TechQA.

Registering failed with errors [{'code': 20, 'message': 'Authentication failure'}] - Hyperledger Fabric

73 views Asked by At

I'm having a problem registering a new user via my Fabric CA.

I'm using the Hyperledger Fabric Python SDK and I'm using the register function of the CAClient() object, here the entire code:

cli = Client(net_profile="network.json")
org1_admin = cli.get_user(org_name='org1.modbus2chain.com', name='Admin')    

ca_admin_org1 = cli.get_user(org_name='org1.modbus2chain.com',name="admin")   

ca_certs_path="/crypto-material/peerOrganizations/org1.modbus2chain.com/ca/ca-cert.pem"

ca_client = CAClient(target="https://0.0.0.0:7054",ca_certs_path=ca_certs_path,ca_name='ca-org1',cryptoPrimitives=ecies())

req = {
    'enrollmentID': 'User1',  
    'enrollmentSecret': 'User1pw',
    'affiliation': 'org1.department1', 
    'role': 'user', 
    'attrs': [
        {'name': 'hf.Registrar.Roles', 'value': 'user'},
        {'name': 'hf.Registrar.Attributes', 'value': 'hf.Registrar.Roles'}
    ]
}

secret = ca_client.register(req, registrar=org1_admin._enrollment)

Other useful information: I provide you with all the files I use:

network.json (config file for the network)

{
"name": "Modbus2Chain",
"description": "Modbus2Chain Project course for IoT security and Data security",
"version": "0.1",
"client": {
    "organization": "Org1",
    "credentialStore": {
      "path": "/tmp/hfc-kvs",
      "cryptoStore": {
        "path": "/tmp/hfc-cvs"
      },
      "wallet": "wallet-name"
    }
},
"organizations": {
"orderer0.modbus2chain.com":{
    "mspid":"OrdererMSP",
    "orderers": [
        "orderer.modbus2chain.com"
      ],
      "certificateAuthorities": [
        "ca-orderer"
      ],
      "users": {
        "Admin": {
          "cert": "../crypto-material/ordererOrganizations/modbus2chain.com/users/[email protected]/msp/signcerts/[email protected]",
          "private_key": "../crypto-material/ordererOrganizations/modbus2chain.com/users/[email protected]/msp/keystore/priv_sk"
        }
      }
    },
      "org1.modbus2chain.com": {
        "mspid": "Org1MSP",
        "peers": [
          "peer0.org1.modbus2chain.com"
        ],
        "certificateAuthorities": [
          "ca-org1"
        ],
        "users": {
          "Admin": {
            "cert": "../crypto-material/peerOrganizations/org1.modbus2chain.com/users/[email protected]/msp/signcerts/[email protected]",
            "private_key": "../crypto-material/peerOrganizations/org1.modbus2chain.com/users/[email protected]/msp/keystore/priv_sk"
          }
        }
      },
      "org2.modbus2chain.com": {
        "mspid": "Org2MSP",
        "peers": [
          "peer0.org2.modbus2chain.com"
        ],
        "certificateAuthorities": [
          "ca-org2"
        ],
        "users": {
          "Admin": {
            "cert": "../crypto-material/peerOrganizations/org2.modbus2chain.com/users/[email protected]/msp/signcerts/[email protected]",
            "private_key": "../crypto-material/peerOrganizations/org2.modbus2chain.com/users/[email protected]/msp/keystore/priv_sk"
          }
        }
      },
      "org3.modbus2chain.com": {
        "mspid": "Org3MSP",
        "peers": [
          "peer0.org3.modbus2chain.com"
        ],
        "certificateAuthorities": [
          "ca-org3"
        ],
        "users": {
          "Admin": {
            "cert": "../crypto-material/peerOrganizations/org3.modbus2chain.com/users/[email protected]/msp/signcerts/[email protected]",
            "private_key": "../crypto-material/peerOrganizations/org3.modbus2chain.com/users/[email protected]/msp/keystore/priv_sk"
          }
        }
      }
    },
"orderers": {
    "orderer0.modbus2chain.com": {
      "url": "localhost:7050",
      "grpcOptions": {
        "grpc.ssl_target_name_override": "orderer.modbus2chain.com",
        "grpc-max-send-message-length": 15
      },
      "tlsCACerts": {
        "path": "../crypto-material/ordererOrganizations/modbus2chain.com/tlsca/tlsca.modbus2chain.com-cert.pem"
      }
    }
  },
  "peers": {
    "peer0.org1.modbus2chain.com": {
      "url": "localhost:7051",
      "eventUrl": "localhost:7051",
      "grpcOptions": {
        "grpc.ssl_target_name_override": "peer0.org1.modbus2chain.com",
        "grpc.http2.keepalive_time": 15
      },
      "tlsCACerts": {
        "path": "../crypto-material/peerOrganizations/org1.modbus2chain.com/peers/peer0.org1.modbus2chain.com/msp/tlscacerts/tlsca.org1.modbus2chain.com-cert.pem"
      }
    },
    "peer0.org2.modbus2chain.com": {
        "url": "localhost:8051",
        "eventUrl": "localhost:8051",
        "grpcOptions": {
          "grpc.ssl_target_name_override": "peer0.org2.modbus2chain.com",
          "grpc.http2.keepalive_time": 15
        },
        "tlsCACerts": {
          "path": "../crypto-material/peerOrganizations/org2.modbus2chain.com/peers/peer0.org2.modbus2chain.com/msp/tlscacerts/tlsca.org2.modbus2chain.com-cert.pem"
        }
      },
      "peer0.org3.modbus2chain.com": {
        "url": "localhost:8052",
        "eventUrl": "localhost:8052",
        "grpcOptions": {
          "grpc.ssl_target_name_override": "peer0.org3.modbus2chain.com",
          "grpc.http2.keepalive_time": 15
        },
        "tlsCACerts": {
          "path": "../crypto-material/peerOrganizations/org3.modbus2chain.com/peers/peer0.org3.modbus2chain.com/msp/tlscacerts/tlsca.org3.modbus2chain.com-cert.pem"
        }
      }
    },
    "certificateAuthorities": {
      "ca-org1": {
        "url": "https://localhost:9050",
        "grpcOptions": {
          "verify": false
        },
        "tlsCACerts": {
          "path": "/home/alexcav/go/src/GitHub/Modbus2Chain/crypto-material/peerOrganizations/org1.modbus2chain.com/ca/ca.org1.modbus2chain.com-cert.pem"
        },
        "registrar": [
          {
            "enrollId": "admin",
            "enrollSecret": "adminpw"
          }
        ]
      },
      "ca-org2": {
        "url": "https://localhost:8051",
        "grpcOptions": {
          "verify": true
        },
        "tlsCACerts": {
          "path": "../crypto-material/peerOrganizations/org2.modbus2chain.com/ca/org2.modbus2chain.com-cert.pem"
        },
        "registrar": [
          {
            "enrollId": "admin",
            "enrollSecret": "adminpw"
          }
        ]
      },
      "ca-org3": {
        "url": "https://localhost:8052",
        "grpcOptions": {
          "verify": true
        },
        "tlsCACerts": {
          "path": "../crypto-material/peerOrganizations/org3.modbus2chain.com/ca/org3.modbus2chain.com-cert.pem"
        },
        "registrar": [
          {
            "enrollId": "admin",
            "enrollSecret": "adminpw"
          }
        ]
      }
    }}

Here are the configurations of the Docker containers, for the CA and for the organizations (I provide one to give you an idea):

ca-org1:

    version: "3.8"

volumes:
  ca-org1.modbus2chain.com:

networks:
  apnet:

services:
  ca-org1:
    container_name: ca-org1.modbus2chain.com
    image: hyperledger/fabric-ca
    volumes:
      - ../crypto-material/caOrganizations/ca-org1.modbus2chain.com/ca/:/etc/hyperledger/fabric-ca-server
      - ca-org1.modbus2chain.com:/var/hyperledger/fabric-ca-server-config
      - ../crypto-material/peerOrganizations/org1.modbus2chain.com/tlsca:/etc/hyperledger/fabric-ca-server/tlsca
    environment:
      - FABRIC_CA_SERVER_HOME=/etc/hyperledger/fabric-ca-server
      - FABRIC_CA_SERVER_TLS_ENABLED=true
      - FABRIC_CA_SERVER_CA_NAME=ca-org1.modbus2chain.com
      - FABRIC_CA_SERVER_CSR_CN=rca-org1
      - FABRIC_CA_SERVER_CSR_HOSTS=0.0.0.0
      - FABRIC_CA_SERVER_DEBUG=true
      - FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server/tlsca/tlsca.org1.modbus2chain.com-cert.pem
      - FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server/tlsca/priv_sk
    working_dir: /etc/hyperledger/fabric-ca-server
    command: /bin/bash -c 'fabric-ca-server start -d -b admin:adminpw --port 9050'
    ports:
      - 9050:9050
    networks:
      - apnet

org1:

version: "3.8"

volumes:
  peer0.org1.modbus2chain.com:

networks:
  apnet:

services:
  peer0.org1.modbus2chain.com:
    networks:
      - apnet
    container_name: peer0.org1.modbus2chain.com
    image: hyperledger/fabric-peer:2.1
    volumes:
      - ../crypto-material/peerOrganizations/org1.modbus2chain.com/peers/peer0.org1.modbus2chain.com/msp:/etc/hyperledger/fabric/msp
      - ../crypto-material/peerOrganizations/org1.modbus2chain.com/peers/peer0.org1.modbus2chain.com/tls:/etc/hyperledger/fabric/tls
      - peer0.org1.modbus2chain.com:/var/hyperledger/production
    environment:
      # Generic peer variables
      - CORE_PEER_TLS_ENABLED=true
      - CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt 
      - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key 
      - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt 
      # Specific peer variables
      - CORE_PEER_ID=peer0.org1.modbus2chain.com
      - CORE_PEER_ADDRESS=peer0.org1.modbus2chain.com:7051
      - CORE_PEER_LISTENADDRESS=0.0.0.0:7051
      - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org1.modbus2chain.com:7051
      - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.modbus2chain.com:7051
      - CORE_PEER_LOCALMSPID=Org1MSP

      - CORE_PEER_TLS_CLIENTAUTHREQUIRED=true
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
    command: peer node start
    
    ports:
      - 7051:7051

Searching online I read that the error is due to the fact that the admin (registrar) is as if he were not present.

Am I missing something? Could you tell me how to solve it?

Thanks in advance for the help.

EDIT

Logs of the Docker Container where the CA is located: Enroll operation

2023/10/13 19:45:33 [INFO] 192.168.192.1:36490 POST /enroll 404 19 "CA 'ca-org1' does not exist"

Registration operation:

2023/10/13 20:15:25 [INFO] 192.168.224.1:33600 POST /register 401 26 "Untrusted certificate: Failed to verify certificate: x509: certificate signed by unknown authority"
2023/10/13 20:17:22 [DEBUG] Received request for /register
2023/10/13 20:17:22 [DEBUG] Caller is using a x509 certificate
2023/10/13 20:17:22 [DEBUG] Failed to verify token based on new authentication header requirements: %!s(<nil>)
2023/10/13 20:17:22 [DEBUG] Certicate Dates: NotAfter = 2033-10-10 20:05:00 +0000 UTC NotBefore = 2023-10-13 20:05:00 +0000 UTC
2023/10/13 20:17:22 [INFO] 192.168.224.1:41390 POST /register 401 26 "Untrusted certificate: Failed to verify certificate: x509: certificate signed by unknown authority"

All the logs for more details:

2023/10/13 20:10:13 [DEBUG] Home directory: /etc/hyperledger/fabric-ca-server/ca
2023/10/13 20:10:13 [DEBUG] parent server URL: ''
2023/10/13 20:10:13 [INFO] Created default configuration file at /etc/hyperledger/fabric-ca-server/ca/fabric-ca-server-config.yaml
2023/10/13 20:10:13 [INFO] Starting server in home directory: /etc/hyperledger/fabric-ca-server/ca
2023/10/13 20:10:13 [DEBUG] Set log level:
2023/10/13 20:10:13 [INFO] Server Version: v1.5.6
2023/10/13 20:10:13 [INFO] Server Levels: &{Identity:2 Affiliation:1 Certificate:1 Credential:1 RAInfo:1 Nonce:1}
2023/10/13 20:10:13 [DEBUG] Making server filenames absolute
2023/10/13 20:10:13 [DEBUG] Initializing default CA in directory /etc/hyperledger/fabric-ca-server/ca
2023/10/13 20:10:13 [DEBUG] Init CA with home /etc/hyperledger/fabric-ca-server/ca and config {Version:v1.5.6 Cfg:{Identities:{PasswordAttempts:10 AllowRemove:false} Affiliations:{AllowRemove:false}} CA:{Name:ca-org1.modbus2chain.com Keyfile: Certfile:ca-cert.pem Chainfile:ca-chain.pem ReenrollIgnoreCertExpiry:false} Signing:0xc0004568c0 CSR:{CN:ca-org1.modbus2chain.com Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[0.0.0.0] KeyRequest:0xc000514020 CA:0xc0002c4060 SerialNumber:} Registry:{MaxEnrollments:-1 Identities:[{ Name:**** Pass:**** Type:client Affiliation: MaxEnrollments:0 Attrs:map[hf.AffiliationMgr:1 hf.GenCRL:1 hf.IntermediateCA:1 hf.Registrar.Attributes:* hf.Registrar.DelegateRoles:* hf.Registrar.Roles:* hf.Revoker:1]  }]} Affiliations:map[org1:[department1 department2] org2:[department1]] LDAP:{ Enabled:false URL:ldap://****:****@<host>:<port>/<base> UserFilter:(uid=%s) GroupFilter:(memberUid=%s) Attribute:{[uid member] [{ }] map[groups:[{ }]]} TLS:{false [] { }}  } DB:{ Type:sqlite3 Datasource:fabric-ca-server.db TLS:{false [] { }}  } CSP:0xc0002c4270 Client:<nil> Intermediate:{ParentServer:{ URL: CAName:  } TLS:{Enabled:false CertFiles:[] Client:{KeyFile: CertFile:}} Enrollment:{ Name: Secret:**** CAName: AttrReqs:[] Profile: Label: CSR:<nil> Type:x509  }} CRL:{Expiry:24h0m0s} Idemix:{Curve:amcl.Fp256bn IssuerPublicKeyfile: IssuerSecretKeyfile: RevocationPublicKeyfile: RevocationPrivateKeyfile: RHPoolSize:1000 NonceExpiration:15s NonceSweepInterval:15m}}
2023/10/13 20:10:13 [DEBUG] CA Home Directory: /etc/hyperledger/fabric-ca-server/ca
2023/10/13 20:10:13 [DEBUG] Checking configuration file version 'v1.5.6' against server version: 'v1.5.6'
2023/10/13 20:10:13 [DEBUG] Initializing BCCSP: &{ProviderName:SW SwOpts:0xc0002c42d0 PluginOpts:<nil> Pkcs11Opts:<nil>}
2023/10/13 20:10:13 [DEBUG] Initializing BCCSP with software options &{SecLevel:256 HashFamily:SHA2 FileKeystore:0xc000457e40 DummyKeystore:<nil> InmemKeystore:<nil>}
2023/10/13 20:10:13 [DEBUG] Initialize key material
2023/10/13 20:10:13 [DEBUG] Making CA filenames absolute
2023/10/13 20:10:13 [WARNING] &{69 The specified CA certificate file /etc/hyperledger/fabric-ca-server/ca/ca-cert.pem does not exist}
2023/10/13 20:10:13 [DEBUG] Root CA certificate request: {CN:ca-org1.modbus2chain.com Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[0.0.0.0] KeyRequest:0xc000012918 CA:0xc0002c4060 SerialNumber:}
2023/10/13 20:10:13 [INFO] generating key: &{A:ecdsa S:256}
2023/10/13 20:10:13 [DEBUG] generate key from request: algo=ecdsa, size=256
2023/10/13 20:10:13 [INFO] encoded CSR
2023/10/13 20:10:13 [DEBUG] validating configuration
2023/10/13 20:10:13 [DEBUG] validate local profile
2023/10/13 20:10:13 [DEBUG] profile is valid
2023/10/13 20:10:13 [INFO] signed certificate with serial number 457368510771668864787940486973138537049759113486
2023/10/13 20:10:13 [INFO] The CA key and certificate were generated for CA ca-org1.modbus2chain.com
2023/10/13 20:10:13 [INFO] The key was stored by BCCSP provider 'SW'
2023/10/13 20:10:13 [INFO] The certificate is at: /etc/hyperledger/fabric-ca-server/ca/ca-cert.pem
2023/10/13 20:10:13 [DEBUG] Initializing DB
2023/10/13 20:10:13 [DEBUG] Initializing 'sqlite3' database at '/etc/hyperledger/fabric-ca-server/ca/fabric-ca-server.db'
2023/10/13 20:10:13 [DEBUG] Using sqlite database, connect to database in home (/etc/hyperledger/fabric-ca-server/ca/fabric-ca-server.db) directory
2023/10/13 20:10:13 [DEBUG] Creating SQLite database (/etc/hyperledger/fabric-ca-server/ca/fabric-ca-server.db) if it does not exist...
2023/10/13 20:10:13 [DEBUG] Creating users table if it does not exist
2023/10/13 20:10:13 [DEBUG] Creating affiliations table if it does not exist
2023/10/13 20:10:13 [DEBUG] Creating certificates table if it does not exist
2023/10/13 20:10:13 [DEBUG] Creating credentials table if it does not exist
2023/10/13 20:10:13 [DEBUG] Creating revocation_authority_info table if it does not exist
2023/10/13 20:10:13 [DEBUG] Creating nonces table if it does not exist
2023/10/13 20:10:13 [DEBUG] Creating properties table if it does not exist
2023/10/13 20:10:13 [DEBUG] Successfully opened sqlite3 DB
2023/10/13 20:10:13 [DEBUG] Initializing identity registry
2023/10/13 20:10:13 [DEBUG] Initialized DB identity registry
2023/10/13 20:10:13 [DEBUG] Checking database levels '&{Identity:0 Affiliation:0 Certificate:0 Credential:0 RAInfo:0 Nonce:0}' against server levels '&{Identity:2 Affiliation:1 Certificate:1 Credential:1 RAInfo:1 Nonce:1}'
2023/10/13 20:10:13 [DEBUG] Migrating users table...
2023/10/13 20:10:13 [DEBUG] Upgrade identity table to level 1
2023/10/13 20:10:13 [DEBUG] Creating users table if it does not exist
2023/10/13 20:10:13 [DEBUG] Upgrade identity table to level 2
2023/10/13 20:10:13 [DEBUG] Creating users table if it does not exist
2023/10/13 20:10:13 [DEBUG] Migrating affiliation table...
2023/10/13 20:10:13 [DEBUG] Upgrade affiliations table to level 1
2023/10/13 20:10:13 [DEBUG] Creating affiliations table if it does not exist
2023/10/13 20:10:13 [DEBUG] Upgrade certificates table...
2023/10/13 20:10:13 [DEBUG] Upgrade certificates table to level 1
2023/10/13 20:10:13 [DEBUG] Creating certificates table if it does not exist
2023/10/13 20:10:13 [DEBUG] Migrating credentials table...
2023/10/13 20:10:13 [DEBUG] Migrating nonces table...
2023/10/13 20:10:13 [DEBUG] Migrating revocation_authority_info table...
2023/10/13 20:10:13 [DEBUG] Loading identity table
2023/10/13 20:10:13 [DEBUG] Loading identity 'admin'
2023/10/13 20:10:13 [DEBUG] DB: Getting identity admin
2023/10/13 20:10:13 [DEBUG] Max enrollment value verification - User specified max enrollment: 0, CA max enrollment: -1
2023/10/13 20:10:13 [DEBUG] DB: Add identity admin
2023/10/13 20:10:13 [DEBUG] Successfully added identity admin to the database
2023/10/13 20:10:13 [DEBUG] Registered identity: { Name:**** Pass:**** Type:client Affiliation: MaxEnrollments:-1 Attrs:map[hf.AffiliationMgr:1 hf.GenCRL:1 hf.IntermediateCA:1 hf.Registrar.Attributes:* hf.Registrar.DelegateRoles:* hf.Registrar.Roles:* hf.Revoker:1]  }
2023/10/13 20:10:13 [DEBUG] Successfully loaded identity table
2023/10/13 20:10:13 [DEBUG] Loading affiliations table
2023/10/13 20:10:13 [DEBUG] DB: Add affiliation org2
2023/10/13 20:10:13 [DEBUG] Affiliation 'org2' added
2023/10/13 20:10:13 [DEBUG] DB: Add affiliation org2.department1
2023/10/13 20:10:13 [DEBUG] Affiliation 'org2.department1' added
2023/10/13 20:10:13 [DEBUG] DB: Add affiliation org1
2023/10/13 20:10:13 [DEBUG] Affiliation 'org1' added
2023/10/13 20:10:13 [DEBUG] DB: Add affiliation org1.department1
2023/10/13 20:10:13 [DEBUG] Affiliation 'org1.department1' added
2023/10/13 20:10:13 [DEBUG] DB: Add affiliation org1.department2
2023/10/13 20:10:13 [DEBUG] Affiliation 'org1.department2' added
2023/10/13 20:10:13 [DEBUG] Successfully loaded affiliations table
2023/10/13 20:10:13 [INFO] Initialized sqlite3 database at /etc/hyperledger/fabric-ca-server/ca/fabric-ca-server.db
2023/10/13 20:10:13 [DEBUG] Initializing enrollment signer
2023/10/13 20:10:13 [DEBUG] validating configuration
2023/10/13 20:10:13 [DEBUG] validate local profile
2023/10/13 20:10:13 [DEBUG] profile is valid
2023/10/13 20:10:13 [DEBUG] validate local profile
2023/10/13 20:10:13 [DEBUG] profile is valid
2023/10/13 20:10:13 [DEBUG] validate local profile
2023/10/13 20:10:13 [DEBUG] profile is valid
2023/10/13 20:10:13 [DEBUG] CA initialization successful
2023/10/13 20:10:13 [DEBUG] Initializing Idemix issuer...
2023/10/13 20:10:13 [DEBUG] Using curve amcl.Fp256bn for Idemix
2023/10/13 20:10:13 [INFO] The issuer key was successfully stored. The public key is at: /etc/hyperledger/fabric-ca-server/ca/IssuerPublicKey, secret key is at: /etc/hyperledger/fabric-ca-server/ca/msp/keystore/IssuerSecretKey
2023/10/13 20:10:13 [DEBUG] Intializing revocation authority for issuer 'ca-org1.modbus2chain.com'
2023/10/13 20:10:13 [DEBUG] Initialize Idemix issuer revocation key material
2023/10/13 20:10:13 [INFO] Idemix issuer revocation public and secret keys were generated for CA 'ca-org1.modbus2chain.com'
2023/10/13 20:10:13 [INFO] The revocation key was successfully stored. The public key is at: /etc/hyperledger/fabric-ca-server/ca/IssuerRevocationPublicKey, private key is at: /etc/hyperledger/fabric-ca-server/ca/msp/keystore/IssuerRevocationPrivateKey
2023/10/13 20:10:13 [DEBUG] Intializing nonce manager for issuer 'ca-org1.modbus2chain.com'
2023/10/13 20:10:13 [INFO] Home directory for default CA: /etc/hyperledger/fabric-ca-server/ca
2023/10/13 20:10:13 [DEBUG] 1 CA instance(s) running on server
2023/10/13 20:10:13 [INFO] Operation Server Listening on 127.0.0.1:9443
2023/10/13 20:10:13 [DEBUG] TLS is enabled
2023/10/13 20:10:13 [DEBUG] TLS enabled but either certificate or key file does not exist, automatically generating TLS credentials
2023/10/13 20:10:13 [DEBUG] TLS CSR: {CN:ca-org1.modbus2chain.com Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[0.0.0.0] KeyRequest:0xc000514020 CA:<nil> SerialNumber:}
2023/10/13 20:10:13 [DEBUG] GenCSR &{CN:ca-org1.modbus2chain.com Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[0.0.0.0] KeyRequest:0xc000514020 CA:<nil> SerialNumber:}
2023/10/13 20:10:13 [DEBUG] Initializing client with config: &{URL: MSPDir: TLS:{Enabled:false CertFiles:[] Client:{KeyFile: CertFile:}} Enrollment:{ Name: Secret:**** CAName: AttrReqs:[] Profile: Label: CSR:<nil> Type:  } CSR:{CN: Names:[] Hosts:[] KeyRequest:<nil> CA:<nil> SerialNumber:} ID:{Name: Type: Secret: MaxEnrollments:0 Affiliation: Attributes:[] CAName:} Revoke:{Name: Serial: AKI: Reason: CAName: GenCRL:false} CAInfo:{CAName:} CAName: CSP:0xc0002c4270 Debug:false LogLevel: Idemix:{Curve:}}
2023/10/13 20:10:13 [DEBUG] Initializing BCCSP: &{ProviderName:SW SwOpts:0xc0002c42d0 PluginOpts:<nil> Pkcs11Opts:<nil>}
2023/10/13 20:10:13 [DEBUG] Initializing BCCSP with software options &{SecLevel:256 HashFamily:SHA2 FileKeystore:0xc000457e40 DummyKeystore:<nil> InmemKeystore:<nil>}
2023/10/13 20:10:13 [DEBUG] CurveID for Idemix not specified, defaulting to amcl.Fp256bn
2023/10/13 20:10:13 [INFO] generating key: &{A:ecdsa S:256}
2023/10/13 20:10:13 [DEBUG] generate key from request: algo=ecdsa, size=256
2023/10/13 20:10:13 [INFO] encoded CSR
2023/10/13 20:10:13 [INFO] signed certificate with serial number 251487906000426891359440052191912770898175783265
2023/10/13 20:10:13 [DEBUG] DB: Insert Certificate
2023/10/13 20:10:13 [DEBUG] Saved serial number as hex 2c0d1b94025274c0c6b69bbb22efc44da730f161
2023/10/13 20:10:13 [DEBUG] saved certificate with serial number 251487906000426891359440052191912770898175783265
2023/10/13 20:10:13 [DEBUG] Generated TLS Certificate: /etc/hyperledger/fabric-ca-server/ca/tls-cert.pem
2023/10/13 20:10:13 [DEBUG] Client authentication type requested: noclientcert
2023/10/13 20:10:13 [INFO] Listening on https://0.0.0.0:7054
2023/10/13 20:11:47 [DEBUG] Received request for /register
2023/10/13 20:11:47 [DEBUG] Caller is using a x509 certificate
2023/10/13 20:11:47 [DEBUG] Failed to verify token based on new authentication header requirements: %!s(<nil>)
2023/10/13 20:11:47 [DEBUG] Certicate Dates: NotAfter = 2033-10-10 20:05:00 +0000 UTC NotBefore = 2023-10-13 20:05:00 +0000 UTC
2023/10/13 20:11:47 [INFO] 192.168.224.1:34098 POST /register 401 26 "Untrusted certificate: Failed to verify certificate: x509: certificate signed by unknown authority"
2023/10/13 20:15:25 [DEBUG] Received request for /register
2023/10/13 20:15:25 [DEBUG] Caller is using a x509 certificate
2023/10/13 20:15:25 [DEBUG] Failed to verify token based on new authentication header requirements: %!s(<nil>)
2023/10/13 20:15:25 [DEBUG] Certicate Dates: NotAfter = 2033-10-10 20:05:00 +0000 UTC NotBefore = 2023-10-13 20:05:00 +0000 UTC
2023/10/13 20:15:25 [INFO] 192.168.224.1:33600 POST /register 401 26 "Untrusted certificate: Failed to verify certificate: x509: certificate signed by unknown authority"
2023/10/13 20:17:22 [DEBUG] Received request for /register
2023/10/13 20:17:22 [DEBUG] Caller is using a x509 certificate
2023/10/13 20:17:22 [DEBUG] Failed to verify token based on new authentication header requirements: %!s(<nil>)
2023/10/13 20:17:22 [DEBUG] Certicate Dates: NotAfter = 2033-10-10 20:05:00 +0000 UTC NotBefore = 2023-10-13 20:05:00 +0000 UTC
2023/10/13 20:17:22 [INFO] 192.168.224.1:41390 POST /register 401 26 "Untrusted certificate: Failed to verify certificate: x509: certificate signed by unknown authority"
python docker hyperledger-fabric hyperledger hyperledger-fabric-ca
Original Q&A
2

There are 2 answers

1
Matias Salimbene On

Check logs https://0.0.0.0:7054 (or which CA you are running against). It will give you a more specific error.

I had the same issue recently and the problem was limitation on the number of enrollments. I fixed it by setting the "maxenrollments" attr of the user. Via command line it looks like this:

fabric-ca-client identity modify user --secret 'userw' --maxenrollments 100 -u http://localhost:7054

Likely you can directly set maxenrollments from the SDK. Also, make sure your admin user has propper permissions to register users ID. I would guess yes, but it wouldnt hurt to check.

Any way, I strongly advice to check CA logs, they will tell you more.

1
Matias Salimbene On

Focus on the first error:

A couple of things, focus on the first error `2023/10/13 19:45:33 [INFO] 192.168.192.1:36490 POST /enroll 404 19 CA 'ca-org1' does not exist`

I'm unsure where you've referenced your CA with ca-org1 but you need to fix that since its telling you it doesn't exist. Within the CA container, for example, you give it a different name FABRIC_CA_SERVER_CA_NAME=ca-org1.modbus2chain.com.

In regards to the "untrusted certificate" error. Decode /etc/hyperledger/fabric/tls/server.crt (i.e. using https://www.sslshopper.com/certificate-decoder.html) and look for the issuer. This also indicates a problem with CA naming. The name of the issuer has to be valid. That will give you a hint about what the CA name should be.

But in general looks as if you are referring to the CA by using different names in different places. Review all your config files and be sure to be consistent with naming.

Related Questions in PYTHON

Related Questions in DOCKER

Related Questions in HYPERLEDGER-FABRIC

Related Questions in HYPERLEDGER

Related Questions in HYPERLEDGER-FABRIC-CA

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions