Hyperledger fabric:transport: authentication handshake failed: x509: certificate on channel create

Question

I am trying to create a channel in HLF using the following command

peer channel create -o orderer1.base:7050 -c basechannel -f ./channel-artifacts/channel.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/base.order/tlsca/tlsca.base.order-cert.pem

But it's failing due to this error

Failed to send StepRequest to 2, because: rpc error: code = Unavailable desc = all SubConns are in TransientFailure, latest connection error: connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for orderer2.base.order, orderer2, not orderer2.base" channel=basechannel node=1

Failed to send StepRequest to 3, because: rpc error: code = Unavailable desc = all SubConns are in TransientFailure, latest connection error: connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for orderer3.base.order, orderer3, not orderer3.base" channel=basechannel node=1

Here is the raft config in configtx.yaml

Raft:
        <<: *ChannelDefaults
        Capabilities:
            <<: *ChannelCapabilities
        Orderer:
            <<: *OrdererDefaults
            OrdererType: etcdraft
            EtcdRaft:
                Consenters:
                - Host: orderer1.base
                  Port: 7050
                  ClientTLSCert: crypto-config/ordererOrganizations/base.order/orderers/orderer1.base.order/tls/server.crt
                  ServerTLSCert: crypto-config/ordererOrganizations/base.order/orderers/orderer1.base.order/tls/server.crt
                - Host: orderer2.base
                  Port: 8050
                  ClientTLSCert: crypto-config/ordererOrganizations/base.order/orderers/orderer2.base.order/tls/server.crt
                  ServerTLSCert: crypto-config/ordererOrganizations/base.order/orderers/orderer2.base.order/tls/server.crt
                - Host: orderer3.base
                  Port: 9050
                  ClientTLSCert: crypto-config/ordererOrganizations/base.order/orderers/orderer3.base.order/tls/server.crt
                  ServerTLSCert: crypto-config/ordererOrganizations/base.order/orderers/orderer3.base.order/tls/server.crt
            Addresses:
                - orderer1.base:7050
                - orderer2.base:8050
                - orderer3.base:9050

Container configuration in docker-compose.yaml

orderer1.base:
    extends:
      file: base.yaml
      service: orderer-base
    container_name: orderer1.base
    environment:
      - ORDERER_GENERAL_LISTENPORT=7050
    networks:
    - byfn
    volumes:
        - ./artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
        - ./crypto-config/ordererOrganizations/base.order/orderers/orderer1.base.order/msp:/var/hyperledger/orderer/msp
        - ./crypto-config/ordererOrganizations/base.order/orderers/orderer1.base.order/tls:/var/hyperledger/orderer/tls
        - orderer1.base.order:/var/hyperledger/production/orderer
    ports:
    - 7050:7050
  orderer2.base:
    extends:
      file: base.yaml
      service: orderer-base
    container_name: orderer2.base
    environment:
      - ORDERER_GENERAL_LISTENPORT=8050
    networks:
    - byfn
    volumes:
        - ./artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
        - ./crypto-config/ordererOrganizations/base.order/orderers/orderer2.base.order/msp:/var/hyperledger/orderer/msp
        - ./crypto-config/ordererOrganizations/base.order/orderers/orderer2.base.order/tls:/var/hyperledger/orderer/tls
        - orderer2.base.order:/var/hyperledger/production/orderer
    ports:
    - 8050:8050  

  orderer3.base:
    extends:
      file: base.yaml
      service: orderer-base
    container_name: orderer3.base
    environment:
      - ORDERER_GENERAL_LISTENPORT=9050
    networks:
    - byfn
    volumes:
        - ./artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
        - ./crypto-config/ordererOrganizations/base.order/orderers/orderer3.base.order/msp:/var/hyperledger/orderer/msp
        - ./crypto-config/ordererOrganizations/base.order/orderers/orderer3.base.order/tls:/var/hyperledger/orderer/tls
        - orderer3.base.order:/var/hyperledger/production/orderer
    ports:
    - 9050:9050

base.yaml

orderer-base:
    image: hyperledger/fabric-orderer:$IMAGE_TAG
    environment:
      - FABRIC_LOGGING_SPEC=DEBUG
      - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
      - CORE_LOGGING_LEVEL=debug
      - ORDERER_GENERAL_GENESISMETHOD=file
      - ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
      - ORDERER_GENERAL_LOCALMSPID=OrdererMSP
      - ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
      # enabled TLS
      - ORDERER_GENERAL_TLS_ENABLED=true
      - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
      - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
      - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
      - ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1
      - ORDERER_KAFKA_VERBOSE=true
      - ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
      - ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
      - ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric
    command: orderer

Also, did you generate certificates for orderers 2-3? – Riki95 Jan 22 '20 at 13:44 — Riki95, Jan 22 '20 at 13:44
yes added base.yaml – shamon shamsudeen Jan 22 '20 at 14:17 — shamon shamsudeen, Jan 22 '20 at 14:17
Please check my answer, thanks – Riki95 Jan 22 '20 at 14:23 — Riki95, Jan 22 '20 at 14:23

Riki95 · Accepted Answer · 2020-01-22T14:21:31.157

0

You are mapping ports uncorrectly. It must be:

orderer1 7050:7050

orderer2 8050:7050

orderer3 9050:7050

And remove the environment LISTEN_PORT from every orderer so that the default is always 7050. This means that, in case of orderer 2, you are mapping container inner port 7050 to the external 8050.

Also modify in your configtx.yaml the same thing, so you will have 3 ports 7050. Just avoid modifying internal ports for containers, you are free to modify external ones.

edited Jan 22 '20 at 14:21

answered Jan 22 '20 at 13:42

Riki95

706
1
7
16

Getting this error `consenter info in etcdraft configuration did not specify host panic: consenter info in etcdraft configuration did not specify host [recovered] panic: consenter info in etcdraft configuration did not specify host` while running your config – shamon shamsudeen Jan 22 '20 at 14:39
The above exaclty happening on `configtxgen -profile Raft -channelID $CHANNEL_NAME -outputBlock ./artifacts/genesis.block` – shamon shamsudeen Jan 22 '20 at 14:53
Have any thoughts on this . https://stackoverflow.com/questions/59876137/hyperledger-fabric-peer-update-failed-signature-set-did-not-satisfy-policy – shamon shamsudeen Jan 23 '20 at 10:17
@SaifAli Yes its fixed – shamon shamsudeen Jul 23 '20 at 04:51
can you help me with the steps you took to fix it ? – Saif Ali Jul 23 '20 at 05:01
@SaifAli These are my configuration files https://github.com/shamonshan/fabric-basic – shamon shamsudeen Jul 23 '20 at 05:03

Hyperledger fabric:transport: authentication handshake failed: x509: certificate on channel create

1 Answers1

Linked