When I run fabric-sdk-go code in the fabric network,some certificate problem happened to me.
Firstly, when i create the fabric sdk client, I got a warnning:
[fabsdk/util] 2023/02/20 13:04:42 UTC - lazyref.(*Reference).refreshValue -> WARN Error - initializer returned error: load MSPs from config failed: configure MSP failed: sanitizeCert failed the supplied identity is not valid: x509: certificate signed by unknown authority. Will retry again later
and then when i tried to invoke the chaincode, it came to an error:
invoke chaincode error: signature validation failed: Endorser Client Status Code: (8) SIGNATURE_VERIFICATION_FAILED. Description: the creator certificate is not valid
The invoke command works well in the fabric-cli container,so it confuse me.I checkout the fabric sdk's config file,and find nothing wrong compared with fabric-sdk-go's test config file.
fabric version:2.2.9.And i got 2 orgs and each org had 2 peers.
here is my fabric-sdk config file
name: "example-network"
#
# Schema version of the content. Used by the SDK to apply the corresponding parsing rules.
#
version: 1.0.0
#
# The client section used by GO SDK.
#
client:
organization: Org1
logging:
level: info
peer:
timeout:
connection: 10s
response: 180s
discovery:
greylistExpiry: 10s
registrationResponse: 10s
orderer:
timeout:
connection: 3s
response: 10s
global:
timeout:
query: 45s
execute: 60s
resmgmt: 60s
cache:
connectionIdle: 30s
eventServiceIdle: 2m
channelConfig: 60s
channelMembership: 30s
cryptoconfig:
path: ${GOPATH}/src/test-network/fixtures/crypto-config
credentialStore:
path: "/tmp/example-store"
cryptoStore:
path: /tmp/example-msp
# BCCSP config for the client. Used by GO SDK.
BCCSP:
security:
enabled: true
default:
provider: "SW"
hashAlgorithm: "SHA2"
softVerify: true
level: 256
tlsCerts:
# [Optional]. Use system certificate pool when connecting to peers, orderers (for negotiating TLS) Default: false
systemCertPool: false
# [Optional]. Client key and cert for TLS handshake with peers and orderers
client:
key:
path: ${GOPATH}/src/test-network/fixtures/crypto-config/peerOrganizations/org1.root.example.com/users/User1@org1.root.example.com/tls/client.key
cert:
path: ${GOPATH}/src/test-network/fixtures/crypto-config/peerOrganizations/org1.root.example.com/users/User1@org1.root.example.com/tls/client.crt
channels:
# name of the channel
mychannel:
peers:
peer0.org1.root.example.com:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
peer1.org1.root.example.com:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
peer0.org2.root.example.com:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
peer1.org2.root.example.com:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
policies:
queryChannelConfig:
minResponses: 1
maxTargets: 1
retryOpts:
attempts: 5
initialBackoff: 500ms
maxBackoff: 5s
backoffFactor: 2.0
discovery:
maxTargets: 2
retryOpts:
attempts: 4
initialBackoff: 500ms
maxBackoff: 5s
backoffFactor: 2.0
eventService:
resolverStrategy: PreferOrg
balancer: Random
blockHeightLagThreshold: 5
reconnectBlockHeightLagThreshold: 10
peerMonitorPeriod: 5s
organizations:
Org1:
mspid: Org1MSP
cryptoPath: peerOrganizations/org1.root.example.com/users/{userName}@org1.root.example.com/msp
peers:
- peer0.org1.root.example.com
- peer1.org1.root.example.com
certificateAuthorities:
- ca.org1.root.example.com
Org2:
mspid: Org2MSP
cryptoPath: peerOrganizations/org2.root.example.com/users/{userName}@org2.root.example.com/msp
peers:
- peer0.org2.root.example.com
- peer1.org2.root.example.com
certificateAuthorities:
- ca.org2.root.example.com
# Orderer Org name
ordererorg:
# Membership Service Provider ID for this organization
mspID: OrdererMSP
# Needed to load users crypto keys and certs for this org (absolute path or relative to global crypto path, DEV mode)
cryptoPath: ordererOrganizations/root.example.com/users/Admin@root.example.com/msp
orderers:
orderer.root.example.com:
url: localhost:7050
grpcOptions:
ssl-target-name-override: orderer.root.example.com
keep-alive-time: 0s
keep-alive-timeout: 20s
keep-alive-permit: false
fail-fast: false
allow-insecure: false
tlsCACerts:
path: ${GOPATH}/src/test-network/fixtures/crypto-config/ordererOrganizations/root.example.com/tlsca/tlsca.root.example.com-cert.pem
peers:
peer0.org1.root.example.com:
url: localhost:7051
eventUrl: localhost:7053
grpcOptions:
ssl-target-name-override: peer0.org1.root.example.com
keep-alive-time: 0s
keep-alive-timeout: 20s
keep-alive-permit: false
fail-fast: false
allow-insecure: false
tlsCACerts:
path: ${GOPATH}/src/test-network/fixtures/crypto-config/peerOrganizations/org1.root.example.com/tlsca/tlsca.org1.root.example.com-cert.pem
peer1.org1.root.example.com:
url: localhost:8051
eventUrl: localhost:8053
grpcOptions:
ssl-target-name-override: peer1.org1.root.example.com
keep-alive-time: 0s
keep-alive-timeout: 20s
keep-alive-permit: false
fail-fast: false
allow-insecure: false
tlsCACerts:
path: ${GOPATH}/src/test-network/fixtures/crypto-config/peerOrganizations/org1.root.example.com/tlsca/tlsca.org1.root.example.com-cert.pem
peer0.org2.root.example.com:
url: localhost:9051
eventUrl: localhost:9053
grpcOptions:
ssl-target-name-override: peer0.org2.root.example.com
keep-alive-time: 0s
keep-alive-timeout: 20s
keep-alive-permit: false
fail-fast: false
allow-insecure: false
tlsCACerts:
path: ${GOPATH}/src/test-network/fixtures/crypto-config/peerOrganizations/org2.root.example.com/tlsca/tlsca.org2.root.example.com-cert.pem
peer1.org2.root.example.com:
url: localhost:10051
eventUrl: localhost:10053
grpcOptions:
ssl-target-name-override: peer1.org2.root.example.com
keep-alive-time: 0s
keep-alive-timeout: 20s
keep-alive-permit: false
fail-fast: false
allow-insecure: false
tlsCACerts:
path: ${GOPATH}/src/test-network/fixtures/crypto-config/peerOrganizations/org2.root.example.com/tlsca/tlsca.org2.root.example.com-cert.pem
certificateAuthorities:
ca.org1.root.example.com:
url: http://localhost:7054
tlsCACerts:
path: ${GOPATH}/src/test-network/fixtures/crypto-config/peerOrganizations/org1.root.example.com/ca/ca.org1.root.example.com-cert.pem
client:
key:
path: ${GOPATH}/src/test-network/fixtures/crypto-config/peerOrganizations/org1.root.example.com/users/User1@org1.root.example.com/tls/client.key
cert:
path: ${GOPATH}/src/test-network/fixtures/crypto-config/peerOrganizations/org1.root.example.com/users/User1@org1.root.example.com/tls/client.crt
registrar:
enrollId: admin
enrollSecret: adminpw
caName: ca.org1.root.example.com
ca.org2.root.example.com:
url: http://localhost:8054
tlsCACerts:
path: ${GOPATH}/src/test-network/fixtures/crypto-config/peerOrganizations/org2.root.example.com/ca/ca.org2.root.example.com-cert.pem
client:
key:
path: ${GOPATH}/src/test-network/fixtures/crypto-config/peerOrganizations/org2.root.example.com/users/User1@org2.root.example.com/tls/client.key
cert:
path: ${GOPATH}/src/test-network/fixtures/crypto-config/peerOrganizations/org2.root.example.com/users/User1@org2.root.example.com/tls/client.crt
registrar:
enrollId: admin
enrollSecret: adminpw
caName: ca.org2.root.example.com
entityMatchers:
peer:
- pattern: (\w*)peer0.org1.root.example.com(\w*)
urlSubstitutionExp: localhost:7051
eventUrlSubstitutionExp: localhost:7053
sslTargetOverrideUrlSubstitutionExp: peer0.org1.root.example.com
mappedHost: peer0.org1.root.example.com
- pattern: (\w*)peer1.org1.root.example.com(\w*)
urlSubstitutionExp: localhost:8051
eventUrlSubstitutionExp: localhost:8053
sslTargetOverrideUrlSubstitutionExp: peer1.org1.root.example.com
mappedHost: peer1.org1.root.example.com
- pattern: (\w*)peer0.org2.root.example.com(\w*)
urlSubstitutionExp: localhost:9051
eventUrlSubstitutionExp: localhost:9053
sslTargetOverrideUrlSubstitutionExp: peer0.org2.root.example.com
mappedHost: peer0.org2.root.example.com
- pattern: (\w*)peer1.org2.root.example.com(\w*)
urlSubstitutionExp: localhost:10051
eventUrlSubstitutionExp: localhost:10053
sslTargetOverrideUrlSubstitutionExp: peer1.org2.root.example.com
mappedHost: peer1.org2.root.example.com
orderer:
- pattern: (\w*)orderer.root.example.com(\w*)
urlSubstitutionExp: localhost:7050
sslTargetOverrideUrlSubstitutionExp: orderer.root.example.com
mappedHost: orderer.root.example.com
certificateAuthorities:
- pattern: (\w*)ca.org1.root.example.com(\w*)
urlSubstitutionExp: http://localhost:7054
mappedHost: ca.org1.root.example.com
- pattern: (\w*)ca.org2.root.example.com(\w*)
urlSubstitutionExp: http://localhost:8054
mappedHost: ca.org2.root.example.com
And the error code and debug info:
req := channel.Request{
ChaincodeID: request.ChaincodeID, //businessCC
Fcn: request.Fcn, //modifyInfo
Args: request.Args, //https://172.60.65.49:9001/chain/
}
reqPeers := channel.WithTargetEndpoints(c.PeerList...) //github.com/hyperledger/fabric-sdk-go/pkg/client/channel.WithTargetEndpoints.func1
resp, err := c.cc.Execute(req, reqPeers) //
I'm not sure the error was caused by the warrning,and i can't solve the MSP's certificate problem after i checked the network's configuration.Can anyone help me with this?
Try lowering the go version to 1.18, I solved the problem this way.