Those certificate verification failures during the TLS handshake look like a problem to me. I guess the node certificates are not valid for localhost. Maybe you could add entries to your client's local hosts file so it resolves the node addresses (peer0.org1, ca.org1) to the localhost/loopback address and the discovery / as localhost option in your client to false, so the client thinks it is connecting to the address specified in the server certificates.

Hello, we are running a Hyperledger Fabric network on Kubernetes (using minikube, kubectl to run locally) and then trying to connect the Node SDK with the network.

Currently, we have a fabric network (version 2.2.0) on Kubernetes in 3 different namespaces org1, org2, and org3. We have a channel created and chaincode installed, approved, and committed. In org 1, we have admin, CA, peer, and an ordering node. And in org2 and org3 each, we have an ordering node.

Now, we want to create a Node SDK that can interact with the network to enroll admin, register users, and create transactions by calling functions of the chaincode. We can currently interact with the chaincode by executing the `peer chaincode invoke ......` command in the admin pod.

We are currently forwarding the port of the CA (from ca.org1:7054 to localhost:7054), and Peer (from peer0.org1:7051 to localhost:7051). We can create the identities, but could not interact with the chaincode (using the Node SDK).

Error while invoking the chaincode function:

E0823 11:03:02.958440051 1061610 ssl_transport_security.cc:1245] Handshake failed with fatal error SSL_ERROR_SSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed.
E0823 11:03:03.934503504 1061610 ssl_transport_security.cc:1245] Handshake failed with fatal error SSL_ERROR_SSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed.
E0823 11:03:05.435949717 1061610 ssl_transport_security.cc:1245] Handshake failed with fatal error SSL_ERROR_SSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed.
2021-08-23T05:33:05.899Z - error: [ServiceEndpoint]: Error: Failed to connect before the deadline on Endorser- name: peer0.org1, url:grpcs://localhost:7051
2021-08-23T05:33:05.901Z - error: [ServiceEndpoint]: waitForReady - Failed to connect to remote gRPC server peer0.org1 url:grpcs://localhost:7051 timeout:3000
2021-08-23T05:33:05.902Z - error: [NetworkConfig]: buildPeer - Unable to connect to the endorser peer0.org1 due to Error: Failed to connect before the deadline on Endorser- name: peer0.org1, url:grpcs://localhost:7051
2021-08-23T05:33:05.942Z - error: [Transaction]: Error: No valid responses from any peers. Errors

Peer Logs:

2021-08-23 05:28:55.828 UTC [comm.grpc.server] 1 -> INFO 059 streaming call completed grpc.service=protos.Deliver grpc.method=DeliverFiltered grpc.request_deadline=2021-08-23T05:29:21.725Z grpc.peer_address=172.17.0.1:53918 error="context finished before block retrieved: context canceled" grpc.code=Unknown grpc.call_duration=4.101995252s
2021-08-23 05:33:02.958 UTC [core.comm] ServerHandshake -> ERRO 05a Server TLS handshake failed in 1.008546ms with error EOF server=PeerServer remoteaddress=127.0.0.1:54680
2021-08-23 05:33:03.935 UTC [core.comm] ServerHandshake -> ERRO 05b Server TLS handshake failed in 2.485895ms with error EOF server=PeerServer remoteaddress=127.0.0.1:54688
2021-08-23 05:33:05.436 UTC [core.comm] ServerHandshake -> ERRO 05c Server TLS handshake failed in 2.58832ms with error EOF server=PeerServer remoteaddress=127.0.0.1:54698

You can view the connection.json file here: https://pastebin.ubuntu.com/p/PbQfJdrkQ8/

Also, the output of `openssl x509 -noout -text -in ./crypto-config/peerOrganizations/org1/tlsca/tlsca.org1-cert.pem` (with SAN: localhost) is this:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            9c:80:64:40:68:62:6f:d3:39:2b:87:e7:83:b2:a2:56
        Signature Algorithm: ecdsa-with-SHA256
        Issuer: C = US, ST = California, L = San Francisco, O = org1, CN = tlsca.org1
        Validity
            Not Before: Aug 23 13:05:00 2021 GMT
            Not After : Aug 21 13:05:00 2031 GMT
        Subject: C = US, ST = California, L = San Francisco, O = org1, CN = tlsca.org1
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:81:08:9d:68:6e:2f:86:b1:28:40:5b:a6:63:cb:
                    31:fd:81:15:2a:ee:33:45:f6:7a:65:13:b1:65:c9:
                    df:2c:0f:c5:b0:4c:ed:c5:d6:2b:7f:ec:9e:6f:cc:
                    6c:cf:a0:24:e7:a5:7e:29:bb:8a:30:d8:83:34:88:
                    ea:27:49:9a:49
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment, Certificate Sign, CRL Sign
            X509v3 Extended Key Usage: 
                TLS Web Client Authentication, TLS Web Server Authentication
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier: 
                78:F8:35:37:B4:9A:95:90:90:BB:D8:ED:46:DF:B2:6E:C6:A5:8C:5B:81:58:98:59:54:95:69:7E:65:D8:CC:B2
    Signature Algorithm: ecdsa-with-SHA256
         30:44:02:20:22:0c:0b:99:f7:78:90:6c:22:8c:b1:0c:b4:c7:
         ec:6c:b3:83:95:14:73:b0:c6:b4:b1:dc:1c:71:43:9f:a5:f6:
         02:20:51:b0:50:1d:33:8b:38:e5:18:0e:85:2f:ed:27:b9:9c:
         3e:84:62:5e:42:8f:52:a2:e5:f1:a5:34:97:95:dd:56

Any help will be appriciated, Thank you.