3

This seems like a common issue in HLF channel creation command

Here is my command to create the channel 

peer channel create -o orderer1.workspace:7050 -c base-main-channel -f ./config/channel.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/base.order/orderers/orderer1.base.order/msp/tlscacerts/tlsca.base.order-cert.pem

The error I am getting from the order node is 

ERRO 02d TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.23.0.7:36982

I've tried the solution from this question TLS handshake failed with error remote error: tls: bad certificate server=Orderer

But it doesn't work for me

The only difference I am using raft ordering service instead of kafka

Here is my raft config

Raft:
        <<: *ChannelDefaults
        Capabilities:
            <<: *ChannelCapabilities
        Orderer:
            <<: *OrdererDefaults
            OrdererType: etcdraft
            EtcdRaft:
                Consenters:
                - Host: orderer.base
                  Port: 7050
                  ClientTLSCert: crypto-config/ordererOrganizations/base.order/orderers/orderer1.base.order/tls/server.crt
                  ServerTLSCert: crypto-config/ordererOrganizations/base.order/orderers/orderer1.base.order/tls/server.crt
            Addresses:
                - orderer.base:7050
shamon shamsudeen
  • 5,466
  • 17
  • 64
  • 129

2 Answers2

0

You are using the uncorrect folder path for --cafile in your peer channel create command.

Instead of

--cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/base.order/orderers/orderer1.base.order/msp/tlscacerts/tlsca.base.order-cert.pem

Use 

--cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/base.order/tlsca/tlsca.base.order-cert.pem
Riki95
  • 706
  • 1
  • 7
  • 16
  • you are only using one orderer? Cause the minimum amount of orderers for Raft is 3. – Riki95 Jan 22 '20 at 09:15
  • Yes only one orderer – shamon shamsudeen Jan 22 '20 at 09:17
  • Then you are not doing it right. Please read the documentation. The minimum amount of orderers for Raft is 3. If you want to run 1 orderer only, your configuration should be *solo* – Riki95 Jan 22 '20 at 09:18
  • np. Please remember to set this as answer so we can close the issue. – Riki95 Jan 22 '20 at 09:35
  • Now I got another error `Failed to send StepRequest to 3, because: rpc error: code = Unavailable desc = all SubConns are in TransientFailure, latest connection error: connection error: desc = "transport: Error while dialing dial tcp 172.25.0.7:9050: connect: connection refused" channel=basechannel node=2` – shamon shamsudeen Jan 22 '20 at 10:16
  • This is because you have set uncorrectly the way to connect each other with orderers. I would be happy to help but not in this question. Please, mark my answer as **answer** so that we close this issue. Open a new one if you have connection problems between your Raft orderers and I will answer there. Best regards – Riki95 Jan 22 '20 at 10:54
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/206443/discussion-between-iam-batman-and-ricntt). – shamon shamsudeen Jan 22 '20 at 11:59
  • @RicNitt here is it https://stackoverflow.com/questions/59860326/hyperledger-fabrictransport-authentication-handshake-failed-x509-certificate – shamon shamsudeen Jan 22 '20 at 12:59
0

Another solution is to remove the container's volumes

docker volume rm $(docker volume ls)

and restart the network

Badr Bellaj
  • 11,560
  • 2
  • 43
  • 44