如何解决使用 softHSM:为什么我的订购者仍在 Orderer.General.TLS.Privatekey 路径上寻找私钥?
当我尝试使用 softHSM 存储私钥时出现错误。
请告诉我有什么问题
- Hyperledger Fabric 版本:v2.3
- 订购者二进制:
git clone -b release-2.3 https://github.com/hyperledger/fabric.git
GO_TAGS=pkcs11 make orderer
- .yaml 文件:
fabric-ca-client-config.yaml、fabric-ca-server-config.yaml
bccsp:
default: PKCS11
pkcs11:
Library: /usr/local/lib/softhsm/libsofthsm2.so
Pin: "123"
Label: fabric
hash: SHA2
security: 256
Immutable: false
core.yaml、orderer.yaml
BCCSP:
Default: "PKCS11"
# Settings for the SW crypto provider (i.e. when DEFAULT: SW)
SW:
# TODO: The default Hash and Security level needs refactoring to be
# fully configurable. Changing these defaults requires coordination
# SHA2 is hardcoded in several places,not only BCCSP
Hash: SHA2
Security: 256
# Location of Key Store
FileKeyStore:
# If "",defaults to 'mspConfigPath'/keystore
KeyStore:
# Settings for the PKCS#11 crypto provider (i.e. when DEFAULT: PKCS11)
PKCS11:
# Location of the PKCS11 module library
Library: /usr/local/lib/softhsm/libsofthsm2.so
# Token Label
Label: fabric
# User PIN
Pin: "123"
Hash: SHA2
Security: 256
解决方法
更多细节:
- 命令:
export FABRIC_CFG_PATH=/root/fabric-softHSM
export FABRIC_CFG_CLIENT_HOME=/root/fabric-softHSM/ca2admin
fabric-ca-server start -b ca2admin:ca2pw --cfg.affiliations.allowremove --cfg.identities.allowremove \
--csr.hosts ca2.server --home $FABRIC_CFG_PATH/ca2server -n ca2
## ca admin
fabric-ca-client enroll -u http://ca2admin:ca2pw@ca2.server:7054 --home $FABRIC_CFG_PATH/ca2admin \
--csr.hosts ca2.server,admin.ordorg2,ord0.ordorg2,ord1.ordorg2,ord2.ordorg2
mv $FABRIC_CFG_CLIENT_HOME/msp/cacerts/*-7054.pem $FABRIC_CFG_CLIENT_HOME/msp/cacerts/ca.crt
## orderer
fabric-ca-client affiliation --home $FABRIC_CFG_CLIENT_HOME add ordorg2
### admin register & enroll
fabric-ca-client register -u http://ca.server:7054 --id.name admin.ordorg2 --id.secret admin.ordorg2pw --id.affiliation ordorg2 --id.type admin \
--id.attrs '"hf.Registrar.Roles=client,orderer,peer,user,admin","hf.Registrar.DelegateRoles=client,hf.Registrar.Attributes=*,hf.GenCRL=true,hf.Revoker=true,hf.AffiliationMgr=true,hf.IntermediateCA=true,role=admin:ecert' \
--home $FABRIC_CFG_PATH/ca2admin
fabric-ca-client getcainfo -u http://ca.server:7054 -m ca.server --enrollment.profile tls \
--csr.hosts ca2.server,ord2.ordorg2 -M $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/msp
mkdir -p $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/users/admin.ordorg2
cp ~/config-softHSM/fabric-ca-client-config.yaml $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/users/admin.ordorg2/.
fabric-ca-client enroll -u http://admin.ordorg2:admin.ordorg2pw@ca.server:7054 -m admin.ordorg2 --enrollment.profile tls \
--csr.hosts ca2.server,ord2.ordorg2 -H $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/users/admin.ordorg2
mv $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/users/admin.ordorg2/msp/tlscacerts/*.pem $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/users/admin.ordorg2/msp/tlscacerts/ca.crt
cp $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/users/admin.ordorg2/msp/tlscacerts/ca.crt $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/users/admin.ordorg2/msp/cacerts/ca.crt
mkdir $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/users/admin.ordorg2/msp/admincerts
cp $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/users/admin.ordorg2/msp/signcerts/cert.pem $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/users/admin.ordorg2/msp/admincerts/admin.ordorg2-cert.pem
### orderer register & enroll
fabric-ca-client register --id.name ord0.ordorg2 --id.secret=ord0.ordorg2pw --id.type orderer --id.affiliation ordorg2 --id.attrs 'hf.Registrar.Roles=orderer:ecert' \
--home $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/users/admin.ordorg2
mkdir -p orgs/ordorgs/ordorg2/orderers/ord0.ordorg2
cp ~/config-softHSM/fabric-ca-client-config.yaml orgs/ordorgs/ordorg2/orderers/ord0.ordorg2/.
fabric-ca-client enroll -u http://ord0.ordorg2:ord0.ordorg2pw@ca.server:7054 -m ord0.ordorg2 --enrollment.profile tls \
--csr.hosts ca2.server,ord2.ordorg2 -H $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/orderers/ord0.ordorg2
mv $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/orderers/ord0.ordorg2/msp/tlscacerts/*-7054.pem $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/orderers/ord0.ordorg2/msp/tlscacerts/ca.crt
cp $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/orderers/ord0.ordorg2/msp/tlscacerts/ca.crt $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/orderers/ord0.ordorg2/msp/cacerts/ca.crt
mkdir $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/orderers/ord0.ordorg2/msp/admincerts
cp $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/users/admin.ordorg2/msp/admincerts/admin.ordorg2-cert.pem $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/orderers/ord0.ordorg2/msp/admincerts/admin.ordorg2-cert.pem
### orderer start
export ORDERER_GENERAL_TLS_CERTIFICATE=$FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/orderers/ord0.ordorg2/msp/signcerts/cert.pem
export ORDERER_GENERAL_TLS_CLIENTROOTCAS=[$FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/orderers/ord0.ordorg2/msp/tlscacerts/ca.crt]
export ORDERER_GENERAL_TLS_ROOTCAS=[$FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/orderers/ord0.ordorg2/msp/tlscacerts/ca.crt]
export ORDERER_GENERAL_BOOTSTRAPMETHOD=none
export ORDERER_GENERAL_LOCALMSPID=ordorg2MSP
export ORDERER_GENERAL_LOCALMSPDIR=$FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/orderers/ord0.ordorg2/msp
export ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=$FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/orderers/ord0.ordorg2/msp/signcerts/cert.pem
export ORDERER_GENERAL_CLUSTER_ROOTCAS=[$FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/orderers/ord0.ordorg2/msp/tlscacerts/ca.crt]
export ORDERER_CHANNELPARTICIPATION_ENABLED=true
export ORDERER_ADMIN_LISTENADDRESS=ord0.ordorg2:7078
export ORDERER_ADMIN_TLS_ENABLED=true
export ORDERER_ADMIN_TLS_CLIENTAUTHREQUIRED=true
export ORDERER_ADMIN_TLS_CERTIFICATE=$FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/orderers/ord0.ordorg2/msp/signcerts/cert.pem
export ORDERER_GENERAL_LISTENADDRESS=ord0.ordorg2
export ORDERER_OPERATIONS_LISTENADDRESS=ord0.ordorg2:8445
export ORDERER_FILELEDGER_LOCATION=/root/ordorgs/ordorg2/ord0.ordorg2
export ORDERER_ADMIN_TLS_CLIENTROOTCAS=[$FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/users/admin.ordorg2/msp/tlscacerts/ca.crt]
export ORDERER_CONSENSUS_WALDIR=/var/hyperledger/production/orderer/etcdraft/wal/ord0.ordorg2
export ORDERER_CONSENSUS_SNAPDIR=/var/hyperledger/production/orderer/etcdraft/snapshot/ord0.ordorg2
orderer start
5.错误:
2021-06-02 18:02:08.195 KST [msp] Validate -> DEBU 03e MSP ordorg2MSP validating identity
2021-06-02 18:02:08.195 KST [msp] GetDefaultSigningIdentity -> DEBU 03f Obtaining default signing identity
2021-06-02 18:02:08.196 KST [orderer.common.server] initializeServerConfig -> FATA 040 Failed to load PrivateKey file '/root/fabric-softHSM' (read /root/fabric-softHSM: is a directory)
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。