ssl_transport_security.cc:599] Could not load any root certificate

问题

I try to create my own network with hyperledger compposer/fabric (v0.19.0) The network build seems to be good but when I do a composer network install ... I got this error : Composer Install.... ⠹ Installing business network. This may take a minute...E0405 10:16:40.355332702 7660 ssl_transport_security.cc:599] Could not load any root certificate. E0405 10:16:40.355402056 7660 ssl_transport_security.cc:1400] Cannot load server root certificates. E0405 10:16:40.355430951 7660 security_connector.cc:1025] Handshaker factory creation failed with TSI_INVALID_ARGUMENT. E0405 10:16:40.355453680 7660 secure_channel_create.cc:111] Failed to create secure subchannel for secure name '172.31.136.4:7051' E0405 10:16:40.355471629 7660 secure_channel_create.cc:142] Failed to create subchannel arguments during subchannel creation.

Can anyone help me ?

PS : I can provide code if needed.

回答1:

OK, I think I can answer my own question. The fack is in the MultiOrg Hyperledger tuto they use this cmd to replace the certificates in the connection.json :

awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt

I try to inject this cmd in my sed cmd but it failed because sed seems to replace '\n' by a real new line making the json corrupted. To replace the certificate in the json file, I used this cmd :

export ORG1_CA_CERT=$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' composer/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt)    
perl -p -i -e 's@INSERT_ORG1_CA_CERT@$ENV{ORG1_CA_CERT}@g' connection.json

And it works because perl prints correctly the chars and doesn't interprets them.

回答2:

Double check the steps, it is a long, multistep process in which you have several libraries to install, have you completed all the steps?

回答3:

Firstly, just check that you are using Fabric v1.1 GA for Composer v0.19.0

It looks like you are using IP number addresses e.g. 172.31.136.4 in your connection.json. Please check that you are using ssl-target-name-override as per the example below.

Also ensure that you are using the correct PEM certificates in the connection.json AND that they are in the correct format i.e. They include the "BEGIN CERTIFICATE" and "END CERTIFICATE" lines, and the \n is present for the end of each line, BUT there are no line breaks in the certificates (all in one string includng \n s)

Finally, make sure that any Volume mapping you do in your docker-compose.yml files references the correct crypto material.

    "orderers": {
    "orderer.example.com": {
        "url": "grpcs://172.31.136.3:7050",
        "grpcOptions": {
            "ssl-target-name-override": "orderer.example.com"
        },
        "tlsCACerts": {
            "pem": "INSERT_ORDERER_CA_CERT"
        }
    }
},
"peers": {
    "peer0.org1.example.com": {
        "url": "grpcs://172.31.136.4:7051",
        "eventUrl": "grpcs://172.31.136.4:7053",
        "grpcOptions": {
            "ssl-target-name-override": "peer0.org1.example.com"
        },
        "tlsCACerts": {
            "pem": "INSERT_ORG1_CA_CERT"
        }
    },

来源：https://stackoverflow.com/questions/49667690/ssl-transport-security-cc599-could-not-load-any-root-certificate