Unable to TLS using peer's TLS ca.crt


Abhijeet Bhowmik <abhijeet@...>
 

Hi All,

I am trying to start a network wherein order has TLS enabled. I copied peer's tls/ca.crt file to orderer volume. And then I try to create a channel on peer with --cafile tls/ca.crt but get's response Error: failed to create deliver client: orderer client failed to connect to orderer.flightcommand.com:7050: failed to create new connection: context deadline exceeded. On inspecting order logs, I see this 2020-04-19 07:50:55.580 UTC [core.comm] ServerHandshake -> ERRO 011 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.18.0.3:40514

Following are my orderer and peer env vars:
ORDERER:

# enabled tls

      - ORDERER_GENERAL_TLS_ENABLED=true

      - ORDERER_GENERAL_TLS_PRIVATEKEY=/etc/hyperledger/tls/orderer/server.key

      - ORDERER_GENERAL_TLS_CERTIFICATE=/etc/hyperledger/tls/orderer/server.crt

      - ORDERER_GENERAL_TLS_ROOTCAS=[/etc/hyperledger/tls/orderer/ca.crt,/etc/hyperledger/tls/peer/ca.crt]

PEER:

     - CORE_PEER_TLS_ENABLED=true

      - CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/tls/peer/server.crt

      - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/tls/peer/server.key

      - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/tls/peer/ca.crt

      - ORDERER_TLS_CA=/etc/hyperledger/tls/peer/ca.crt

** Please note that I use $ORDERER_TLS_CA for --cafile value.

I am hell confused about the files residing in the folder. Terminologies mentioned in docs escapes me. Could someone point me in the right direction. I will be grateful.

Thanks and Regards
Abhijeet Bhowmik

Join fabric@lists.hyperledger.org to automatically receive all group messages.