0

I'm following the AWS supply chain workshop. After creating the network, peer, connecting to the peer using SSH and doing the initial setup (docker, go, fabric-ca-client and copying the managedblockchain-tls-chain.pem certificate fom S3), I'm unable to run the command fabric-ca-client enroll.

When I run: fabric-ca-client enroll -u https://$MEMBER_ADMIN\:$PASSWORD@$CA_ENDPOINT --tls.certfiles ~/managedblockchain-tls-chain.pem -M admin-msp -H $HOME

I get the following output:

2022/07/27 13:39:20 [INFO] TLS Enabled
2022/07/27 13:39:20 [INFO] generating key: &{A:ecdsa S:256}
2022/07/27 13:39:20 [INFO] encoded CSR
Error: Response from server: Error Code: 20 - Authentication failure

After 10 unsuccessful attempts getting the previous output, I'm now getting this output:

2022/07/27 13:39:20 [INFO] TLS Enabled
2022/07/27 13:39:20 [INFO] generating key: &{A:ecdsa S:256}
2022/07/27 13:39:20 [INFO] encoded CSR
Error: Response from server: Error Code: 73 - Incorrect password entered 10 times, max incorrect password limit of 10 reached

Am I missing something? Is it possible that the generated certificate is somehow invalid? The password in the connection string is URL encoded, ie the $ symbol is encoded to %24; could this be the reason why I can't authenticate? Is there a way to connect to Fabric-CA Server to get its logs?

Ricardo Passos
  • 373
  • 1
  • 3
  • 10

1 Answers1

2

The latter error you are receiving is the Fabric CA server notifying you that you have previously attempted to enroll 10 times with an incorrect password. This is a configured limit in the Fabric CA server. The former error is indicative of an incorrect username / password combination.

While I do not know which region you have created your network in, the TLS certificate chain simply needs to be copied from the same region as your network is created in. For example, for a network in us-east-1, you'd copy from Amazon S3 here:

aws s3 cp s3://$AWS_DEFAULT_REGION.managedblockchain/etc/managedblockchain-tls-chain.pem ~/managedblockchain-tls-chain.pem

The TLS certificate chain does not appear to be the issue here.

Fabric CA error code 20 results from an incorrect username / enrollment ID and/or password in your enroll command. At this time, there is not a way to check or change those values that you set at network creation time.

EDIT: Are there any other non-alphanumeric characters in your password?

Forrest
  • 111
  • 3
  • It seems that the problem was related with my user/password credentials. I ended up creating a new network. This time with a password without any special symbols. The enroll command worked. I'm marking your answer as the solution since you mentioned that the problem could be related to my credentials. – Ricardo Passos Jul 27 '22 at 19:54