Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

error: tls: failed to verify certificate: x509: certificate signed by unknown authority remoteaddress=127.0.0.1:11051 #1129

Open
Piyushmethi09 opened this issue Oct 30, 2023 · 3 comments

Comments

@Piyushmethi09
Copy link

2023-10-30 17:39:38.279 IST 0003 ERRO [comm.tls] ClientHandshake -> Client TLS handshake failed after 1.221344ms with error: tls: failed to verify certificate: x509: certificate signed by unknown authority remoteaddress=127.0.0.1:11051
Error: failed to retrieve endorser client for install: endorser client failed to connect to localhost:11051: failed to create new connection: context deadline exceeded
Usage:
peer lifecycle chaincode install [flags]

Flags:
--connectionProfile string The fully qualified path to the connection profile that provides the necessary connection information for the network. Note: currently only supported for providing peer connection information
-h, --help help for install
--peerAddresses stringArray The addresses of the peers to connect to
--targetPeer string When using a connection profile, the name of the peer to target for this action
--tlsRootCertFiles stringArray If TLS is enabled, the paths to the TLS root cert files of the peers to connect to. The order and number of certs specified should match the --peerAddresses flag

Global Flags:
--cafile string Path to file containing PEM-encoded trusted certificate(s) for the ordering endpoint
--certfile string Path to file containing PEM-encoded X509 public key to use for mutual TLS communication with the orderer endpoint
--clientauth Use mutual TLS when communicating with the orderer endpoint
--connTimeout duration Timeout for client to connect (default 3s)
--keyfile string Path to file containing PEM-encoded private key to use for mutual TLS communication with the orderer endpoint
-o, --orderer string Ordering service endpoint
--ordererTLSHostnameOverride string The hostname override to use when validating the TLS connection to the orderer
--tls Use TLS when communicating with the orderer endpoint
--tlsHandshakeTimeShift duration The amount of time to shift backwards for certificate expiration checks during TLS handshakes with the orderer endpoint

Chaincode installation on peer0.org3 has failed
Deploying chaincode failed

@shokuyansh
Copy link

i am also currently facing the same issue , have you resolved it?

@sandipsk-git
Copy link

@shokuyansh you are trying with localhost address.once check what you have given in CN hosts fields at the time of TLS cert generation. Ususally we use peer1.org1.example.com,service name or ip for communication from client(applicatation gateway) to peer host.

@shokuyansh
Copy link

@shokuyansh you are trying with localhost address.once check what you have given in CN hosts fields at the time of TLS cert generation. Ususally we use peer1.org1.example.com,service name or ip for communication from client(applicatation gateway) to peer host.

well i am currently having new issue-

root@bb48fb67e34d:/opt/gopath/src/github.com/patient-chaincode/patient-chaincode# peer lifecycle chaincode install patient-chaincode.tar.gz
Error: failed to retrieve endorser client for install: endorser client failed to connect to peer0.hospital.health.cl:7056: failed to create new connection: context deadline exceeded

also for CN and DNS names in cert

shokuyansh@idk:~/EHR$ openssl x509 -in ./crypto-config/peerOrganizations/hospital.health.cl/peers/peer0.hospital.health.cl/tls/server.crt -noout -text | grep -E 'Subject:|
DNS:'
        Subject: C = US, ST = California, L = San Francisco, CN = peer0.hospital.health.cl
                DNS:peer0.hospital.health.cl, DNS:peer0
                

I am gonna save you some time by telling i double checked my ports, paths in docker file.
My org1 logs show this error multiple times -

2024-10-07 08:51:34.200 UTC 06c7 ERRO [core.comm] ServerHandshake -> Server TLS handshake failed in 786.118µs with error remote error: tls: bad certificate server=PeerServer remoteaddress=127.0.0.1:58800

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants