toggle quoted messageShow quoted text
Please don't put external links in your emails, many of us
have that blocked
Instead just copy/paste the actual text, which is also
preferable to screen shots.
On 9/11/2019 4:53 AM, Jean-Gaël Dominé
After a lot of struggle, I managed to progress without using a
multi-root CA. My issue was that neither the Common Name nor the
SAN of my certificates matched the name of the component it was
My workaround was to overwrite the SAN using the --csr.hosts
option of the fabric-ca-client command.
I still have an issue though that prevents the orderer and peers
to communicate (I get many tls handshake errors). To me, it seems
that the problem is coming from the tlsca certificate I get back
from the enrollment process.
For instance, when looking at a peer tlsca certificate obtained
using cryptogen, here is what it contains:
And when I take a look at the one obtained using the CA client, I
see the root CA...
NB: by tlsca certificate, I mean the file located in the tlsca
sub-folder of the tls folder
Does somebody have an idea why it does that and how to solve this?