Welcome to the Linux Foundation Forum!

LFS 272 - Using an HSM

I am trying to setup the HSM config as per described in the following official guideline (https://hyperledger-fabric.readthedocs.io/en/release-1.4/hsm.html) .
I have made new binaries as indicated:

make docker GO_TAGS=pkcs11

But when I tried to run the docker-ca-server init, I keept getting the error below:

    /etc/hyperledger # fabric-ca-server init -b titoadm:titopw
    2020/05/12 20:02:40 [DEBUG] Home directory: /etc/hyperledger/fabric-ca-server
    2020/05/12 20:02:40 [INFO] Configuration file location: /etc/hyperledger/fabric-ca-server/fabric-ca-server-config.yaml
    2020/05/12 20:02:40 [DEBUG] Set log level:
    2020/05/12 20:02:40 [INFO] Server Version: 2.0.0-snapshot-2d75a1a
    2020/05/12 20:02:40 [INFO] Server Levels: &{Identity:2 Affiliation:1 Certificate:1 Credential:1 RAInfo:1 Nonce:1}
    2020/05/12 20:02:40 [DEBUG] Making server filenames absolute
    2020/05/12 20:02:40 [DEBUG] Initializing default CA in directory /etc/hyperledger/fabric-ca-server
    2020/05/12 20:02:40 [DEBUG] Init CA with home /etc/hyperledger/fabric-ca-server and config {Version:2.0.0-snapshot-2d75a1a Cfg:{Identities:{PasswordAttempts:10 AllowRemove:false} Affiliations:{AllowRemove:false}} CA:{Name:ca-org2 Keyfile: Certfile:ca-cert.pem Chainfile:ca-chain.pem} Signing:0xc0004acd90 CSR:{CN:fabric-ca-server Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[e0c18d32b344 localhost] KeyRequest:0xc0004be400 CA:0xc0004be480 SerialNumber:} Registry:{MaxEnrollments:-1 Identities:[{ Name:**** Pass:**** Type:client Affiliation: MaxEnrollments:0 Attrs:map[hf.AffiliationMgr:1 hf.GenCRL:1 hf.IntermediateCA:1 hf.Registrar.Attributes:* hf.Registrar.DelegateRoles:* hf.Registrar.Roles:* hf.Revoker:1]  }]} Affiliations:map[org1:[department1 department2] org2:[department1]] LDAP:{ Enabled:false URL:ldap://****:****@<host>:<port>/<base> UserFilter:(uid=%s) GroupFilter:(memberUid=%s) Attribute:{[uid member] [{ }] map[groups:[{ }]]} TLS:{false [] { }}  } DB:{ Type:sqlite3 Datasource:fabric-ca-server.db TLS:{false [] { }}  } CSP:0xc0004c6000 Client:<nil> Intermediate:{ParentServer:{ URL: CAName:  } TLS:{Enabled:false CertFiles:[] Client:{KeyFile: CertFile:}} Enrollment:{ Name: Secret:**** CAName: AttrReqs:[] Profile: Label: CSR:<nil> Type:x509  }} CRL:{Expiry:24h0m0s} Idemix:{IssuerPublicKeyfile: IssuerSecretKeyfile: RevocationPublicKeyfile: RevocationPrivateKeyfile: RHPoolSize:1000 NonceExpiration:15s NonceSweepInterval:15m}}
    2020/05/12 20:02:40 [DEBUG] CA Home Directory: /etc/hyperledger/fabric-ca-server
    2020/05/12 20:02:40 [DEBUG] Checking configuration file version '2.0.0-snapshot-2d75a1a' against server version: '2.0.0-snapshot-2d75a1a'
    2020/05/12 20:02:40 [DEBUG] Initializing BCCSP: &{ProviderName:PKCS11 SwOpts:0xc0000329c0 PluginOpts:<nil> Pkcs11Opts:<nil>}
    2020/05/12 20:02:40 [DEBUG] Initializing BCCSP with software options &{SecLevel:256 HashFamily:SHA2 Ephemeral:false FileKeystore:0xc0004c56e0 DummyKeystore:<nil> InmemKeystore:<nil>}
    2020/05/12 20:02:40 [DEBUG] Closing server DBs
    2020/05/12 20:02:40 [FATAL] Initialization failure: Failed to get BCCSP with opts: Could not initialize BCCSP PKCS11: Invalid config. It must not be nil.

Any suggestions about how to fix this?
Is there any other workaround?
THere is almost no information in google.


  • NiklaskkkkNiklaskkkk Posts: 108

    Hi @alejoacosta ,

    HSM is still a little new to myself, but could you post a little more details (config files + system info you are running on) and I will forward it to someone with experience with HSM and Fabric.

Sign In or Register to comment.