You can't use HSM to store TLS keys.
From: "Jean-Gaël Dominé" <jgdomine@...>
Date: 12/06/2019 03:55 PM
Subject: [EXTERNAL] [Hyperledger Fabric] #hsm #raft Raft and HSM in the same network
Sent by: fabric@...
I'm currently trying to set up a network using Raft and HSM. Before adding HSM, everything was correctly working.
But when adding HSM, the private keys are not mounted on the containers anymore (orderers and peers).
The peers seem to be still working but with the orderer I get the following error:
2019-12-06 10:21:03.476 UTC [orderer.common.server] extractSysChanLastConfig -> INFO 003 Bootstrapping because no existing channels
2019-12-06 10:21:03.480 UTC [orderer.common.server] initializeClusterClientConfig -> FATA 004 Failed to load client TLS key file '' (open : no such file or directory)
After a quick test, I managed to confirm that it was the ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEYthat was the root cause of the error. I do not set it on purpose since I don't have it anymore but it seems to me that raft keeps looking for the private key.
Is Raft and HSM incompatible in Fabric right now (version 1.4.3 of the orderer)? Or am I missing something in the configuration?
Thank you for your help