1

Intermediate ca server docker container gets exited somehow so I have tried to restart the corresponding docker container but I'm not able to restart the service and these are the logs of the docker container:

Error: Validation of certificate and key failed: Invalid certificate and/or key in files '/tlsca/ca-cert.pem' and '/etc/hyperledger/fabric-ca-server-config/ica.consigner.biltilink.com.key.pem': Public key and private key do not match

Can someone please help me with this as to how to restart the service properly because I'm confused how the certificates gets changed while I'm just restarting the service. And please help me with this so that I can restart my service.

Trinayan
  • 867
  • 6
  • 15
  • I am also facing the same error , please help asap. – Adarsha Jha Jul 15 '20 at 02:45
  • Is this an issue you face only when 'tls.enabled' is set to 'true'. If you haven't tried with its value 'false', then I'd suggest you give it a go. That way, we'll be able to narrow down the problem. – Kartik Chauhan Jul 15 '20 at 03:48
  • 1
    As the error states its validation issue, to dig deep kindly send us the complete details, docker manifest of RCA and ICA and it’s keys, also remember that need of ICA is very very rare most of the cases RCA is way enough in hyperledger fabric consortiums and this is not https where we consider some billions of users interacting with CA – Narendranath Reddy Jul 15 '20 at 04:16
  • @KartikChauhan our ca server was running fine until our container got exited. it was set to true. – Adarsha Jha Jul 15 '20 at 05:58
  • What process did you perform before the container exited? It seems to me somehow, someone altered the certificate(s) info. – Kartik Chauhan Jul 15 '20 at 06:24
  • 1
    No the certificates are not modified I have rechecked that. The container got exited itself because of the request load on the server it seems. Here are the logs of the CA server before it exited: [ERROR] Server has stopped serving: accept tcp [::]:7054: accept4: too many open files in system [DEBUG] Stop: failed to close listener on port 7054: close tcp [::]:7054: use of closed network connection [DEBUG] Closing server DBs [DEBUG] Closing server DBs Error: accept tcp [::]:7054: accept4: too many open files in system – Trinayan Jul 15 '20 at 09:30

1 Answers1

0

If you restart the CA server and want to all previously certificates to continue to work with the CA, you MUST use the same cert/key pair as before in fabric-ca-server.config file because it will create new set of keys and certificates if previously certificate and key not points n server configuration file. So docker-comose file have volume section for persistent keys, cert and fabric-ca-server.config file

kamlesh nagware
  • 91
  • 5