fabric-ca 如何生成客户端证书文件和密钥文件？

Question

fabric-ca-client enroll -u https://admin:adminpw@localhost:7054 -c fabric-ca-client-config.yaml

错误：POST 失败 [Post https://localhost:7054/enroll: x509: 证书对 example.com 有效，而不是 localhost]；不发送

fabric-ca-client-config.yaml

tls:

启用：真

certfiles: crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/tls/ca.crt

客户：

certfile: crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/tls/server.crt
keyfile: crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/tls/server.key

docker-compose.yaml

ca.org1.example.com：

image: hyperledger/fabric-ca
environment:
  - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
  - FABRIC_CA_SERVER_CA_NAME=ca.org1.example.com
  - FABRIC_CA_SERVER_TLS_ENABLED=true
  - FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
  - FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/${PRIVATE_KEY}
ports:
  - "7054:7054"
command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
volumes:
  - ./crypto-config/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
container_name: ca.org1.example.com

fabric-ca-client

fabric-ca-client enroll -u https://admin:adminpw@example.com:7054 -c fabric-ca-client-config.yaml

错误：POST 失败 [Post https://example.com:7054/enroll: x509: certificate signed by unknown authority];不发送

Answer 1

这里的问题是，fabric-ca-server 正在使用的 TLS 服务器证书是为 "example.com" 颁发的，而您正试图以 "localhost 的身份访问它"。

你可以

• 为 fabric-ca-server 禁用 TLS 以继续前进
• 为fabric-ca-server创建了一个对localhost有效的新TLS证书（我相信当fabric-ca-server自动生成TLS证书时它应该对localhost有效）
• 在您的主机文件中添加一个条目，将 "example.com" 映射到 127.0.0.1