0

I have deployed a AWS managed Hyperledger Fabric v1.4.7 blockchain. The HLF blockchain network and the EC2 instance (hlf-client) are in the same VPC and everything seems to be working fine since I am able to invoke transactions using the cli container.

I have my client-app which is using fabric-sdk-go gateway API to connect to the fabric network using the connection-profile.yamlto invoke/query the blockchain. This client-app is running in a docker container on same EC2 instance as the cli container which has all the necessary security configuration. The client-app is unable to connect to the fabric network due to a bad certificate error

The error log on the client app is:

[fabsdk/util] 2021/11/02 09:55:17 UTC - lazyref.(*Reference).refreshValue -> WARN Error - initializer returned error: QueryBlockConfig failed: QueryBlockConfig failed: queryChaincode failed: Transaction processing for endorser [nd-cjfwwnimujabllevl6yitqqmxi.m-l3ascxxbincwrbtirbgpp4bp7u.n-rh3k6kahfnd6bgtxxgru7c3b5q.managedblockchain.ap-southeast-1.amazonaws.com:30003]: Endorser Client Status Code: (2) CONNECTION_FAILED. Description: dialing connection on target [nd-cjfwwnimujabllevl6yitqqmxi.m-l3ascxxbincwrbtirbgpp4bp7u.n-rh3k6kahfnd6bgtxxgru7c3b5q.managedblockchain.ap-southeast-1.amazonaws.com:30003]: connection is in TRANSIENT_FAILURE. Will retry again later

The corresponding peer log is:

[36m2021-11-02 10:07:17.789 UTC [grpc] handleRawConn -> DEBU 39501a[0m grpc: Server.Serve failed to complete security handshake from "10.0.2.131:39100": remote error: tls: bad certificate

[31m2021-11-02 10:10:17.809 UTC [core.comm] ServerHandshake -> ERRO 395322[0m TLS handshake failed with error remote error: tls: bad certificate server=PeerServer remoteaddress=10.0.2.131:12696

While invoking transactions using the cli the same certificate files are used. Could anyone tell me what's wrong with my setup here or am I missing any other configuration?

I have generated the ccp (connection-profile.yaml) as below:

---
name: n-RH3K6KAHFND6BGTXXGRU7C3B5Q
version: 1.0.0
client:
  organization: Org1
  connection:
    timeout:
      peer:
        endorser: "300"
channels:
  mychannel:
    peers:
      nd-CJFWWNIMUJABLLEVL6YITQQMXI:
        endorsingPeer: true
        chaincodeQuery: true
        ledgerQuery: true
        eventSource: true
organizations:
  Org1:
    mspid: m-L3ASCXXBINCWRBTIRBGPP4BP7U
    peers:
      - nd-CJFWWNIMUJABLLEVL6YITQQMXI
    certificateAuthorities:
      - m-L3ASCXXBINCWRBTIRBGPP4BP7U
peers:
  nd-CJFWWNIMUJABLLEVL6YITQQMXI:
    url: grpcs://nd-cjfwwnimujabllevl6yitqqmxi.m-l3ascxxbincwrbtirbgpp4bp7u.n-rh3k6kahfnd6bgtxxgru7c3b5q.managedblockchain.managedblockchain.us-east-1.amazonaws.com:30003
    eventUrl: grpcs://nd-cjfwwnimujabllevl6yitqqmxi.m-l3ascxxbincwrbtirbgpp4bp7u.n-rh3k6kahfnd6bgtxxgru7c3b5q.managedblockchain.managedblockchain.us-east-1.amazonaws.com:30004
    grpcOptions:
      ssl-target-name-override: nd-CJFWWNIMUJABLLEVL6YITQQMXI
    tlsCACerts:
      path: /home/ec2-user/managedblockchain-tls-chain.pem
certificateAuthorities:
  m-L3ASCXXBINCWRBTIRBGPP4BP7U:
    url: https://ca.m-l3ascxxbincwrbtirbgpp4bp7u.n-rh3k6kahfnd6bgtxxgru7c3b5q.managedblockchain.managedblockchain.us-east-1.amazonaws.com:30002
    httpOptions:
      verify: false
    tlsCACerts:
      path: /home/ec2-user/managedblockchain-tls-chain.pem
    caName: m-L3ASCXXBINCWRBTIRBGPP4BP7U
Niraj Kumar
  • 211
  • 2
  • 6

1 Answers1

0

The following solution applies to:

  • HLF v1.4.7 AWS Managed Blockchain
  • Fabric client [fabric-sdk-go v1.0.0] Gateway programming model

To resolve the issue just remove the grpcOptions stanza

Niraj Kumar
  • 211
  • 2
  • 6