由于证书错误，无法为fabric-ca服务器设置mysql数据库

rjee0c15 于 2022-12-03 发布在 Mysql

关注(0)|答案(2)|浏览(149)

我正试图设置Hyperledger fabric-ca使用mysql数据库使用此链接：http://fabric-ca.readthedocs.io/en/latest/users-guide.html
按照链接中的内容，我尝试使用mysql作为DB设置fabric-ca-server，并在fabric-ca-server-config.yaml中指定以下配置

db:
  type: mysql
  datasource: root:rootpw@tcp(localhost:3306)/ca?parseTime=true&tls=custom
  tls:
      enabled: true
      certfiles:
        - server-cert.pem
      client:
        certfile: client-cert.pem
        keyfile: client-key.pem

我已经使用docker容器启动mysql数据库使用：

docker run --name=mysql --env="MYSQL_ROOT_PASSWORD=mypassword" -p 3306:3306 -p 33060:33060 mysql

在我的容器启动后，将生成以下日志：

[System] [MY-010116] [Server] /usr/sbin/mysqld (mysqld 8.0.17) starting as process 1
[Warning] [MY-010068] [Server] CA certificate ca.pem is self signed.
[Warning] [MY-011810] [Server] Insecure configuration for --pid-file: Location '/var/run/mysqld' in the path is accessible to all OS users. Consider choosing a different directory.
[System] [MY-010931] [Server] /usr/sbin/mysqld: ready for connections. Version: '8.0.17'  socket: '/var/run/mysqld/mysqld.sock'  port: 3306  MySQL Community Server - GPL.
[System] [MY-011323] [Server] X Plugin ready for connections. Socket: '/var/run/mysqld/mysqlx.sock' bind-address: '::' port: 33060

当我启动fabric-ca-server时，会生成以下日志：

[INFO] Configuration file location: /home/trinayan/Documents/biltinetwork/newca/fabric-ca-server-config.yaml
[INFO] Starting server in home directory: /home/trinayan/Documents/biltinetwork/newca
[WARNING] Unknown provider type: ; metrics disabled
[INFO] Server Version: 1.4.2
[INFO] Server Levels: &{Identity:2 Affiliation:1 Certificate:1 Credential:1 RAInfo:1 Nonce:1}
[WARNING] &{69 The specified CA certificate file /home/trinayan/Documents/biltinetwork/newca/ca-cert.pem does not exist}
[INFO] generating key: &{A:ecdsa S:256}
[INFO] encoded CSR
[INFO] signed certificate with serial number 646347233835345802692423971159804543235939577965
[INFO] The CA key and certificate were generated for CA 
[INFO] The key was stored by BCCSP provider 'SW'
[INFO] The certificate is at: /home/trinayan/Documents/biltinetwork/newca/ca-cert.pem
[ERROR] Error occurred initializing database: Failed to connect to MySQL database: x509: certificate is valid for MySQL_Server_8.0.17_Auto_Generated_Server_Certificate, not localhost
[INFO] Home directory for default CA: /home/trinayan/Documents/biltinetwork/newca
[INFO] Operation Server Listening on [::]:36189
[INFO] Listening on http://0.0.0.0:7054

我想不出为什么会出现这种错误：

[ERROR] Error occurred initializing database: Failed to connect to MySQL database: x509: certificate is valid for MySQL_Server_8.0.17_Auto_Generated_Server_Certificate, not localhost

因为这是与ssl证书有关，所以任何人都可以帮助我。

mysql

来源：https://stackoverflow.com/questions/58097781/cant-setup-mysql-database-for-fabric-ca-server-due-to-certificate-error

2条答案

按热度按时间

93ze6v8z1#

从错误中，我假设您正在尝试通过TLS连接到MySQL。看起来MySQL自动生成了一个公共名称或SAN为MySQL_Server_8.0.17_Auto_Generated_Server_Certificate的服务器证书。很可能在您的配置中，您正在尝试连接到与MySQL_Server_8.0.17_Auto_Generated_Server_Certificate不匹配的localhost。
因此，您有几种选择：

遵循https://dev.mysql.com/doc/refman/8.0/en/creating-ssl-rsa-files-using-mysql.html并使用openssl生成证书，公用名或SAN设置为localhost
在运行CA和MySQL的主机服务器上创建一个将MySQL_Server_8.0.17_Auto_Generated_Server_CertificateMap到127.0.0.1的hosts条目，并在fabric-ca-server配置文件中将localhost替换为MySQL_Server_8.0.17_Auto_Generated_Server_Certificate。
我不使用TLS，看看是否可以正常工作

我会选第一个。

赞(0）回复(0）举报 2022-12-03

ax6ht2ek2#

既然it is not possible to set the Common Name of the certificates generated by mysql_ssl_rsa_setup
使用Docker-Compose时的一个解决方案是使用生成的名称之一作为数据库连接的主机，并使用链接为容器指定别名。
例如，使用：

名为“db”的mysql容器
mysql_ssl_rsa_setup -v --suffix='db'在mysql容器上运行
将生成的证书正确放置在客户端容器（fabric-ca、laravel等）中

然后，将以下内容添加到客户端容器：

links: 
  - db:MySQL_Server_db_Auto_Generated_Server_Certificate

当然，使用MySQL_Server_db_Auto_Generated_Server_Certificate作为客户机中数据库连接的主机。

赞(0）回复(0）举报 2022-12-03

我来回答

由于证书错误，无法为fabric-ca服务器设置mysql数据库

2条答案

相关问题

热门标签

最新问答