Re: Update expired orderer org admin certificate and orderer certs #fabric #fabric-questions #fabric-orderer #signcerts


Mattia Bolzonella
 

Hi, I'm working on the solution proposed, now I'm using a cli peer to do my channel update operations, before doing that I set the following variables in the peer cli:

CORE_PEER_LOCALMSPID=MyOrderersMSP

CORE_PEER_TLS_CERT_FILE=Expired TSL Orderer cert

CORE_PEER_TLS_KEY_FILE=Expired TSL Orderer key

CORE_PEER_TLS_ROOTCERT_FILE=Not expired TLS CA root cert for MyOrdererMSP

CORE_PEER_MSPCONFIGPATH=Expired msp MyOrdererMSP (all expired certs of orderers and admin org)

 

Now when i run the following command: 

peer channel fetch config crypto/sys-channel-with-tls-expired-tesst.pb -o orderer0.obscureddomain.com:7050  -c sys-channel --tls --cafile  $ORDERER_TLS_CA_CERT --tlsHandshakeTimeShift 1240h

(the certs expired 100h ago)

I get the error:

ERRO 001 Cannot run peer because error when setting up MSP of type bccsp from directory path/to/orderMSP_admin/msp: signing identity expired 107h4m58.724186994s ago

 


So, if I cannot do a fetch of the channel config (I managed to do it with a new admin cert), ho can i do the channel update? Because i think I need the expired orderer admin MSP in order to sign the channel update configuration, or am I missing something?

 

 

Join fabric@lists.hyperledger.org to automatically receive all group messages.