I am using the fabric-network module to connect to the the certificate authority to enroll the admin and the user. But I wanted to have custom affiliation so i made changes in the fabric-ca-server-config.yaml and fed it to the ca container by using volumes. But after doing that i am getting this error:
Error: fabric-ca request enroll failed with errors [[ { code: 20, message: ‘Authentication failure’ } ]]
when trying to enroll admin or any user(you can’t without an admin).
The same thing is working if i dont feed the edited fabric-ca-server-config.yaml to the container, it creates the default affiliations which does not give any authentication errors.
This is my connection-profile.json
{
"name": "EvidenceVault-Police",
"version": "1.0.0",
"client": {
"organization": "Police",
"connection": {
"timeout": {
"peer": {
"endorser": "300"
}
}
}
},
"organizations": {
"Police": {
"mspid": "PoliceMSP",
"peers": [
"PD100.police.evidence-vault.com",
"PD101.police.evidence-vault.com"
],
"certificateAuthorities": [
"ca.police.evidence-vault.com"
]
}
},
"peers": {
"PD100.police.evidence-vault.com": {
"url": "grpcs://localhost:7051",
"tlsCACerts": {
"pem": "-----BEGIN CERTIFICATE-----nMIICfjCCAiOgAwIBAgIQfVyMon1h0D5AgKC2m1nznzAKBggqhkjOPQQDAjCBiDELnMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGncmFuY2lzY28xIjAgBgNVBAoTGXBvbGljZS5ldmlkZW5jZS12YXVsdC5jb20xKDAmnBgNVBAMTH3Rsc2NhLnBvbGljZS5ldmlkZW5jZS12YXVsdC5jb20wHhcNMjQwMzE2nMTE0NDAwWhcNMzQwMzE0MTE0NDAwWjCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTnCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xIjAgBgNVBAoTGXBvnbGljZS5ldmlkZW5jZS12YXVsdC5jb20xKDAmBgNVBAMTH3Rsc2NhLnBvbGljZS5lndmlkZW5jZS12YXVsdC5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARrGO0mn4GlqeDOa4+9EPMofRY7KeLfSKNwOqHCCq7xKAIDqRJvBn1DcyqKbG7D+xDuniq4PnlUpH+8h9vG5SpHuWo20wazAOBgNVHQ8BAf8EBAMCAaYwHQYDVR0lBBYwFAYIKwYBnBQUHAwIGCCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wKQYDVR0OBCIEIN7WRFyan7s+/dlvKutXPctagxfG6tbyvD3zmvIefhQF3MAoGCCqGSM49BAMCA0kAMEYCIQCDnMb0SqBSdN/aN2NvDeNS069q5QzRo/IhTx7ouLuN6GgIhAPKQdue67mKJwJBv7gwRnpS8RMrpWIFut8Ph8ghYlVKDQn-----END CERTIFICATE-----n"
},
"grpcOptions": {
"ssl-target-name-override": "PD100.police.evidence-vault.com",
"hostnameOverride": "PD100.police.evidence-vault.com"
}
},
"PD101.police.evidence-vault.com": {
"url": "grpcs://localhost:8051",
"tlsCACerts": {
"pem": "-----BEGIN CERTIFICATE-----nMIICfjCCAiOgAwIBAgIQfVyMon1h0D5AgKC2m1nznzAKBggqhkjOPQQDAjCBiDELnMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGncmFuY2lzY28xIjAgBgNVBAoTGXBvbGljZS5ldmlkZW5jZS12YXVsdC5jb20xKDAmnBgNVBAMTH3Rsc2NhLnBvbGljZS5ldmlkZW5jZS12YXVsdC5jb20wHhcNMjQwMzE2nMTE0NDAwWhcNMzQwMzE0MTE0NDAwWjCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTnCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xIjAgBgNVBAoTGXBvnbGljZS5ldmlkZW5jZS12YXVsdC5jb20xKDAmBgNVBAMTH3Rsc2NhLnBvbGljZS5lndmlkZW5jZS12YXVsdC5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARrGO0mn4GlqeDOa4+9EPMofRY7KeLfSKNwOqHCCq7xKAIDqRJvBn1DcyqKbG7D+xDuniq4PnlUpH+8h9vG5SpHuWo20wazAOBgNVHQ8BAf8EBAMCAaYwHQYDVR0lBBYwFAYIKwYBnBQUHAwIGCCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wKQYDVR0OBCIEIN7WRFyan7s+/dlvKutXPctagxfG6tbyvD3zmvIefhQF3MAoGCCqGSM49BAMCA0kAMEYCIQCDnMb0SqBSdN/aN2NvDeNS069q5QzRo/IhTx7ouLuN6GgIhAPKQdue67mKJwJBv7gwRnpS8RMrpWIFut8Ph8ghYlVKDQn-----END CERTIFICATE-----n"
},
"grpcOptions": {
"ssl-target-name-override": "PD101.police.evidence-vault.com",
"hostnameOverride": "PD101.police.evidence-vault.com"
}
}
},
"certificateAuthorities": {
"ca.police.evidence-vault.com": {
"url": "https://localhost:7054",
"caName": "ca.police.evidence-vault.com",
"tlsCACerts": {
"pem": ["-----BEGIN CERTIFICATE-----nMIICfjCCAiOgAwIBAgIQfVyMon1h0D5AgKC2m1nznzAKBggqhkjOPQQDAjCBiDELnMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGncmFuY2lzY28xIjAgBgNVBAoTGXBvbGljZS5ldmlkZW5jZS12YXVsdC5jb20xKDAmnBgNVBAMTH3Rsc2NhLnBvbGljZS5ldmlkZW5jZS12YXVsdC5jb20wHhcNMjQwMzE2nMTE0NDAwWhcNMzQwMzE0MTE0NDAwWjCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTnCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xIjAgBgNVBAoTGXBvnbGljZS5ldmlkZW5jZS12YXVsdC5jb20xKDAmBgNVBAMTH3Rsc2NhLnBvbGljZS5lndmlkZW5jZS12YXVsdC5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARrGO0mn4GlqeDOa4+9EPMofRY7KeLfSKNwOqHCCq7xKAIDqRJvBn1DcyqKbG7D+xDuniq4PnlUpH+8h9vG5SpHuWo20wazAOBgNVHQ8BAf8EBAMCAaYwHQYDVR0lBBYwFAYIKwYBnBQUHAwIGCCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wKQYDVR0OBCIEIN7WRFyan7s+/dlvKutXPctagxfG6tbyvD3zmvIefhQF3MAoGCCqGSM49BAMCA0kAMEYCIQCDnMb0SqBSdN/aN2NvDeNS069q5QzRo/IhTx7ouLuN6GgIhAPKQdue67mKJwJBv7gwRnpS8RMrpWIFut8Ph8ghYlVKDQn-----END CERTIFICATE-----n"]
},
"httpOptions": {
"verify": false
}
}
}
}
the tlsCACerts are copied from crypto-config/peerOrganizations/police.evidence-vault.com/tlsca/tlsca.police.evidence-vault.com-cert.pem
the tls ca pem files are the same for all the peers in that organizations are the same, so i pasted the the pem everywhere in the connection profile
After encountering this error:
I took a look at the volumes of the CA and found there were two files ca.crt and tls-cert.pem files in the volume.
Tried both of them either placing them here:
"certificateAuthorities": {
"ca.police.evidence-vault.com": {
"url": "https://localhost:7054",
"caName": "ca.police.evidence-vault.com",
"tlsCACerts": {
"pem": ....
},
"httpOptions": {
"verify": false
}
}
}
in the connection profile.
or
at every place in the connection profile which needed a pem.
but still got the same error:
Error: fabric-ca request enroll failed with errors [[ { code: 20, message: ‘Authentication failure’ } ]]
Kshitij Sonawane is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.