I tried to secure my API using Oauth 2.0 http://abeykoon.blogspot.com/2015/04/wso2-esb-securing-rest-end-point-using.html in wso2 EI custom SimpleOauthhandler and I'm observing this exception
Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated.
I tried to import certificates using keytool, but I'm not sure which certificates are expired, if certificate expiry is the cause for this exception.
Line 63(return stub.validate(dto).getValid();) in SimpleOAuthHandler class http://abeykoon.blogspot.com/2015/04/wso2-esb-securing-rest-end-point-using.html causing this exception
Exception:
[2020-01-10 13:10:54,931] [EI-Core] INFO - HTTPSender Unable to sendViaPost to url[https://localhost:9445/services/OAuth2TokenValidationService]
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:450)
at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:276)
at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:186)
at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:704)
at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:199)
at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:81)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:459)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:286)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:441)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:227)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)
at org.wso2.carbon.identity.oauth2.stub.OAuth2TokenValidationServiceStub.validate(OAuth2TokenValidationServiceStub.java:738)
at org.wso2.handler.SimpleOauthHandler.handleRequest(SimpleOauthHandler.java:93)
at org.apache.synapse.rest.API.process(API.java:325)
at org.apache.synapse.rest.RESTRequestHandler.apiProcess(RESTRequestHandler.java:135)
at org.apache.synapse.rest.RESTRequestHandler.dispatchToAPI(RESTRequestHandler.java:113)
at org.apache.synapse.rest.RESTRequestHandler.process(RESTRequestHandler.java:71)
at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.injectMessage(Axis2SynapseEnvironment.java:303)
at org.apache.synapse.core.axis2.SynapseMessageReceiver.receive(SynapseMessageReceiver.java:92)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
at org.apache.synapse.transport.passthru.ServerWorker.processNonEntityEnclosingRESTHandler(ServerWorker.java:337)
at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:158)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
[2020-01-10 13:10:54,933] [EI-Core] ERROR - SimpleOauthHandler Error occurred while processing the message
org.apache.axis2.AxisFault: peer not authenticated
at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
Download server certificat
(here is desrcibed how:
https://superuser.com/questions/97201/how-to-save-a-remote-server-ssl-certificate-locally-as-a-file)
In your case from localhost:9445
Add downloaded server SSL certificate to client-truststore.jks in WSO2.
keytool -import -alias localhost -file {PathToDownloadedCertFile} -keystore {WSO2HomeDir}\repository\resources\security\client-truststore.jks
Restart WSO2
Related
I am trying to connect 2 Keycloak instances. One as an Identity Provider and one as an external broker by following this article.
I am running 2 docker instances for keycloak with the following setup:
Keycloak-External (127.0.0.1:9090)
Keycloak Internal (127.0.0.1:8080)
Created 2 realms:
realm:“keycloak-external-broker” in Keycloak External (127.0.0.1:9090)
realm “keycloak-internal-identity” in Keycloak Internal (127.0.0.1:8080)
Registered Identity Provider on external broker with following setup
Configured Broker as Client on internal identity provider
Created a demo user from the user's section in Keycloak Internal (127.0.0.1:8080)
Accessed External Login url and click on sigin
http://127.0.0.1:9090/realms/keycloak-external-broker/account/
Following page shows up:
Clicking Employee login redirects me to internal identity provider as
But when i try to login with user created in internal keycloak.it gives me following error.
I'm putting out logs as well. I tried troubleshooting with various options as suggested in various blogs but still facing the issue. Appreciate any leads, Is there anything that i'm missing?
2023-02-15 09:11:40,900 WARN [org.keycloak.events] (executor-thread-179) type=IDENTITY_PROVIDER_LOGIN_ERROR, realmId=bf5ad1d9-c4c9-4f20-8272-e415c04ec67c, clientId=account-console, userId=null, ipAddress=172.17.0.1, error=identity_provider_login_failure, code_id=970a50e2-50af-4f38-80e1-8d4dd900c825, authSessionParentId=970a50e2-50af-4f38-80e1-8d4dd900c825, authSessionTabId=SPngHd5ApfM
2023-02-15 10:05:28,991 ERROR [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (executor-thread-190) Failed to make identity provider oauth callback: org.keycloak.broker.provider.IdentityBrokerException: No access_token from server. error='Realm does not exist', error_description='null', error_uri='null'
at org.keycloak.broker.oidc.OIDCIdentityProvider.verifyAccessToken(OIDCIdentityProvider.java:574)
at org.keycloak.broker.oidc.OIDCIdentityProvider.getFederatedIdentity(OIDCIdentityProvider.java:384)
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint.authResponse(AbstractOAuth2IdentityProvider.java:502)
at jdk.internal.reflect.GeneratedMethodAccessor669.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:170)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:130)
at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:660)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:524)
at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$2(ResourceMethodInvoker.java:474)
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:476)
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:434)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:192)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:152)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:183)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:141)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:32)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:492)
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:261)
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:161)
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364)
at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:164)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:247)
at io.quarkus.resteasy.runtime.standalone.RequestDispatcher.service(RequestDispatcher.java:73)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.dispatch(VertxRequestHandler.java:151)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:82)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:42)
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284)
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:173)
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:140)
at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:84)
at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:71)
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284)
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:173)
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:140)
at io.quarkus.vertx.http.runtime.VertxHttpRecorder$6.handle(VertxHttpRecorder.java:430)
at io.quarkus.vertx.http.runtime.VertxHttpRecorder$6.handle(VertxHttpRecorder.java:408)
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284)
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:173)
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:140)
at org.keycloak.quarkus.runtime.integration.web.QuarkusRequestFilter.lambda$createBlockingHandler$0(QuarkusRequestFilter.java:82)
at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:576)
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2449)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1478)
at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:829)
2023-02-15 10:05:29,004 WARN [org.keycloak.events] (executor-thread-190) type=IDENTITY_PROVIDER_LOGIN_ERROR, realmId=bf5ad1d9-c4c9-4f20-8272-e415c04ec67c, clientId=account-console, userId=null, ipAddress=172.17.0.1, error=identity_provider_login_failure, code_id=9ab52933-adf7-4987-97af-320797a534cb, authSessionParentId=9ab52933-adf7-4987-97af-320797a534cb, authSessionTabId=o8n1TLDNldc
Configured Node:
Launch method: Launchagents via SSH
Host: host
Credentials: added a new one by specifying username and Private key
Host Key Verification Strategy: Not verifying (The error does not differ when choosing a different value)
When I try to connect, I get an error:
[08/24/22 14:39:14] [SSH] Opening SSH connection to host:22.
[08/24/22 14:39:14] [SSH] WARNING: SSH Host Keys are not being verified. Man-in-the-middle attacks may be possible against this connection.
ERROR: Server rejected the 1 private key(s) for cred_name (credentialId:cred_name/method:publickey)
ERROR: Failed to authenticate as cred_name with credential=cred_name
java.io.IOException: Publickey authentication failed.
at com.trilead.ssh2.auth.AuthenticationManager.authenticatePublicKey(AuthenticationManager.java:349)
at com.trilead.ssh2.Connection.authenticateWithPublicKey(Connection.java:472)
at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPublicKeyAuthenticator.doAuthenticate(TrileadSSHPublicKeyAuthenticator.java:110)
at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.authenticate(SSHAuthenticator.java:431)
at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.authenticate(SSHAuthenticator.java:468)
at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:881)
at hudson.plugins.sshslaves.SSHLauncher.lambda$launch$0(SSHLauncher.java:434)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:833)
Caused by: java.io.IOException: Could not generate signature
at com.trilead.ssh2.signature.KeyAlgorithm.generateSignature(KeyAlgorithm.java:43)
at com.trilead.ssh2.auth.AuthenticationManager.authenticatePublicKey(AuthenticationManager.java:316)
... 10 more
Caused by: java.security.SignatureException: Could not sign data
at java.base/sun.security.rsa.RSASignature.engineSign(RSASignature.java:196)
at java.base/java.security.Signature$Delegate.engineSign(Signature.java:1423)
at java.base/java.security.Signature.sign(Signature.java:712)
at com.trilead.ssh2.signature.KeyAlgorithm.generateSignature(KeyAlgorithm.java:41)
... 11 more
Caused by: javax.crypto.BadPaddingException: RSA private key operation failed
at java.base/sun.security.rsa.RSACore.crtCrypt(RSACore.java:209)
at java.base/sun.security.rsa.RSACore.rsa(RSACore.java:130)
at java.base/sun.security.rsa.RSASignature.engineSign(RSASignature.java:193)
... 14 more
[08/24/22 14:39:14] [SSH] Authentication failed.
From the machine on which Jenkins is installed, I can connect to a remote one using:
ssh name#host -p 22
All the solutions I found to this issue were solved through the console under the user Jenkins
But how to solve this issue using the jenkins UI, because the connection to the previously created Node is active, the problems are only with this. Maybe he indicated something wrong
The private key was created using:
ssh-keygen -t rsa
I took the key from rsa_id
I had the same issue. I think it's a bug.
I changed the type of ssh-key to ed25519 and it worked.
ssh-keygen -t ed25519
I did the setup of the Cosmos DB emulator on the local machine, and started with the following parameters:
/port=443 /AllowNetworkAccess /Key=<CosmosPrimaryKey>
And currently, it is accessible via https://<LocalMachineIP>/
When I tried to make a curl request from the docker Redhat container (using docker image: confluentinc/cp-kafka-connect) it throws the below error:
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
And when trying to crate cosmos DB source connector it throws the below error:
[20 10:37:45,018] ERROR Client initialization failed. Check if the endpoint is reachable and if your auth token is valid. More info: https://aka.ms/cosmosdb-tsg-service-unavailable-java (com.azure.cosmos.implementation.RxDocumentClientImpl)
[2022-05-20 10:37:45,079] ERROR unexpected failure in initializing client. (com.azure.cosmos.implementation.RxDocumentClientImpl)
java.lang.RuntimeException: Client initialization failed. Check if the endpoint is reachable and if your auth token is valid. More info: https://aka.ms/cosmosdb-tsg-service-unavailable-java
at com.azure.cosmos.implementation.RxDocumentClientImpl.initializeGatewayConfigurationReader(RxDocumentClientImpl.java:401)
.......
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)
[2022-05-20 10:37:45,095] WARN [8e2a220b, L:/172.25.0.6:57076 ! R:/192.168.154.131:443] The connection observed an error (reactor.netty.http.client.HttpClientConnect)
shaded.io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at shaded.io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:477)
..........
at shaded.io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:986)
at shaded.io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at shaded.io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
.........
at shaded.io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1283)
at shaded.io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:507)
at shaded.io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:446)
... 17 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
.....................
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335)
... 31 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
... 37 more
I have exported the cosmos emulator .cer file using this article.
How to install it in the Docker container "kafka-connect"?
Can you post your curl request?
You need to use the -k flag to denote that it’s insecure.
curl -k https://{emulatoripaddr}:8081/_explorer/emulator.pem > emulatorcert.crt
It needs to be .crt
Then copy it to
/usr/local/share/ca-certificates/
Then install it
update-ca-certificates
Additionally you can mount a volume to the cosmos folder and save the .pem manually… /tmp/cosmos/appdata
Environment details
SonarQube – Version - 6.7.6(LTS)
OS – CentOS – 7.6
Protocol- Https
Certificate: SSL – Self Signed.
Jenkins: 2.164.1
Sonar Scanner Version - 3.3.0.1492
Nginx configured for reverse proxy.
On my Sonarqube server, I have created self-signed certificate using below command.
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /root/ssl-key/ sonarqube.key -out /root/ssl-key/sonarqube.crt
From Jenkins while analyzing the code getting below errors
11:30:33.957 ERROR: SonarQube server [https://sonarqube/sonar] can not be reached
11:30:33.958 INFO: ------------------------------------------------------------------------
11:30:33.958 INFO: EXECUTION FAILURE
11:30:33.958 INFO: ------------------------------------------------------------------------
11:30:33.959 INFO: Total time: 0.487s
11:30:33.987 INFO: Final Memory: 4M/121M
11:30:33.987 INFO: ------------------------------------------------------------------------
11:30:33.988 ERROR: Error during SonarQube Scanner execution
org.sonarsource.scanner.api.internal.ScannerException: Unable to execute SonarQube
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:84)
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:71)
at java.security.AccessController.doPrivileged(Native Method)
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:71)
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:67)
at org.sonarsource.scanner.api.EmbeddedScanner.doStart(EmbeddedScanner.java:218)
at org.sonarsource.scanner.api.EmbeddedScanner.start(EmbeddedScanner.java:156)
at org.sonarsource.scanner.cli.Main.execute(Main.java:74)
at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: java.lang.IllegalStateException: Fail to get bootstrap index from server
at org.sonarsource.scanner.api.internal.Jars.getBootstrapIndex(Jars.java:100)
at org.sonarsource.scanner.api.internal.Jars.getScannerEngineFiles(Jars.java:76)
at org.sonarsource.scanner.api.internal.Jars.download(Jars.java:70)
at org.sonarsource.scanner.api.internal.JarDownloader.download(JarDownloader.java:39)
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:75)
... 8 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I have the following two files in my sonarqube server (sonarqube.key and sonarqube.crt), Later I have copied these two files to my Jenkins server and executed still falling with same errors.
Since Jenkins runs on Java, you need to get Java to trust your self-signed certificate. You do this by using Java's keytool command to import the certificate (not the key) from your Sonarqube server into Java's cacerts truststore:
keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -alias SonarQube -import -file sonarqube.crt
Alternatively you may be able to use tools such as Portecle to perform the import if you have GUI based access to your Jenkins host.
I am trying create a channel according to documentation
Hyperledger Fabric v1.0 docs
Have an issue with certificate. On the docker "hyperledger/fabric-tools" node I can find certificate with current name - tlsca.example.com. But the channel cannot be created. I have certificate hand shake issue. Should I check/mount certificate to the peer node ?
root#4b6423da537b:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com# peer channel create -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/channel.tx --tls $CORE_PEER_TLS_ENABLED --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
2017-07-27 16:49:58.949 UTC [msp] GetLocalMSP -> DEBU 001 Returning existing local MSP
2017-07-27 16:49:58.949 UTC [msp] GetDefaultSigningIdentity -> DEBU 002 Obtaining default signing identity
2017-07-27 16:49:58.954 UTC [grpc] Printf -> DEBU 003 Failed to dial orderer.example.com:7050: connection error: desc = "transport: authentication handshake failed: x509: certificate signed by unknown authority (possibly because of \"x509: ECDSA verification failure\" while trying to verify candidate authority certificate \"tlsca.example.com\")"; please retry.
Error: Error connecting due to rpc error: code = Internal desc = connection error: desc = "transport: authentication handshake failed: x509: certificate signed by unknown authority (possibly because of \"x509: ECDSA verification failure\" while trying to verify candidate authority certificate \"tlsca.example.com\")"
Usage:
Thanks.
i meet the same problem. And run this command to close the network.
./network_setup.sh down mychannel
The reason that cause my problem is that the source code exists a error. So i modify this code error and reopen the network. This problem work out.
It would seem that you are in the incorrect working directory. When running the sample manually, you start the cli container and it places you in the /opt/gopath/src/github.com/hyperledger/fabric/peer directory. That is where you should be running the peer command. It would seem from your post that you were running the peer command in the /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com directory in the container, and it is not finding the configuration files that were mounted for the example.