Re: Update expired orderer org admin certificate and orderer certs

Home Messages Hashtags Subgroups

Mattia Bolzonella #9974 Hi, I'm working on the solution proposed, now I'm using a cli peer to do my channel update operations, before doing that I set the following variables in the peer cli: CORE_PEER_LOCALMSPID=MyOrderersMSP CORE_PEER_TLS_CERT_FILE=Expired TSL Orderer cert CORE_PEER_TLS_KEY_FILE=Expired TSL Orderer key CORE_PEER_TLS_ROOTCERT_FILE=Not expired TLS CA root cert for MyOrdererMSP CORE_PEER_MSPCONFIGPATH=Expired msp MyOrdererMSP (all expired certs of orderers and admin org) Now when i run the following command: peer channel fetch config crypto/sys-channel-with-tls-expired-tesst.pb -o orderer0.obscureddomain.com:7050 -c sys-channel --tls --cafile $ORDERER_TLS_CA_CERT --tlsHandshakeTimeShift 1240h (the certs expired 100h ago) I get the error: ERRO 001 Cannot run peer because error when setting up MSP of type bccsp from directory path/to/orderMSP_admin/msp: signing identity expired 107h4m58.724186994s ago So, if I cannot do a fetch of the channel config (I managed to do it with a new admin cert), ho can i do the channel update? Because i think I need the expired orderer admin MSP in order to sign the channel update configuration, or am I missing something?
More All Messages By This Member

Join {fabric@lists.hyperledger.org to automatically receive all group messages.

Home Hashtags Subgroups Terms