Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to retrieve TCert from Bluemix #4

Open
techteamkyck opened this issue Nov 2, 2016 · 4 comments
Open

Unable to retrieve TCert from Bluemix #4

techteamkyck opened this issue Nov 2, 2016 · 4 comments

Comments

@techteamkyck
Copy link

Hi

  1. We ran our code with hfc@0.6.0 as Bluemix recommendations. We have enabled the TLS services via the membership.yml, we include this:

tls:
certfile: "/var/hyperledger/production/.membersrvc/tlsca.cert"
keyfile: "/var/hyperledger/production/.membersrvc/tlsca.priv"

and in core.yml we include this:

pki:
eca:
paddr: localhost:50051
tca:
paddr: localhost:50051
tlsca:
paddr: localhost:50051
tls:
enabled: true
rootcert:
file: "/var/hyperledger/production/.membersrvc/tlsca.cert"

  1. We deployed the code onto bluemix.

  2. We then ran a query operation but we are getting these errors:

hfc shouldGetTCerts: yes, we have no tcerts +1ms
E1102 20:46:27.858910000 123145370996736 handshake.c:128] Security handshake failed: {"created":"@1478090787.858892000","description":"Handshake read failed","file":"../src/core/lib/security/transport/handshake.c","file_line":237,"referenced_errors":[{"created":"@1478090787.858890000","description":"EOF","file":"../src/core/lib/iomgr/tcp_posix.c","file_line":235}]}
hfc Failed getting a new TCert [Error] +598ms
error: [SDK] error on query: {"error":{"code":14,"metadata":{"_internal_repr":{}}},"msg":"Error"}
error:
{ error: { code: 14, metadata: { _internal_repr: {} } },

  1. We are not sure why we are not getting tcerts. Where should the tcerts be coming from.
@masterDev1985
Copy link
Contributor

TCerts come from the membership service. However, I don't understand why membersrvc.yml and core.yml are being deployed "onto Bluemix". The Bluemix service gives you a set of 4 peers and a membership service that are already configured. You can't upload new configurations to these peers. I don't think I understand the environment you're describing.

@techteamkyck
Copy link
Author

Hi we had issues with handshaking initially. So we read the bluemix sdk help and it told us to change the membership and core ymls to enable tls.

We then deployed the yml files as part of the chaincode deployment to Bluemix blockchain services. But we are still getting the error above.

@jonathan-yk-tan jonathan-yk-tan mentioned this issue Nov 3, 2016
Closed
@ratnakar-asara
Copy link
Collaborator

@techteamkyck can you please try again with latest changes from this repository.
main differences are :

  • Clone this reposiroty , Instead of downloading individual js and vendor.zip files.
  • npm install will ensure you to get the latest hfc version.
  • Keeping the certificates along with the code instead of downloading pro grammatically which might create some problems (Earlier we saw some issues on windows OS )
  • No need to maintain chaincode at some other location, rather copy your custom chaincode under SDK-Demo/src/chaincode folder and configure deploy/invoke/query parameters under confi.json file (if not used chaincode_example02)
  • Finally you can deploy your chaincode with this command node helloblockchain.js

@kumar-b5
Copy link

I am trying to run this locally using docker with 4 peers. How can I generate ServiceCredentials.json for my local peers ? and what would be the file 0.secure.blockchain.ibm.com.cert contents when running locally ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@masterDev1985 @kumar-b5 @ratnakar-asara @techteamkyck