docker openssl s_client连接不工作-无法获取本地颁发者证书

wixjitnu  于 2023-10-16  发布在  Docker
关注(0)|答案(1)|浏览(141)

我正在尝试从本地PC连接到Fabric-CA服务器。CA服务器位于Docker环境中,我正在尝试使用SSL证书启动我的Hyperledger Fabric网络。我使用命令进行了测试:
openssl s_client -connect 0.0.0.0:7054
这些错误出现了,不允许我在网络上安全地执行其他功能:

  1. CONNECTED(00000003)
  2. Can't use SSL_get_servername
  3. depth=0 C = US, ST = North Carolina, O = Hyperledger, OU = Fabric, CN = 01258cf66abd
  4. verify error:num=20:unable to get local issuer certificate
  5. verify return:1
  6. depth=0 C = US, ST = North Carolina, O = Hyperledger, OU = Fabric, CN = 01258cf66abd
  7. verify error:num=21:unable to verify the first certificate
  8. verify return:1
  9. depth=0 C = US, ST = North Carolina, O = Hyperledger, OU = Fabric, CN = 01258cf66abd
  10. verify return:1
  11. ---
  12. Certificate chain
  13.  0 s:C = US, ST = North Carolina, O = Hyperledger, OU = Fabric, CN = 01258cf66abd
  14.    i:C = US, ST = North Carolina, O = Hyperledger, OU = Fabric, CN = ca-org1.modbus2chain.com
  15.    a:PKEY: id-ecPublicKey, 256 (bit); sigalg: ecdsa-with-SHA256
  16.    v:NotBefore: Oct 13 18:11:00 2023 GMT; NotAfter: Oct 12 18:11:00 2024 GMT
  17. ---
  18. Server certificate
  19. -----BEGIN CERTIFICATE-----
  20. MIICZzCCAg6gAwIBAgIUNVP4nPdNAwqOnl1xoLBJAU4twrMwCgYIKoZIzj0EAwIw
  21. cDELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRQwEgYDVQQK
  22. EwtIeXBlcmxlZGdlcjEPMA0GA1UECxMGRmFicmljMSEwHwYDVQQDExhjYS1vcmcx
  23. Lm1vZGJ1czJjaGFpbi5jb20wHhcNMjMxMDEzMTgxMTAwWhcNMjQxMDEyMTgxMTAw
  24. WjBkMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExFDASBgNV
  25. BAoTC0h5cGVybGVkZ2VyMQ8wDQYDVQQLEwZGYWJyaWMxFTATBgNVBAMTDDAxMjU4
  26. Y2Y2NmFiZDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEYMrFHkh4d4jhOyYNr2
  27. pgVVXj3tRQdTKAEhG8yRKcLbaCUmnvWfyRJcOkhDwQMcgWi3Q1oldKwwYwyWlBF7
  28. 5IyjgZEwgY4wDgYDVR0PAQH/BAQDAgOoMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
  29. BgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSFigfWkEptaqPUAdpSv20n
  30. YXPhuDAfBgNVHSMEGDAWgBTrhC/DiBO5TPVVF9jrBtUBdOYyGDAPBgNVHREECDAG
  31. hwQAAAAAMAoGCCqGSM49BAMCA0cAMEQCIEB16m00sdatIBrIfW/a049noXNf6qSK
  32. X0y1LVv8cSXYAiAEZ9VPRDsCCDrmWUFvJ3Do9lzE2oisfVTwiBMXRhTk7g==
  33. -----END CERTIFICATE-----
  34. subject=C = US, ST = North Carolina, O = Hyperledger, OU = Fabric, CN = 01258cf66abd
  35. issuer=C = US, ST = North Carolina, O = Hyperledger, OU = Fabric, CN = ca-org1.modbus2chain.com
  36. ---
  37. No client certificate CA names sent
  38. Peer signing digest: SHA256
  39. Peer signature type: ECDSA
  40. Server Temp Key: X25519, 253 bits
  41. ---
  42. SSL handshake has read 973 bytes and written 357 bytes
  43. Verification error: unable to verify the first certificate
  44. ---
  45. New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
  46. Server public key is 256 bit
  47. Secure Renegotiation IS NOT supported
  48. Compression: NONE
  49. Expansion: NONE
  50. No ALPN negotiated
  51. Early data was not sent
  52. Verify return code: 21 (unable to verify the first certificate)
  53. ---
  54. ---
  55. Post-Handshake New Session Ticket arrived:
  56. SSL-Session:
  57.     Protocol  : TLSv1.3
  58.     Cipher    : TLS_AES_128_GCM_SHA256
  59.     Session-ID: 311FA2527934B1CA07F078FDA7214ADC671780547E010B17B919DDC4D3862143
  60.     Session-ID-ctx:
  61.     Resumption PSK: D1F320B61597431E191596EEF0FBC7C9BEC4C38494FE7681E1755675A169F083
  62.     PSK identity: None
  63.     PSK identity hint: None
  64.     SRP username: None
  65.     TLS session ticket lifetime hint: 604800 (seconds)
  66.     TLS session ticket:
  67.     0000 - ba b0 69 e8 c2 34 26 9a-f1 68 0a 71 80 2f 1b 93   ..i..4&..h.q./..
  68.     0010 - 41 56 c8 32 e3 37 f2 63-b8 45 00 bf 1e 7f 71 71   AV.2.7.c.E....qq
  69.     0020 - 2e 39 c2 12 ea 7a 6a 1f-d3 02 b0 20 99 ca 0d aa   .9...zj.... ....
  70.     0030 - db ee 5c 1a 25 b7 f1 41-e7 d4 31 49 1a 2a 6b 15   ..\.%..A..1I.*k.
  71.     0040 - 5f 9a 07 52 90 39 14 34-af 7f 8b 7e da d1 b2 b3   _..R.9.4...~....
  72.     0050 - 95 4c d2 eb 89 be 14 ff-82 c4 22 53 85 7f 7f 8e   .L........"S....
  73.     0060 - fc d3 2d 44 be 67 53 89-14 92 26 65 8b 19 b9 f6   ..-D.gS...&e....
  74.     0070 - 66                                                f
  76.     Start Time: 1697222773
  77.     Timeout   : 7200 (sec)
  78.     Verify return code: 21 (unable to verify the first certificate)
  79.     Extended master secret: no
  80.     Max Early Data: 0
  81. ---
  82. read R BLOCK

谁能给我给予一下?

docker

1条答案

按热度按时间
cuxqih21

cuxqih211#

为什么要使用openssl?简单的方法是连接到容器并从内部执行命令:

  1. docker exec -it ca.sample.org sh

或者将结构二进制文件放在本地环境中(路径中的fabric-samples/bin),并直接在ca上运行命令,例如:

  1. # remember to set up fabric ca client home en var
  2. export FABRIC_CA_CLIENT_HOME=$PWD
  3. # Enroll CA admin user
  4. fabric-ca-client enroll -u http://admin:adminpw@localhost:7054
  6. # List Identities
  7. fabric-ca-client identify list
赞(0)分享  回复(0)举报  2023-10-16
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com