Re: Hyperleger Fabric 1.4.4 : unable to configure HSM with fabric ca #hsm #fabric-ca #fabric


Brett T Logan <brett.t.logan@...>
 

Have you updated the fabric-ca config file to also include the config block for PKCS11? In order for you to be able to over a config property with an environment variable, the keys have to at least exist in the config file. The default config file for the CA does not include the PKCS11 block
 
Brett Logan
Software Engineer, IBM Blockchain
Phone: 1-984-242-6890
 
 
 

----- Original message -----
From: "Kumari Shweta" <kumari.shweta@...>
Sent by: fabric@...
To: fabric@...
Cc:
Subject: [EXTERNAL] [Hyperledger Fabric] Hyperleger Fabric 1.4.4 : unable to configure HSM with fabric ca #hsm #fabric-ca #fabric
Date: Mon, Sep 28, 2020 9:33 AM
 
Hi Team,

We are trying to configure pkcs11 HSM key with fabric-ca client but getting following error.

"Error: Failed to get BCCSP with opts: Could not find BCCSP, no 'pkcs11' provider"

We have executed following steps:

1. We have cloned fabric-ca 1.4.7 git repo

2. from /opts/fabric-ca directory run below commands
    make clean
    make docker GO_TAGS=pkcs11

3 Used first network and did following environment changes in docker-compose-ca.yaml file  and restart ca container

   ca0:
    image: hyperledger/fabric-ca:amd64-1.4.7
    environment:
      - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
      - FABRIC_CA_SERVER_CA_NAME=ca-org1
      - FABRIC_CA_SERVER_TLS_ENABLED=true
      - FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
      #- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/${BYFN_CA1_PRIVATE_KEY}
      - FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/07777242bfa0a52d88d8ed5887d92c774e54886bcb8b41ce1a17ff42095c8363_sk
      - FABRIC_CA_SERVER_PORT=7054
      - FABRIC_CA_SERVER_BCCSP_LIBRARY=/etc/hyperledger/libsofthsm2.so
      - FABRIC_CA_SERVER_BCCSP_PIN=12345
      - FABRIC_CA_SERVER_BCCSP_LABEL=fabric
      - FABRIC_CA_SERVER_BCCSP_KEYSTORE=msp/keystore
      - FABRIC_CA_SERVER_BCCSP_DEFAULT=pkcs11
      - SOFT_HSM_2_CONF=/etc/hyperledger/config.file
      - FABRIC_LOGGING_SPEC=DEBUG
 
    ports:
      - "7054:7054"
    command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/${BYFN_CA1_PRIVATE_KEY} -b admin:adminpw -d'
    volumes:
      - ./crypto-config/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
      - /usr/local/lib/softhsm/libsofthsm2.so:/etc/hyperledger/libsofthsm2.so
      - /home/ubuntu/config.file:/etc/hyperledger/config.file
    container_name: ca_peerOrg1
    networks:
      byfn:
        aliases:
          - ca.org1.example.com
 
Kindly suggest.
 

Join fabric@lists.hyperledger.org to automatically receive all group messages.