If you want to turn on TLS, you just need to set the TLS attribute of orderer, peer, CLI and Ca to true, and configure the file address such as certificate and key. These are the following attributes:
CORE_ PEER_ TLS_ ENABLED=trueCORE_ PEER_ TLS_ CERT_ FILE=xxx/tls/ server.crtCORE_ PEER_ TLS_ KEY_ FILE=xxx/tls/ server.keyCORE_ PEER_ TLS_ ROOTCERT_ FILE=xxx/tls/ ca.crt
After that, start the container to enter the CLI. It should be noted that after the TLS mode is turned on, the command to create a channel is different from that when the TLS mode is not turned on. When the TLS mode is not turned on, the command to create a channel is as follows:
peer channel create -o orderer.scf.com:7050 -c mychannel -t 50 -f ./channel-artifacts/ mychannel.tx
After opening TLS, the TLS parameter and the certificate file address of the sorting service should be added when creating the channel
peer channel create -o orderer.scf.com:7050 -c mychannel -t 50 –tls –cafile /opt/gopath/src/ github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/scf .com/orderers/ orderer.scf.com/msp/tlscacerts/tlsca . scf.com – cert.pem -f ./channel-artifacts/ mychannel.tx
If you still use the command when TLS is not turned on to create a channel, the following error will be reported in the CLI:
2019-04-11 17:31:48.661 UTC [grpc] Printf -> DEBU 010 transport: http2 Client.notifyError got notified that the client transport was broken unexpected EOF.
2019-04-11 17:31:48.667 UTC [grpc] Printf -> DEBU 011 transport: http2 Client.notifyError got notified that the client transport was broken unexpected EOF.
2019-04-11 17:31:48.668 UTC [grpc] Printf -> DEBU 012 transport: http2 Client.notifyError got notified that the client transport was broken read tcp 172.18.0.10:59602-> 172.18.0.2:7050: read: connection reset by peer
orderer.scf.com | 2019-04-11 17:31:48.654 UTC [grpc] Printf -> DEBU 3da grpc: Server.Serve failed to complete security handshake from “172.18.0.10:59598”: tls: first record does not look like a TLS handshake
Next, the commands for peer to add channel, install chain code and query are the same as when TLS is not turned on. However, when instantiating chain code and calling invoke, you need to add parameters such as TLS in the command as when creating channel, otherwise the above error will be reported.
In other words, if TLS mode is enabled, as long as communication with orderer is involved, two parameters – TLS and – cafile need to be added to the command line parameters. Cafile parameter corresponds to the corresponding file of orderer module.
Read More:
- 【Error】gRPC failure=Status{code=UNAVAILABLE, description=io exception, cause=io.netty.channel.
- Process of checking the error of connection reset by peer reported by reactor netty
- Chef encountered an error attempting to create the client
- [PHP]stream_socket_client(): Failed to enable crypto
- PHP function file_ get_ Contents() reports an error when using HTTPS protocol: SSL operation failed
- subsystem request failed on channel 0 Couldn’t read packet: Connection reset by peer
- SSH write failed broken pipe
- Solution to Tomcat’s broken pipe error
- Elasticsearch startup process error: org.elasticsearch.transport .BindTransportException: Failed to bind to [9300-9400
- FTP 550 Failed to change directory
- MySQL modify character set
- The server has rejected the client credentials
- Python module learning-Paramiko-Use python to throw an exception: Authentication failed.
- filezilla Failed to create listen socket on port 21 for IPv4 solution
- Command line access to passive mode FTP server failed, 425 failed to establish connection
- Error installing OS X virtual machine vcu-0: verify vmcore / VM / main / physmem_ monitor.c:1123
- Nginx: recv() failed (104: connection reset by peer) troubleshooting
- Record the pits you stepped on – NSS error – 5938 (PR_ END_ OF_ FILE_ ERROR), curl: (35) Encountered end of file
- Windows FTP Error 425: Unable to build data connection
- Webpack multi version incompatibility error