0

When I try to connect to a fabric i get the error:

Hostname/IP doesn't match certificate's altnames: "$IPNAMEHERE is not in the cert's list:"

And I cant seem to figure it out. I tried changing the name of the ca on init like so:

fabric-ca-init -b BOOTSTRAP USERPASS --csr.cn IPNAME

and yet that error persists. Is there a way to add a hostname/IP to the certificate?

dustinos3
  • 934
  • 3
  • 17
  • 27
Mahmoud Khraisha
  • 33
  • 3
  • Which type of node (fabric-ca, peer, orderer) are you trying to connect to? – Gari Singh Dec 15 '18 at 12:15
  • I am attempting to connect to a peer node – Mahmoud Khraisha Dec 15 '18 at 13:59
  • Are you using one of the sample networks? Are you using cryptogen to create the key material? – Gari Singh Dec 16 '18 at 10:39
  • No I am generating the certificates with the fabric-ca. You can replicate this issue by using the fabric-ca network, and changing the common name to a different hostname than localhost. the fabric-ca user guide says that you need to do that to tls in from a different location – Mahmoud Khraisha Dec 16 '18 at 15:15
  • Are you running `fabric-ca-client enroll ...` ? If so, then you should be able to pass in `--csr.hosts IPNAME` – Gari Singh Dec 17 '18 at 10:09
  • I passed that in and i ended up with a response of "Bad certificate" i tried changing the --csr.hosts to the ipnames and that did not solve the issue either – Mahmoud Khraisha Dec 17 '18 at 22:02
  • I assume that was a different error? How are you connecting? peer cli? You'll also need to set the trusted root(s) as well – Gari Singh Dec 18 '18 at 09:19
  • My original error was the Hostname/IP doesn't match after attempting to sign in from the Node SDK. this would occur if i try to connect and set the verify option in the TLS options to true. if i set it to false then i get an error from the CA saying bad certificate – Mahmoud Khraisha Dec 18 '18 at 15:23

1 Answers1

0

My original issue was the

Hostname/IP doesn't match certificate's altnames: "$IPNUMBERHERE is not in the cert's list:"

To resolve it I added the $IPNUMBER to the certificate authorities csr.hosts, that was still triggering the issue because when i was connecting via the node sdk i did not turn off verify and so i believe it was attempting to match the certificate against the IPNUMBER not the certificate authority that lived in that VM. I also enrolled the administrative users with the csr.hosts IPNUMBER.

Mahmoud Khraisha
  • 33
  • 3