AWS managed hyperledger fabric v1.4.7 blockchain - Getting bad certificate error when connecting to the fabric network #fabric #aws


neeroz.kumar29@...
 

I have deployed a AWS managed Hyperledger Fabric v1.4.7 blockchain. The HLF blockchain network and the EC2 instance (hlf-client) are in the same VPC and everything seems to be working fine since I am able to invoke transactions using the cli container.

I have my client-app which is using fabric-sdk-go gateway API to connect to the fabric network using the connection-profile.yaml to invoke/query the blockchain. This client-app is running in a docker container on same EC2 instance as the cli container which has all the necessary security configuration. The client-app is unable to connect to the fabric network due to a bad certificate error

If anyone has used AWS managed hyperledger fabric blockchain, then could you please let me know whether there's something wrong with my configuration or have I missed any additional config. I could not find any relevant sources with respect to this.

The client app is giving error logs as:

2021/11/02 10:44:17 error: Failed to create new channel client: event service creation failed: could not get chConfig cache reference: QueryBlockConfig failed: QueryBlockConfig failed: queryChaincode failed: Transaction processing for endorser [nd-xxxxx.m-xxxxxx.n-rh3k6kahfnd6bgtxxgru7c3b5q.managedblockchain.ap-xxxxx-1.amazonaws.com:30003]: Endorser Client Status Code: (2) CONNECTION_FAILED. Description: dialing connection on target [nd-xxxxxxx.m-xxxxxxx.n-xxxxxx.managedblockchain.xxxxxxx.com:30003]: connection is in TRANSIENT_FAILURE

The Peer logs is as:
[36m2021-11-02 10:54:17.388 UTC [grpc] handleRawConn -> DEBU 397f48 grpc: Server.Serve failed to complete security handshake from "10.0.2.131:25888": remote error: tls: bad certificate
[31m2021-11-02 10:54:17.388 UTC [core.comm] ServerHandshake -> ERRO 397f47 TLS handshake failed with error remote error: tls: bad certificate server=PeerServer remoteaddress=10.0.2.131:25888

My connection-profile.yaml is as:
---
name: n-RH3K6KAHFND6BGTXXGRU7C3B5Q
version: 1.0.0
client:
  organization: Org1
  connection:
    timeout:
      peer:
        endorser: "300"
channels:
  mychannel:
    peers:
      nd-CJFWWNIMUJABLLEVL6YITQQMXI:
        endorsingPeer: true
        chaincodeQuery: true
        ledgerQuery: true
        eventSource: true
organizations:
  Org1:
    mspid: m-L3ASCXXBINCWRBTIRBGPP4BP7U
    peers:
      - nd-CJFWWNIMUJABLLEVL6YITQQMXI
    certificateAuthorities:
      - m-L3ASCXXBINCWRBTIRBGPP4BP7U
peers:
  nd-CJFWWNIMUJABLLEVL6YITQQMXI:
    url: grpcs://nd-xxxxx.m-xxxxxx.n-xxxxx.managedblockchain.ap-xxxxxx-1.amazonaws.com:30003
    eventUrl: grpcs://nd-xxxxx.m-xxxx.n-xxxxxx.managedblockchain.ap-xxxxx-1.amazonaws.com:30004
    grpcOptions:
      ssl-target-name-override: nd-CJFWWNIMUJABLLEVL6YITQQMXI
    tlsCACerts:
      path: /home/ec2-user/managedblockchain-tls-chain.pem
certificateAuthorities:
  m-L3ASCXXBINCWRBTIRBGPP4BP7U:
    url: https://ca.m-xxxxx.n-xxxxxxx.managedblockchain.ap-xxxxx-1.amazonaws.com:30002
    httpOptions:
      verify: false
    tlsCACerts:
      path: /home/ec2-user/managedblockchain-tls-chain.pem
    caName: m-L3ASCXXBINCWRBTIRBGPP4BP7U

Join fabric@lists.hyperledger.org to automatically receive all group messages.