Lab1 - Can not find CA's private key.
I am doing all the labs on my laptop not on the server, so whenever I do lab I am doing it from scratch lab1. Now I am at lab4 but, I get a new error in lab1. The CA container does not come up as it can not find its private ket for its certificate in its keystore. I think, the volume mapping does not map the keystore or the private keys are wrong. Can anyone help me troubleshoot this? Thanks in advance!
Error I get: docker logs ca.example.com 2019/06/23 17:25:51 [INFO] Created default configuration file at /etc/hyperledger/fabric-ca-server/fabric-ca-server-config.yaml 2019/06/23 17:25:51 [INFO] Starting server in home directory: /etc/hyperledger/fabric-ca-server 2019/06/23 17:25:51 [INFO] Server Version: 1.4.1 2019/06/23 17:25:51 [INFO] Server Levels: &{Identity:2 Affiliation:1 Certificate:1 Credential:1 RAInfo:1 Nonce:1} Error: Failed to find private key for certificate in '/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem': Could not find matching private key for SKI: Failed getting key for SKI [[72 128 61 208 72 65 57 248 91 185 249 29 234 109 34 230 172 139 41 227 207 42 118 80 14 51 34 133 77 231 84 63]]: Key with SKI 48803dd0484139f85bb9f91dea6d22e6ac8b29e3cf2a76500e3322854de7543f not found in /etc/hyperledger/fabric-ca-server/msp/keystore
docker-compose file has the following environments and volume mapping:
`environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca.example.com
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
- FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/4239aa0dcd76daeeb8ba0cda701851d14504d31aad1b2ddddbac6a57365e497c_sk
volumes:
- ./crypto-config/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server-config`
Comments
-
The private key on the crypto-config directory for the CA seems to be the one corresponding to the cert. But don't know why the CA container throws an error.
0 -
could you run
ls crypto-config/peerOrganizations/org1.example.com/ca
and paste the two keys that are in there?
Thanks0 -
In the host the key exists
ls crypto-config/peerOrganizations/org1.example.com/ca/ ca.org1.example.com-cert.pem f38c2e15e29d2d5daa9c4ae67b89a5089f71deb7e42d7c79d57af289f1ec1f3e_sk
Thank you !0 -
The CA_SERVER cert file defined in the docker-compose file is not there in the location
crypto-config/peerOrganizations/org1.example.com/ca/
. And it seems to me that, it happens a lot of times. How to overcome this problem? Do we need to just try again and again create the crypto files until it generates all the keys with uncertainty?0 -
I have one more doubt. When we specify the CA server's key in docker-compose.yaml file, how are we sure that the cryptogen is going to generate that particular private key? Doesn't it change every time we create new crypto files by running cryptogen generate command? How does it work in reality with other tools like if someone wants to generate keys and certificates using openssl or others? I am sorry for the naive question but, i would like to clear few things. Thank you very much @kmyatt !
0 -
Can anyone help me overcome this problem?
0 -
I have fixed the issue by updating the key file name in the docker-compose file.
0 -
Hi @indirajith, if you are rerunning either the default setup script that I have you run in Lab Installation, or if you are running cryptogen more than once, then your private key (as well as the certs) will change because it is regenerating a new one every time. Run the command once, then replace the environment variable
- FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/
with
- FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/
that sk file can be found in
ls crypto-config/peerOrganizations/org1.example.com/ca/
like I indicated in the thread earlier.
0 -
@indirajith
I have one more doubt. When we specify the CA server's key in docker-compose.yaml file, how are we sure that the cryptogen is going to generate that particular private key?Doesn't it change every time we create new crypto files by running cryptogen generate command? How does it work in reality with other tools like if someone wants to generate keys and certificates using openssl or others? I am sorry for the naive question but, i would like to clear few things. Thank you very much @kmyatt !** The docker-compose.yml file just references(looks for in your sys) the CA key, Cryptogen is a binary tool that generates the crypto, but It doesn't do it on its own, you would have to rerun it every time. The Generate command resets all certificates, extend command doesn't. Therefore, since the crypto-config file is already built, I recommend you use what you have already and just reference that. But if you need to create new ones later, only use the extend command so you don't lose the already created keys you currently have. Openssl is a valid option for working/generating crypto as well and if you know what you're doing then that should be no problem, but as you will see in Lab 10, the Fabric CA tools have simplified those crypto operations as well making it faster and easier.Last note, that was not a naive question, actually a great question! **
Hope this helps and Take care!
0 -
Thank you very much for your patience in explaining in a detailed manner @kmyatt! Now I understand quite well, I hope.
0 -
No problem, always happy to help Have a great day
0 -
I hate to be this guy..but i'm having the same issue. I ran the ls crypto-config/peerOrganizations/org1.example.com/ca/
This is my result:
:~/Desktop/fabric-samples/startFiles$ ls crypto-config/peerOrganizations/org1.example.com/ca/
8986bfd326449c8e0cdd5347d3809b7c61486e0ddc5d1738358ef48e8d485ca4_sk
ca.org1.example.com-cert.pemI replaced the _sk in docker-compose.yml with the above _sk
I then run: docker logs ca.example.com
and get this error:
Error: Failed to find private key for certificate in '/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem': Could not find matching private key for SKI: Failed getting key for SKI [[137 134 191 211 38 68 156 142 12 221 83 71 211 128 155 124 97 72 110 13 220 93 23 56 53 142 244 142 141 72 92 164]]: Key with SKI 8986bfd326449c8e0cdd5347d3809b7c61486e0ddc5d1738358ef48e8d485ca4 not found in /etc/hyperledger/fabric-ca-server/msp/keystore
2019/12/18 02:35:52 [INFO] Configuration file location: /etc/hyperledger/fabric-ca-server/fabric-ca-server-config.yaml
2019/12/18 02:35:52 [INFO] Starting server in home directory: /etc/hyperledger/fabric-ca-server
2019/12/18 02:35:52 [INFO] Server Version: 1.4.4
2019/12/18 02:35:52 [INFO] Server Levels: &{Identity:2 Affiliation:1 Certificate:1 Credential:1 RAInfo:1 Nonce:1}
Error: Failed to find private key for certificate in '/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem': Could not find matching private key for SKI: Failed getting key for SKI [[137 134 191 211 38 68 156 142 12 221 83 71 211 128 155 124 97 72 110 13 220 93 23 56 53 142 244 142 141 72 92 164]]: Key with SKI 8986bfd326449c8e0cdd5347d3809b7c61486e0ddc5d1738358ef48e8d485ca4 not found in /etc/hyperledger/fabric-ca-server/msp/keystore
2019/12/19 16:33:08 [INFO] Configuration file location: /etc/hyperledger/fabric-ca-server/fabric-ca-server-config.yaml
2019/12/19 16:33:08 [INFO] Starting server in home directory: /etc/hyperledger/fabric-ca-server
2019/12/19 16:33:08 [INFO] Server Version: 1.4.4
2019/12/19 16:33:08 [INFO] Server Levels: &{Identity:2 Affiliation:1 Certificate:1 Credential:1 RAInfo:1 Nonce:1}
Error: Failed to find private key for certificate in '/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem': Could not find matching private key for SKI: Failed getting key for SKI [[137 134 191 211 38 68 156 142 12 221 83 71 211 128 155 124 97 72 110 13 220 93 23 56 53 142 244 142 141 72 92 164]]: Key with SKI 8986bfd326449c8e0cdd5347d3809b7c61486e0ddc5d1738358ef48e8d485ca4 not found in /etc/hyperledger/fabric-ca-server/msp/keystoreHow do i correct this error because i'm not able to start my ca.example container.
Thank you
0 -
@etrelz said:
I hate to be this guy..but i'm having the same issue. I ran the ls crypto-config/peerOrganizations/org1.example.com/ca/This is my result:
:~/Desktop/fabric-samples/startFiles$ ls crypto-config/peerOrganizations/org1.example.com/ca/
8986bfd326449c8e0cdd5347d3809b7c61486e0ddc5d1738358ef48e8d485ca4_sk
ca.org1.example.com-cert.pemI replaced the _sk in docker-compose.yml with the above _sk
I then run: docker logs ca.example.com
and get this error:
Error: Failed to find private key for certificate in '/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem': Could not find matching private key for SKI: Failed getting key for SKI [[137 134 191 211 38 68 156 142 12 221 83 71 211 128 155 124 97 72 110 13 220 93 23 56 53 142 244 142 141 72 92 164]]: Key with SKI 8986bfd326449c8e0cdd5347d3809b7c61486e0ddc5d1738358ef48e8d485ca4 not found in /etc/hyperledger/fabric-ca-server/msp/keystore
2019/12/18 02:35:52 [INFO] Configuration file location: /etc/hyperledger/fabric-ca-server/fabric-ca-server-config.yaml
2019/12/18 02:35:52 [INFO] Starting server in home directory: /etc/hyperledger/fabric-ca-server
2019/12/18 02:35:52 [INFO] Server Version: 1.4.4
2019/12/18 02:35:52 [INFO] Server Levels: &{Identity:2 Affiliation:1 Certificate:1 Credential:1 RAInfo:1 Nonce:1}
Error: Failed to find private key for certificate in '/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem': Could not find matching private key for SKI: Failed getting key for SKI [[137 134 191 211 38 68 156 142 12 221 83 71 211 128 155 124 97 72 110 13 220 93 23 56 53 142 244 142 141 72 92 164]]: Key with SKI 8986bfd326449c8e0cdd5347d3809b7c61486e0ddc5d1738358ef48e8d485ca4 not found in /etc/hyperledger/fabric-ca-server/msp/keystore
2019/12/19 16:33:08 [INFO] Configuration file location: /etc/hyperledger/fabric-ca-server/fabric-ca-server-config.yaml
2019/12/19 16:33:08 [INFO] Starting server in home directory: /etc/hyperledger/fabric-ca-server
2019/12/19 16:33:08 [INFO] Server Version: 1.4.4
2019/12/19 16:33:08 [INFO] Server Levels: &{Identity:2 Affiliation:1 Certificate:1 Credential:1 RAInfo:1 Nonce:1}
Error: Failed to find private key for certificate in '/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem': Could not find matching private key for SKI: Failed getting key for SKI [[137 134 191 211 38 68 156 142 12 221 83 71 211 128 155 124 97 72 110 13 220 93 23 56 53 142 244 142 141 72 92 164]]: Key with SKI 8986bfd326449c8e0cdd5347d3809b7c61486e0ddc5d1738358ef48e8d485ca4 not found in /etc/hyperledger/fabric-ca-server/msp/keystoreHow do i correct this error because i'm not able to start my ca.example container.
Thank you
Hi @etrelz , seems like your pathting to the key in docker-compose is wrong? The error says: Error: Failed to find private key for certificate in '/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem':
But the path to the _sk is ls crypto-config/peerOrganizations/org1.example.com/ca/
Please double check that, and let me know.
0 -
@indirajith said:
I have fixed the issue by updating the key file name in the docker-compose file.How did you change the name of your file? I met a similar problem which is like that 'key with SKI eb8bd8552f4d51aa774165bcaca0b229624b298fee5189ef9c5fa60e29366f94 not found in ../organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/keystore' but I am sure that there is a file named priv_sk, the same as the name when it was firstly generated by the cryptogen.
0
Categories
- All Categories
- 207 LFX Mentorship
- 207 LFX Mentorship: Linux Kernel
- 735 Linux Foundation IT Professional Programs
- 339 Cloud Engineer IT Professional Program
- 167 Advanced Cloud Engineer IT Professional Program
- 66 DevOps Engineer IT Professional Program
- 132 Cloud Native Developer IT Professional Program
- 122 Express Training Courses
- 122 Express Courses - Discussion Forum
- 5.9K Training Courses
- 40 LFC110 Class Forum - Discontinued
- 66 LFC131 Class Forum
- 39 LFD102 Class Forum
- 222 LFD103 Class Forum
- 17 LFD110 Class Forum
- 34 LFD121 Class Forum
- 17 LFD133 Class Forum
- 6 LFD134 Class Forum
- 17 LFD137 Class Forum
- 70 LFD201 Class Forum
- 3 LFD210 Class Forum
- 2 LFD210-CN Class Forum
- 2 LFD213 Class Forum - Discontinued
- 128 LFD232 Class Forum - Discontinued
- 1 LFD233 Class Forum
- 3 LFD237 Class Forum
- 23 LFD254 Class Forum
- 689 LFD259 Class Forum
- 110 LFD272 Class Forum
- 3 LFD272-JP クラス フォーラム
- 10 LFD273 Class Forum
- 110 LFS101 Class Forum
- LFS111 Class Forum
- 2 LFS112 Class Forum
- 1 LFS116 Class Forum
- 3 LFS118 Class Forum
- 3 LFS142 Class Forum
- 3 LFS144 Class Forum
- 3 LFS145 Class Forum
- 1 LFS146 Class Forum
- 2 LFS147 Class Forum
- 8 LFS151 Class Forum
- 1 LFS157 Class Forum
- 17 LFS158 Class Forum
- 5 LFS162 Class Forum
- 1 LFS166 Class Forum
- 3 LFS167 Class Forum
- 1 LFS170 Class Forum
- 1 LFS171 Class Forum
- 2 LFS178 Class Forum
- 2 LFS180 Class Forum
- 1 LFS182 Class Forum
- 4 LFS183 Class Forum
- 30 LFS200 Class Forum
- 737 LFS201 Class Forum - Discontinued
- 2 LFS201-JP クラス フォーラム
- 17 LFS203 Class Forum
- 118 LFS207 Class Forum
- 1 LFS207-DE-Klassenforum
- LFS207-JP クラス フォーラム
- 301 LFS211 Class Forum
- 55 LFS216 Class Forum
- 50 LFS241 Class Forum
- 44 LFS242 Class Forum
- 37 LFS243 Class Forum
- 13 LFS244 Class Forum
- 1 LFS245 Class Forum
- 45 LFS250 Class Forum
- 1 LFS250-JP クラス フォーラム
- LFS251 Class Forum
- 145 LFS253 Class Forum
- LFS254 Class Forum
- LFS255 Class Forum
- 6 LFS256 Class Forum
- LFS257 Class Forum
- 1.2K LFS258 Class Forum
- 9 LFS258-JP クラス フォーラム
- 116 LFS260 Class Forum
- 156 LFS261 Class Forum
- 41 LFS262 Class Forum
- 82 LFS263 Class Forum - Discontinued
- 15 LFS264 Class Forum - Discontinued
- 11 LFS266 Class Forum - Discontinued
- 23 LFS267 Class Forum
- 18 LFS268 Class Forum
- 29 LFS269 Class Forum
- 200 LFS272 Class Forum
- 1 LFS272-JP クラス フォーラム
- LFS274 Class Forum
- 3 LFS281 Class Forum
- 7 LFW111 Class Forum
- 257 LFW211 Class Forum
- 179 LFW212 Class Forum
- 12 SKF100 Class Forum
- SKF200 Class Forum
- SKF201 Class Forum
- 791 Hardware
- 199 Drivers
- 68 I/O Devices
- 37 Monitors
- 98 Multimedia
- 174 Networking
- 91 Printers & Scanners
- 85 Storage
- 754 Linux Distributions
- 82 Debian
- 67 Fedora
- 16 Linux Mint
- 13 Mageia
- 23 openSUSE
- 147 Red Hat Enterprise
- 31 Slackware
- 13 SUSE Enterprise
- 351 Ubuntu
- 465 Linux System Administration
- 39 Cloud Computing
- 71 Command Line/Scripting
- Github systems admin projects
- 91 Linux Security
- 78 Network Management
- 101 System Management
- 47 Web Management
- 56 Mobile Computing
- 17 Android
- 28 Development
- 1.2K New to Linux
- 1K Getting Started with Linux
- 366 Off Topic
- 114 Introductions
- 171 Small Talk
- 20 Study Material
- 534 Programming and Development
- 293 Kernel Development
- 223 Software Development
- 1.2K Software
- 212 Applications
- 182 Command Line
- 3 Compiling/Installing
- 405 Games
- 312 Installation
- 79 All In Program
- 79 All In Forum
Upcoming Training
-
August 20, 2018
Kubernetes Administration (LFS458)
-
August 20, 2018
Linux System Administration (LFS301)
-
August 27, 2018
Open Source Virtualization (LFS462)
-
August 27, 2018
Linux Kernel Debugging and Security (LFD440)