DEVHIDE
Login Or Sign up

Using softHSM : why is my orderer still looking for private key on Orderer.General.TLS.Privatekey path?

291 Views Asked by At

I got some error when I tried to use softHSM to store private keys.

Please tell me what's the problem

  1. Hyperledger Fabric Version : v2.3
  2. Orderer Binary :
git clone -b release-2.3 https://github.com/hyperledger/fabric.git
GO_TAGS=pkcs11 make orderer
  1. .yaml files :

fabric-ca-client-config.yaml, fabric-ca-server-config.yaml

bccsp:
    default: PKCS11
    pkcs11:
        Library: /usr/local/lib/softhsm/libsofthsm2.so
        Pin: "123"
        Label: fabric
        hash: SHA2
        security: 256
        Immutable: false

core.yaml, orderer.yaml

    BCCSP:
        Default: "PKCS11"
        # Settings for the SW crypto provider (i.e. when DEFAULT: SW)
        SW:
            # TODO: The default Hash and Security level needs refactoring to be
            # fully configurable. Changing these defaults requires coordination
            # SHA2 is hardcoded in several places, not only BCCSP
            Hash: SHA2
            Security: 256
            # Location of Key Store
            FileKeyStore:
                # If "", defaults to 'mspConfigPath'/keystore
                KeyStore:
        # Settings for the PKCS#11 crypto provider (i.e. when DEFAULT: PKCS11)
        PKCS11:
            # Location of the PKCS11 module library
            Library: /usr/local/lib/softhsm/libsofthsm2.so
            # Token Label
            Label: fabric
            # User PIN
            Pin: "123"
            Hash: SHA2
            Security: 256
hyperledger-fabric hyperledger hyperledger-fabric-ca hyperledger-fabric2.2
Original Q&A
1

There are 1 best solutions below

5
On

more details :

  1. commands :
export FABRIC_CFG_PATH=/root/fabric-softHSM
export FABRIC_CFG_CLIENT_HOME=/root/fabric-softHSM/ca2admin

fabric-ca-server start -b ca2admin:ca2pw --cfg.affiliations.allowremove --cfg.identities.allowremove \
--csr.hosts ca2.server --home $FABRIC_CFG_PATH/ca2server -n ca2

## ca admin
fabric-ca-client enroll -u http://ca2admin:[email protected]:7054 --home $FABRIC_CFG_PATH/ca2admin \
--csr.hosts ca2.server,admin.ordorg2,ord0.ordorg2,ord1.ordorg2,ord2.ordorg2

mv $FABRIC_CFG_CLIENT_HOME/msp/cacerts/*-7054.pem $FABRIC_CFG_CLIENT_HOME/msp/cacerts/ca.crt

## orderer
fabric-ca-client affiliation --home $FABRIC_CFG_CLIENT_HOME add ordorg2

### admin register & enroll
fabric-ca-client register -u http://ca.server:7054 --id.name admin.ordorg2 --id.secret admin.ordorg2pw --id.affiliation ordorg2 --id.type admin \
--id.attrs '"hf.Registrar.Roles=client,orderer,peer,user,admin","hf.Registrar.DelegateRoles=client,orderer,peer,user,admin",hf.Registrar.Attributes=*,hf.GenCRL=true,hf.Revoker=true,hf.AffiliationMgr=true,hf.IntermediateCA=true,role=admin:ecert' \
--home $FABRIC_CFG_PATH/ca2admin

fabric-ca-client getcainfo -u http://ca.server:7054 -m ca.server --enrollment.profile tls \
--csr.hosts ca2.server,admin.ordorg2,ord0.ordorg2,ord1.ordorg2,ord2.ordorg2 -M $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/msp

mkdir -p $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/users/admin.ordorg2
cp ~/config-softHSM/fabric-ca-client-config.yaml $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/users/admin.ordorg2/.

fabric-ca-client enroll -u http://admin.ordorg2:[email protected]:7054 -m admin.ordorg2 --enrollment.profile tls \
--csr.hosts ca2.server,admin.ordorg2,ord0.ordorg2,ord1.ordorg2,ord2.ordorg2 -H $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/users/admin.ordorg2

mv $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/users/admin.ordorg2/msp/tlscacerts/*.pem  $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/users/admin.ordorg2/msp/tlscacerts/ca.crt
cp $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/users/admin.ordorg2/msp/tlscacerts/ca.crt $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/users/admin.ordorg2/msp/cacerts/ca.crt
mkdir $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/users/admin.ordorg2/msp/admincerts
cp $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/users/admin.ordorg2/msp/signcerts/cert.pem $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/users/admin.ordorg2/msp/admincerts/admin.ordorg2-cert.pem

### orderer register & enroll

fabric-ca-client register  --id.name ord0.ordorg2  --id.secret=ord0.ordorg2pw  --id.type orderer  --id.affiliation ordorg2  --id.attrs 'hf.Registrar.Roles=orderer:ecert'  \
--home $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/users/admin.ordorg2
 
mkdir -p orgs/ordorgs/ordorg2/orderers/ord0.ordorg2
cp ~/config-softHSM/fabric-ca-client-config.yaml orgs/ordorgs/ordorg2/orderers/ord0.ordorg2/.

fabric-ca-client enroll -u http://ord0.ordorg2:[email protected]:7054 -m ord0.ordorg2  --enrollment.profile tls \
--csr.hosts ca2.server,admin.ordorg2,ord0.ordorg2,ord1.ordorg2,ord2.ordorg2 -H $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/orderers/ord0.ordorg2

mv $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/orderers/ord0.ordorg2/msp/tlscacerts/*-7054.pem $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/orderers/ord0.ordorg2/msp/tlscacerts/ca.crt
cp $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/orderers/ord0.ordorg2/msp/tlscacerts/ca.crt $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/orderers/ord0.ordorg2/msp/cacerts/ca.crt
mkdir $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/orderers/ord0.ordorg2/msp/admincerts
cp $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/users/admin.ordorg2/msp/admincerts/admin.ordorg2-cert.pem $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/orderers/ord0.ordorg2/msp/admincerts/admin.ordorg2-cert.pem 

### orderer start

export ORDERER_GENERAL_TLS_CERTIFICATE=$FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/orderers/ord0.ordorg2/msp/signcerts/cert.pem
export ORDERER_GENERAL_TLS_CLIENTROOTCAS=[$FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/orderers/ord0.ordorg2/msp/tlscacerts/ca.crt]
export ORDERER_GENERAL_TLS_ROOTCAS=[$FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/orderers/ord0.ordorg2/msp/tlscacerts/ca.crt]
export ORDERER_GENERAL_BOOTSTRAPMETHOD=none
export ORDERER_GENERAL_LOCALMSPID=ordorg2MSP
export ORDERER_GENERAL_LOCALMSPDIR=$FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/orderers/ord0.ordorg2/msp

export ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=$FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/orderers/ord0.ordorg2/msp/signcerts/cert.pem
export ORDERER_GENERAL_CLUSTER_ROOTCAS=[$FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/orderers/ord0.ordorg2/msp/tlscacerts/ca.crt]
export ORDERER_CHANNELPARTICIPATION_ENABLED=true
export ORDERER_ADMIN_LISTENADDRESS=ord0.ordorg2:7078
export ORDERER_ADMIN_TLS_ENABLED=true
export ORDERER_ADMIN_TLS_CLIENTAUTHREQUIRED=true

export ORDERER_ADMIN_TLS_CERTIFICATE=$FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/orderers/ord0.ordorg2/msp/signcerts/cert.pem
export ORDERER_GENERAL_LISTENADDRESS=ord0.ordorg2
export ORDERER_OPERATIONS_LISTENADDRESS=ord0.ordorg2:8445
export ORDERER_FILELEDGER_LOCATION=/root/ordorgs/ordorg2/ord0.ordorg2
export ORDERER_ADMIN_TLS_CLIENTROOTCAS=[$FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/users/admin.ordorg2/msp/tlscacerts/ca.crt]
export ORDERER_CONSENSUS_WALDIR=/var/hyperledger/production/orderer/etcdraft/wal/ord0.ordorg2
export ORDERER_CONSENSUS_SNAPDIR=/var/hyperledger/production/orderer/etcdraft/snapshot/ord0.ordorg2

orderer start

5. ERROR :

2021-06-02 18:02:08.195 KST [msp] Validate -> DEBU 03e MSP ordorg2MSP validating identity
2021-06-02 18:02:08.195 KST [msp] GetDefaultSigningIdentity -> DEBU 03f Obtaining default signing identity
2021-06-02 18:02:08.196 KST [orderer.common.server] initializeServerConfig -> FATA 040 Failed to load PrivateKey file '/root/fabric-softHSM' (read /root/fabric-softHSM: is a directory)

Related Questions in HYPERLEDGER-FABRIC

Related Questions in HYPERLEDGER

Related Questions in HYPERLEDGER-FABRIC-CA

Related Questions in HYPERLEDGER-FABRIC2.2

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.