Re: Hyperleger Fabric 1.4.4 : unable to configure HSM with fabric ca #hsm #fabric-ca #fabric


Gari Singh <garis@...>
 

With bccsp, you cannot used environment variable overrides unless you actually have the keys/fields defined in the configuration file (fabric-ca-server-config.yaml).
The default fabric-ca-server-config.yaml generated by fabric-ca on startup does not include these fields so you will need to provide a config file which contains them.

-----------------------------------------
Gari Singh
Distinguished Engineer, CTO - IBM Blockchain
IBM Middleware
550 King St
Littleton, MA 01460
Cell: 978-846-7499
garis@...
-----------------------------------------

-----fabric@... wrote: -----
To: fabric@...
From: "Kumari Shweta"
Sent by: fabric@...
Date: 09/28/2020 09:35AM
Subject: [EXTERNAL] [Hyperledger Fabric] Hyperleger Fabric 1.4.4 : unable to configure HSM with fabric ca #hsm #fabric-ca #fabric

Hi Team,

We are trying to configure pkcs11 HSM key with fabric-ca client but getting following error.

"Error: Failed to get BCCSP with opts: Could not find BCCSP, no 'pkcs11' provider"

We have executed following steps:

1. We have cloned fabric-ca 1.4.7 git repo

2. from /opts/fabric-ca directory run below commands
make clean
make docker GO_TAGS=pkcs11

3 Used first network and did following environment changes in docker-compose-ca.yaml file and restart ca container

ca0:
image: hyperledger/fabric-ca:amd64-1.4.7
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca-org1
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
#- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/${BYFN_CA1_PRIVATE_KEY}
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/07777242bfa0a52d88d8ed5887d92c774e54886bcb8b41ce1a17ff42095c8363_sk
- FABRIC_CA_SERVER_PORT=7054
- FABRIC_CA_SERVER_BCCSP_LIBRARY=/etc/hyperledger/libsofthsm2.so
- FABRIC_CA_SERVER_BCCSP_PIN=12345
- FABRIC_CA_SERVER_BCCSP_LABEL=fabric
- FABRIC_CA_SERVER_BCCSP_KEYSTORE=msp/keystore
- FABRIC_CA_SERVER_BCCSP_DEFAULT=pkcs11
- SOFT_HSM_2_CONF=/etc/hyperledger/config.file
- FABRIC_LOGGING_SPEC=DEBUG

ports:
- "7054:7054"
command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/${BYFN_CA1_PRIVATE_KEY} -b admin:adminpw -d'
volumes:
- ./crypto-config/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
- /usr/local/lib/softhsm/libsofthsm2.so:/etc/hyperledger/libsofthsm2.so
- /home/ubuntu/config.file:/etc/hyperledger/config.file
container_name: ca_peerOrg1
networks:
byfn:
aliases:
- ca.org1.example.com
Kindly suggest.

Join fabric@lists.hyperledger.org to automatically receive all group messages.