docker 提供的标识无效:x509:由未知机构签署的证书[Hyperledger Fabric]

5vf7fwbs  于 2023-06-22  发布在  Docker
关注(0)|答案(1)|浏览(146)

我在使用orderer 0示例连接docker compose容器时遇到问题。整个错误如下:

UTC 0005 PANI [orderer.common.server] Main -> Failed validating bootstrap block: initializing channelconfig failed: could not create channel Orderer sub-group config: setting up the MSP manager failed: the supplied identity is not valid: x509: certificate signed by unknown authority (possibly because of "x509: ECDSA verification failure" while trying to verify candidate authority certificate "ca.istum.com")

下面我向你展示我的docker-compose-orderer.yaml

version: "3"

volumes:
  orderer0.istum.com:

networks:
  apnet:

services:
  orderer0.istum.com:
    container_name: orderer0.istum.com
    image: hyperledger/fabric-orderer:2.1
    volumes:
      - ../system-genesis-block/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
      - ../crypto-material/ordererOrganizations/istum.com/orderers/orderer0.istum.com/msp:/var/hyperledger/orderer/msp
      - ../crypto-material/ordererOrganizations/istum.com/orderers/orderer0.istum.com/tls/:/var/hyperledger/orderer/tls
      - orderer0.istum.com:/var/hyperledger/production/orderer
    environment:
      # Orderer Specific settings
      - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
      - ORDERER_GENERAL_LISTENPORT=7050
      - ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
      - ORDERER_GENERAL_LOCALMSPID=OrdererMSP
      - ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
      # Orderer TLS settings
      - ORDERER_GENERAL_TLS_ENABLED=true
      - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
      - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
      - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
      - ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
      - ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
      - ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric
    command: orderer
    ports:
      - 7050:7050
    networks:
      - apnet

在网上搜索一下,就会发现证书的位置不正确。是这样吗?如何检查是否放置正确?
非常感谢能帮助我的人...

a0zr77ik

a0zr77ik1#

我也有类似的问题。当我删除生成的通道工件,加密配置文件夹并重新启动网络时,错误消失了。我认为这可能是由过期的加密文件引起的。

相关问题