Re: #fabric #tls TLS handshake error on "exotic" ports whereas network works perfectly fine #fabric #tls


Jean-Gaël Dominé <jgdomine@...>
 

Thank you Gari for your feedback.
I never heard of this notion of ephemeral ports before. So they are just ports used for the duration of a given grpc communication?

What I currently have is this:
1) System channel genesis block contains:
  • Orderer organizations MSP chain of trust (root CA and all the intermediates)
  • Orderers admin certificates
  • Orderer organizations TLS chain of trust (root CA and all the intermediates)
  • Orderers TLS certificates for Raft
2) "Application" channel genesis block contains the same information

Each peer mounts its own TLS certificate and key and I define these variables :

CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/crypto/peerOrganizations/org1-example-com/peers/peer0-org1-miles-com/tls/tlscacerts/cert.pem (root ca only, not the intermediates)
CORE_PEER_TLS_ENABLED=true
CORE_PEER_TLS_CLIENTAUTHREQUIRED=false
CORE_PEER_GOSSIP_SKIPHANDSHAKE=true

What am I missing?

Thank you

Join fabric@lists.hyperledger.org to automatically receive all group messages.