023/10/13 20:10:13 [DEBUG] saved certificate with serial number 251487906000426891359440052191912770898175783265
2023/10/13 20:10:13 [DEBUG] Generated TLS Certificate: /etc/hyperledger/fabric-ca-server/ca/tls-cert.pem
2023/10/13 20:10:13 [DEBUG] Client authentication type requested: noclientcert
2023/10/13 20:10:13 [INFO] Listening on https://0.0.0.0:7054
2023/10/13 20:11:47 [DEBUG] Received request for /register
2023/10/13 20:11:47 [DEBUG] Caller is using a x509 certificate
2023/10/13 20:11:47 [DEBUG] Failed to verify token based on new authentication header requirements: %!s(<nil>)
2023/10/13 20:11:47 [DEBUG] Certicate Dates: NotAfter = 2033-10-10 20:05:00 +0000 UTC NotBefore = 2023-10-13 20:05:00 +0000 UTC
2023/10/13 20:11:47 [INFO] 192.168.224.1:34098 POST /register 401 26 "Untrusted certificate: Failed to verify certificate: x509: certificate signed by unknown authority"
2023/10/13 20:15:25 [DEBUG] Received request for /register
2023/10/13 20:15:25 [DEBUG] Caller is using a x509 certificate
2023/10/13 20:15:25 [DEBUG] Failed to verify token based on new authentication header requirements: %!s(<nil>)
2023/10/13 20:15:25 [DEBUG] Certicate Dates: NotAfter = 2033-10-10 20:05:00 +0000 UTC NotBefore = 2023-10-13 20:05:00 +0000 UTC
2023/10/13 20:15:25 [INFO] 192.168.224.1:33600 POST /register 401 26 "Untrusted certificate: Failed to verify certificate: x509: certificate signed by unknown authority"
2023/10/13 20:17:22 [DEBUG] Received request for /register
2023/10/13 20:17:22 [DEBUG] Caller is using a x509 certificate
2023/10/13 20:17:22 [DEBUG] Failed to verify token based on new authentication header requirements: %!s(<nil>)
2023/10/13 20:17:22 [DEBUG] Certicate Dates: NotAfter = 2033-10-10 20:05:00 +0000 UTC NotBefore = 2023-10-13 20:05:00 +0000 UTC
2023/10/13 20:17:22 [INFO] 192.168.224.1:41390 POST /register 401 26 "Untrusted certificate: Failed to verify certificate: x509: certificate signed by unknown authority"
Check logs https://0.0.0.0:7054 (or which CA you are running against). It will give you a more specific error.
I had the same issue recently and the problem was limitation on the number of enrollments. I fixed it by setting the "maxenrollments" attr of the user. Via command line it looks like this:
Likely you can directly set maxenrollments from the SDK. Also, make sure your admin user has propper permissions to register users ID. I would guess yes, but it wouldnt hurt to check.
Any way, I strongly advice to check CA logs, they will tell you more.