Peer failed getting private key from HSM
Carlos Eduardo Matos Ellery
Hi everyone,
I'm trying to use a certificate issued by an external CA trough an HSM integration but it's not working. The peer node (v1.4.7) doesn't start and gives the following output (complete log available at https://pastebin.com/J6npgd6G):
...
...
2020-06-24 22:32:42.231 UTC [main] InitCmd -> ERRO 03a Cannot run peer because error when setting up MSP of type bccsp from directory /etc/hyperledger/fabric/msp: KeyMaterial not found in SigningIdentityInfo
I've found that my certificate (located at msp/signcerts) doesn't have the SKID extension (https://tools.ietf.org/html/rfc3280#section-4.2.1.2) and the CA tech support have the excuse that this is a non-critical extension for end certificates. Now, is there a way BCCSP can find the corresponding private key of my certificate on the HSM?
Thanks for the help,
I'm trying to use a certificate issued by an external CA trough an HSM integration but it's not working. The peer node (v1.4.7) doesn't start and gives the following output (complete log available at https://pastebin.com/J6npgd6G):
...
2020-06-24 22:32:42.176 UTC [bccsp_p11] getSession
-> DEBU 038 Reusing existing pkcs11 session 1 on slot 1
2020-06-24 22:32:42.231 UTC [msp]
getSigningIdentityFromConf -> DEBU 039 Could not find SKI
[d69fe5487378e0914e8d65870128a8d4b55d05a502c45daddea30c7452a1fe2c],
trying KeyMaterial field: Key with SKI
d69fe5487378e0914e8d65870128a8d4b55d05a502c45daddea30c7452a1fe2c
not found in msp/keystore
Failed getting key for SKI [[214 159 229 72 115 120 224 145 78 141
101 135 1 40 168 212 181 93 5 165 2 196 93 173 222 163 12 116 82 161
254 44]]...
2020-06-24 22:32:42.231 UTC [main] InitCmd -> ERRO 03a Cannot run peer because error when setting up MSP of type bccsp from directory /etc/hyperledger/fabric/msp: KeyMaterial not found in SigningIdentityInfo
I've found that my certificate (located at msp/signcerts) doesn't have the SKID extension (https://tools.ietf.org/html/rfc3280#section-4.2.1.2) and the CA tech support have the excuse that this is a non-critical extension for end certificates. Now, is there a way BCCSP can find the corresponding private key of my certificate on the HSM?
Thanks for the help,
--
Carlos Eduardo Matos
Ellery