文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
社区首页 >问答首页 >使用softHSM :为什么我的订货人仍然在Orderer.General.TLS.Privatekey路径上寻找私钥?

使用softHSM :为什么我的订货人仍然在Orderer.General.TLS.Privatekey路径上寻找私钥?
EN

Stack Overflow用户
提问于 2021-06-02 09:08:17
回答 1查看 184关注 0票数 0

当我试图使用softHSM存储私钥时出现了一些错误。

,请告诉我有什么问题

  1. Hyperledger Fabric版本: v2.3
  2. Orderer二进制:

代码语言:javascript
复制
git clone -b release-2.3 https://github.com/hyperledger/fabric.git
GO_TAGS=pkcs11 make orderer

  1. .yaml文件:

织物-ca-client-config.yaml,fabric-ca-server-config.yaml

代码语言:javascript
复制
bccsp:
    default: PKCS11
    pkcs11:
        Library: /usr/local/lib/softhsm/libsofthsm2.so
        Pin: "123"
        Label: fabric
        hash: SHA2
        security: 256
        Immutable: false

core.yaml,orderer.yaml

代码语言:javascript
复制
    BCCSP:
        Default: "PKCS11"
        # Settings for the SW crypto provider (i.e. when DEFAULT: SW)
        SW:
            # TODO: The default Hash and Security level needs refactoring to be
            # fully configurable. Changing these defaults requires coordination
            # SHA2 is hardcoded in several places, not only BCCSP
            Hash: SHA2
            Security: 256
            # Location of Key Store
            FileKeyStore:
                # If "", defaults to 'mspConfigPath'/keystore
                KeyStore:
        # Settings for the PKCS#11 crypto provider (i.e. when DEFAULT: PKCS11)
        PKCS11:
            # Location of the PKCS11 module library
            Library: /usr/local/lib/softhsm/libsofthsm2.so
            # Token Label
            Label: fabric
            # User PIN
            Pin: "123"
            Hash: SHA2
            Security: 256
hyperledger-fabric
hyperledger
hyperledger-fabric-ca
hyperledger-fabric2.2
EN

回答 1

Stack Overflow用户

发布于 2021-06-02 09:09:00

更多详情:

  1. 命令:

代码语言:javascript
复制
export FABRIC_CFG_PATH=/root/fabric-softHSM
export FABRIC_CFG_CLIENT_HOME=/root/fabric-softHSM/ca2admin

fabric-ca-server start -b ca2admin:ca2pw --cfg.affiliations.allowremove --cfg.identities.allowremove \
--csr.hosts ca2.server --home $FABRIC_CFG_PATH/ca2server -n ca2

## ca admin
fabric-ca-client enroll -u http://ca2admin:ca2pw@ca2.server:7054 --home $FABRIC_CFG_PATH/ca2admin \
--csr.hosts ca2.server,admin.ordorg2,ord0.ordorg2,ord1.ordorg2,ord2.ordorg2

mv $FABRIC_CFG_CLIENT_HOME/msp/cacerts/*-7054.pem $FABRIC_CFG_CLIENT_HOME/msp/cacerts/ca.crt

## orderer
fabric-ca-client affiliation --home $FABRIC_CFG_CLIENT_HOME add ordorg2

### admin register & enroll
fabric-ca-client register -u http://ca.server:7054 --id.name admin.ordorg2 --id.secret admin.ordorg2pw --id.affiliation ordorg2 --id.type admin \
--id.attrs '"hf.Registrar.Roles=client,orderer,peer,user,admin","hf.Registrar.DelegateRoles=client,orderer,peer,user,admin",hf.Registrar.Attributes=*,hf.GenCRL=true,hf.Revoker=true,hf.AffiliationMgr=true,hf.IntermediateCA=true,role=admin:ecert' \
--home $FABRIC_CFG_PATH/ca2admin

fabric-ca-client getcainfo -u http://ca.server:7054 -m ca.server --enrollment.profile tls \
--csr.hosts ca2.server,admin.ordorg2,ord0.ordorg2,ord1.ordorg2,ord2.ordorg2 -M $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/msp

mkdir -p $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/users/admin.ordorg2
cp ~/config-softHSM/fabric-ca-client-config.yaml $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/users/admin.ordorg2/.

fabric-ca-client enroll -u http://admin.ordorg2:admin.ordorg2pw@ca.server:7054 -m admin.ordorg2 --enrollment.profile tls \
--csr.hosts ca2.server,admin.ordorg2,ord0.ordorg2,ord1.ordorg2,ord2.ordorg2 -H $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/users/admin.ordorg2

mv $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/users/admin.ordorg2/msp/tlscacerts/*.pem  $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/users/admin.ordorg2/msp/tlscacerts/ca.crt
cp $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/users/admin.ordorg2/msp/tlscacerts/ca.crt $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/users/admin.ordorg2/msp/cacerts/ca.crt
mkdir $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/users/admin.ordorg2/msp/admincerts
cp $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/users/admin.ordorg2/msp/signcerts/cert.pem $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/users/admin.ordorg2/msp/admincerts/admin.ordorg2-cert.pem

### orderer register & enroll

fabric-ca-client register  --id.name ord0.ordorg2  --id.secret=ord0.ordorg2pw  --id.type orderer  --id.affiliation ordorg2  --id.attrs 'hf.Registrar.Roles=orderer:ecert'  \
--home $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/users/admin.ordorg2
 
mkdir -p orgs/ordorgs/ordorg2/orderers/ord0.ordorg2
cp ~/config-softHSM/fabric-ca-client-config.yaml orgs/ordorgs/ordorg2/orderers/ord0.ordorg2/.

fabric-ca-client enroll -u http://ord0.ordorg2:ord0.ordorg2pw@ca.server:7054 -m ord0.ordorg2  --enrollment.profile tls \
--csr.hosts ca2.server,admin.ordorg2,ord0.ordorg2,ord1.ordorg2,ord2.ordorg2 -H $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/orderers/ord0.ordorg2

mv $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/orderers/ord0.ordorg2/msp/tlscacerts/*-7054.pem $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/orderers/ord0.ordorg2/msp/tlscacerts/ca.crt
cp $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/orderers/ord0.ordorg2/msp/tlscacerts/ca.crt $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/orderers/ord0.ordorg2/msp/cacerts/ca.crt
mkdir $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/orderers/ord0.ordorg2/msp/admincerts
cp $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/users/admin.ordorg2/msp/admincerts/admin.ordorg2-cert.pem $FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/orderers/ord0.ordorg2/msp/admincerts/admin.ordorg2-cert.pem 

### orderer start

export ORDERER_GENERAL_TLS_CERTIFICATE=$FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/orderers/ord0.ordorg2/msp/signcerts/cert.pem
export ORDERER_GENERAL_TLS_CLIENTROOTCAS=[$FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/orderers/ord0.ordorg2/msp/tlscacerts/ca.crt]
export ORDERER_GENERAL_TLS_ROOTCAS=[$FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/orderers/ord0.ordorg2/msp/tlscacerts/ca.crt]
export ORDERER_GENERAL_BOOTSTRAPMETHOD=none
export ORDERER_GENERAL_LOCALMSPID=ordorg2MSP
export ORDERER_GENERAL_LOCALMSPDIR=$FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/orderers/ord0.ordorg2/msp

export ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=$FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/orderers/ord0.ordorg2/msp/signcerts/cert.pem
export ORDERER_GENERAL_CLUSTER_ROOTCAS=[$FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/orderers/ord0.ordorg2/msp/tlscacerts/ca.crt]
export ORDERER_CHANNELPARTICIPATION_ENABLED=true
export ORDERER_ADMIN_LISTENADDRESS=ord0.ordorg2:7078
export ORDERER_ADMIN_TLS_ENABLED=true
export ORDERER_ADMIN_TLS_CLIENTAUTHREQUIRED=true

export ORDERER_ADMIN_TLS_CERTIFICATE=$FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/orderers/ord0.ordorg2/msp/signcerts/cert.pem
export ORDERER_GENERAL_LISTENADDRESS=ord0.ordorg2
export ORDERER_OPERATIONS_LISTENADDRESS=ord0.ordorg2:8445
export ORDERER_FILELEDGER_LOCATION=/root/ordorgs/ordorg2/ord0.ordorg2
export ORDERER_ADMIN_TLS_CLIENTROOTCAS=[$FABRIC_CFG_PATH/orgs/ordorgs/ordorg2/users/admin.ordorg2/msp/tlscacerts/ca.crt]
export ORDERER_CONSENSUS_WALDIR=/var/hyperledger/production/orderer/etcdraft/wal/ord0.ordorg2
export ORDERER_CONSENSUS_SNAPDIR=/var/hyperledger/production/orderer/etcdraft/snapshot/ord0.ordorg2

orderer start

5.错误:

代码语言:javascript
复制
2021-06-02 18:02:08.195 KST [msp] Validate -> DEBU 03e MSP ordorg2MSP validating identity
2021-06-02 18:02:08.195 KST [msp] GetDefaultSigningIdentity -> DEBU 03f Obtaining default signing identity
2021-06-02 18:02:08.196 KST [orderer.common.server] initializeServerConfig -> FATA 040 Failed to load PrivateKey file '/root/fabric-softHSM' (read /root/fabric-softHSM: is a directory)
票数 0
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/67802143

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 粤公网安备44030502008569号

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档