Re: Update expired orderer org admin certificate and orderer certs #fabric-questions #fabric-orderer #signcerts #fabric

Mattia Bolzonella

Hi, I'm working on the solution proposed, now I'm using a cli peer to do my channel update operations, before doing that I set the following variables in the peer cli:


CORE_PEER_TLS_CERT_FILE=Expired TSL Orderer cert

CORE_PEER_TLS_KEY_FILE=Expired TSL Orderer key

CORE_PEER_TLS_ROOTCERT_FILE=Not expired TLS CA root cert for MyOrdererMSP

CORE_PEER_MSPCONFIGPATH=Expired msp MyOrdererMSP (all expired certs of orderers and admin org)


Now when i run the following command: 

peer channel fetch config crypto/sys-channel-with-tls-expired-tesst.pb -o  -c sys-channel --tls --cafile  $ORDERER_TLS_CA_CERT --tlsHandshakeTimeShift 1240h

(the certs expired 100h ago)

I get the error:

ERRO 001 Cannot run peer because error when setting up MSP of type bccsp from directory path/to/orderMSP_admin/msp: signing identity expired 107h4m58.724186994s ago


So, if I cannot do a fetch of the channel config (I managed to do it with a new admin cert), ho can i do the channel update? Because i think I need the expired orderer admin MSP in order to sign the channel update configuration, or am I missing something?



Join { to automatically receive all group messages.