我正在尝试从本地电脑连接到 Fabric-CA 服务器。 CA 服务器位于 Docker 环境中,我正在尝试使用 SSL 证书启动我的 Hyperledger Fabric 网络。 我使用命令进行了测试:
openssl s_client -connect 0.0.0.0:7054这些错误的出现不允许我安全地在网络上执行其他功能:
CONNECTED(00000003)
Can't use SSL_get_servername
depth=0 C = US, ST = North Carolina, O = Hyperledger, OU = Fabric, CN = 01258cf66abd
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = US, ST = North Carolina, O = Hyperledger, OU = Fabric, CN = 01258cf66abd
verify error:num=21:unable to verify the first certificate
verify return:1
depth=0 C = US, ST = North Carolina, O = Hyperledger, OU = Fabric, CN = 01258cf66abd
verify return:1
---
Certificate chain
0 s:C = US, ST = North Carolina, O = Hyperledger, OU = Fabric, CN = 01258cf66abd
i:C = US, ST = North Carolina, O = Hyperledger, OU = Fabric, CN = ca-org1.modbus2chain.com
a:PKEY: id-ecPublicKey, 256 (bit); sigalg: ecdsa-with-SHA256
v:NotBefore: Oct 13 18:11:00 2023 GMT; NotAfter: Oct 12 18:11:00 2024 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICZzCCAg6gAwIBAgIUNVP4nPdNAwqOnl1xoLBJAU4twrMwCgYIKoZIzj0EAwIw
cDELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRQwEgYDVQQK
EwtIeXBlcmxlZGdlcjEPMA0GA1UECxMGRmFicmljMSEwHwYDVQQDExhjYS1vcmcx
Lm1vZGJ1czJjaGFpbi5jb20wHhcNMjMxMDEzMTgxMTAwWhcNMjQxMDEyMTgxMTAw
WjBkMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExFDASBgNV
BAoTC0h5cGVybGVkZ2VyMQ8wDQYDVQQLEwZGYWJyaWMxFTATBgNVBAMTDDAxMjU4
Y2Y2NmFiZDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEYMrFHkh4d4jhOyYNr2
pgVVXj3tRQdTKAEhG8yRKcLbaCUmnvWfyRJcOkhDwQMcgWi3Q1oldKwwYwyWlBF7
5IyjgZEwgY4wDgYDVR0PAQH/BAQDAgOoMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
BgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSFigfWkEptaqPUAdpSv20n
YXPhuDAfBgNVHSMEGDAWgBTrhC/DiBO5TPVVF9jrBtUBdOYyGDAPBgNVHREECDAG
hwQAAAAAMAoGCCqGSM49BAMCA0cAMEQCIEB16m00sdatIBrIfW/a049noXNf6qSK
X0y1LVv8cSXYAiAEZ9VPRDsCCDrmWUFvJ3Do9lzE2oisfVTwiBMXRhTk7g==
-----END CERTIFICATE-----
subject=C = US, ST = North Carolina, O = Hyperledger, OU = Fabric, CN = 01258cf66abd
issuer=C = US, ST = North Carolina, O = Hyperledger, OU = Fabric, CN = ca-org1.modbus2chain.com
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 973 bytes and written 357 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 21 (unable to verify the first certificate)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_128_GCM_SHA256
Session-ID: 311FA2527934B1CA07F078FDA7214ADC671780547E010B17B919DDC4D3862143
Session-ID-ctx:
Resumption PSK: D1F320B61597431E191596EEF0FBC7C9BEC4C38494FE7681E1755675A169F083
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 604800 (seconds)
TLS session ticket:
0000 - ba b0 69 e8 c2 34 26 9a-f1 68 0a 71 80 2f 1b 93 ..i..4&..h.q./..
0010 - 41 56 c8 32 e3 37 f2 63-b8 45 00 bf 1e 7f 71 71 AV.2.7.c.E....qq
0020 - 2e 39 c2 12 ea 7a 6a 1f-d3 02 b0 20 99 ca 0d aa .9...zj.... ....
0030 - db ee 5c 1a 25 b7 f1 41-e7 d4 31 49 1a 2a 6b 15 ..\.%..A..1I.*k.
0040 - 5f 9a 07 52 90 39 14 34-af 7f 8b 7e da d1 b2 b3 _..R.9.4...~....
0050 - 95 4c d2 eb 89 be 14 ff-82 c4 22 53 85 7f 7f 8e .L........"S....
0060 - fc d3 2d 44 be 67 53 89-14 92 26 65 8b 19 b9 f6 ..-D.gS...&e....
0070 - 66 f
Start Time: 1697222773
Timeout : 7200 (sec)
Verify return code: 21 (unable to verify the first certificate)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
有人可以给我一些建议吗?
为什么尝试使用 openssl?通常的方法是连接到容器并从内部执行命令:
docker exec -it ca.sample.org sh
或者在本地环境中拥有结构二进制文件(路径中的fabric-samples/bin)并直接向ca运行命令,例如:
# remember to set up fabric ca client home en var
export FABRIC_CA_CLIENT_HOME=$PWD
# Enroll CA admin user
fabric-ca-client enroll -u http://admin:adminpw@localhost:7054
# List Identities
fabric-ca-client identify list