toggle quoted messageShow quoted text
Thank for the prompt reply, we are trying to use a fabric samples that has mutual TLS enabled with HLExplorer as a client, but looks like fabric doesn't provide one, will have to modify the balance transfer client in order to use mutual TLS.
Another question is, how to generate the client key, and cert., and both key, cert needs to be on fabric-ca server registered? it is not clear, and what type of tools we can use to generate both.
The error message clearly says that the server (peer) did not receive the correct client certificate.
I assume along with CORE_PEER_TLS_CLIENTAUTHREQUIRED = true, you have set below env variables correctly
- CORE_PEER_TLS_CLIENTROOTCAS_FILES = CA certificate
- CORE_PEER_TLS_CLIENTCERT_FILE = client certificate
- CORE_PEER_TLS_CLIENTKEY_FILE = client key
You may use the fabric-ca to generate these client certificates. If you wish to use Openssl to generate client certs, keep in mind RSA keys are not supported by fabric.
You have to assign these certificates to client instance as well. I prefer to do it this way.
I would have used curl to verify 2way tls authentication configuration, if it was https.
curl -v --cacert ./ca.crt --key ./client.key --cert ./client.crt https://abc.com
Furthermore, you may check out this blog
, could be of some help.
On Thu, Mar 28, 2019 at 1:07 AM Nick Frunza <nfrunza@...
Are there any fabric samples with Mutual TLS enabled, aka. CORE_PEER_TLS_CLIENTAUTHREQUIRED=true ?
I enabled balance transfer with Mutual TLS, but it fails when running testAPI.sh with error:
2019-03-27T20:57:05.419Z - error: [Remote.js]: Error: Failed to connect before the deadline URL:grpcs://localhost:7051
[2019-03-27 16:57:05.419] [ERROR] Query - Error: Failed to connect before the deadline URL:grpcs://localhost:7051
at checkState (/home/mn/git/fabric-network/fabric-samples/balance-transfer/node_modules/grpc/src/client.js:720:16)
E0327 16:57:10.541722858 7375 ssl_transport_security.cc:219] ssl_info_callback: error occured.
E0327 16:57:10.541763890 7375 ssl_transport_security.cc:1227] Handshake failed with fatal error SSL_ERROR_SSL: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate.
E0327 16:57:12.156285882 7375 ssl_transport_security.cc:219] ssl_info_callback: error occured.