我正在尝试遵循超级账本结构教程[1],并让Node.js SDK在我的网络中运行。我已经在我的 ca 服务器上成功注册了管理员,但是,在尝试下一步(注册新用户)时,我收到有关使用自签名证书的错误。
我什至不明白错误指的是哪个证书。 CA 服务器使用的证书显然是自签名的,因为它们是根证书。管理员身份的证书来自 CA 服务器本身,在上一个注册步骤中获取。
我的 ca-server 容器上的日志不包含任何错误,触发请求甚至不会在那里产生任何日志条目。
来自fabric-samples/fabcar和fabric-samples/basic-network的(未更改的)示例代码显然工作正常。据我所知,SDK代码在功能上与示例相同,因此我怀疑错误隐藏在配置中的某个位置。
这是我registerUser.js文件:
/*
* SPDX-License-Identifier: Apache-2.0
*/
'use strict';
const FabricCAServices = require('fabric-ca-client');
const { FileSystemWallet, X509WalletMixin } = require('fabric-network');
const fs = require('fs');
const path = require('path');
const ccpPath = path.resolve(__dirname, '..', '..', 'fabric-network', 'connection.json');
const ccpJSON = fs.readFileSync(ccpPath, 'utf8');
const ccp = JSON.parse(ccpJSON);
async function main() {
try {
// Create a new CA client for interacting with the CA.
const caURL = ccp.certificateAuthorities['ca.org1.org'].url;
const ca = new FabricCAServices(caURL);
// Create a new file system based wallet for managing identities.
const walletPath = path.join(process.cwd(), 'org1', 'wallet');
const wallet = new FileSystemWallet(walletPath);
console.log(`Wallet path: ${walletPath}`);
// Check to see if we've already enrolled the admin user.
const adminExists = await wallet.exists('admin');
if (adminExists) {
console.log('An identity for the admin user "admin" already exists in the wallet');
return;
}
// Enroll the admin user, and import the new identity into the wallet.
const enrollment = await ca.enroll({ enrollmentID: 'admin', enrollmentSecret: 'adminpw' });
const identity = X509WalletMixin.createIdentity('Org1MSP', enrollment.certificate, enrollment.key.toBytes());
wallet.import('admin', identity);
console.log('Successfully enrolled admin user "admin" and imported it into the wallet');
} catch (error) {
console.error(`Failed to enroll admin user "admin": ${error}`);
process.exit(1);
}
}
main();
。和我的connection.json文件:
{
"name": "OrganisationOne",
"version": "1.0.0",
"client": {
"organization": "Org1",
"connection": {
"timeout": {
"peer": {
"endorser": "300"
}
}
}
},
"organizations": {
"Org1": {
"mspid": "Org1MSP",
"peers": [
"peer0.org1.org",
"peer1.org1.org"
],
"certificateAuthorities": [
"ca.org1.org"
]
}
},
"peers": {
"peer0.org1.org": {
"url": "grpcs://localhost:7051",
"tlsCACerts": {
"path": "crypto-config/peerOrganizations/org1.org/tlsca/tlsca.org1.org-cert.pem"
},
"grpcOptions": {
"ssl-target-name-override": "peer0.org1.org"
}
},
"peer1.org1.org": {
"url": "grpcs://localhost:8051",
"tlsCACerts": {
"path": "crypto-config/peerOrganizations/org1.org/tlsca/tlsca.org1.org-cert.pem"
},
"grpcOptions": {
"ssl-target-name-override": "peer1.org1.org"
}
}
},
"certificateAuthorities": {
"ca.org1.org": {
"url": "https://localhost:7054",
"caName": "ca.org1.org"
}
}
}
我希望用户已成功注册,但收到以下错误:
Failed to register user "user1": Error: Calling register endpoint failed with error [Error: self signed certificate]
我该怎么做才能修复此错误,甚至获取有关它的更多有用信息?
在certificateAuthorities属性中指定此 connection.json 文件
"httpOptions": {
"verify": false
}
它对我有用
最近自己打了,我应该更清楚;
此错误是因为注册用户的 CLI 不喜欢从 CA 接收自签名证书。在许多环境中,这是默认值,因此听到默认值在 1.4.10 中更改为 false 会很有帮助。