Menu
The official hyperledger fabric v1.0.0 gives a simple demo by using docker. Here is the link.
What i am doing is to avoid docker and directly run them on the machine. Thanks to the answer from my previous question, I have successfully launch 1 solo orderer and two peers, each from one org.
This is part of orderer's config orderer.yaml and i am sure the tls-related path is set correctly.
General:
# Ledger Type: The ledger type to provide to the orderer.
# Two non-production ledger types are provided for test purposes only:
# - ram: An in-memory ledger whose contents are lost on restart.
# - json: A simple file ledger that writes blocks to disk in JSON format.
# Only one production ledger type is provided:
# - file: A production file-based ledger.
LedgerType: file
# Listen address: The IP on which to bind to listen.
ListenAddress: 127.0.0.1
# Listen port: The port on which to bind to listen.
ListenPort: 7040
# TLS: TLS settings for the GRPC server.
TLS:
Enabled: true
PrivateKey: ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.key
Certificate: ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
RootCAs:
- ordererOrganizations/example.com/orderers/orderer.example.com/tls/ca.crt
ClientAuthEnabled: false
ClientRootCAs:
# Log Level: The level at which to log. This accepts logging specifications
# per: fabric/docs/Setup/logging-control.md
LogLevel: debug
However, when I want to create the channel using command as follows:
export FABRIC_CFG_PATH=$PWD
export CHANNEL_NAME=my_channel
export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=crypto-config/peerOrganizations/org1.example.com/users/[email protected]/msp
export CORE_PEER_ADDRESS=127.0.0.1:7001
peer channel create -o 127.0.0.1:7040 -c $CHANNEL_NAME -f channel-artifacts/channel.tx --tls true --cafile $ORDERER_CA >&log.txt
The log reports the error saying as follows:
Error: Error connecting due to rpc error: code = Internal desc = connection error: desc = "transport: authentication handshake failed: x509: cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs"
I think it is related to a tls configuration problem. I am not very familiar about it. Can any one help me to solve this simple problem and give me a simple explanation?
852
asked Dec 08 '25 22:12
The error is caused due to hostname verification failing at the TLS layer. The TLS certificates don't have IP Subject Alternative Names (SANs) - they only have DNS-based SANs.
The easiest thing to do is to just add host entries into your /etc/hosts file (assuming you are running on Linux or macOS). Assuming that you are running everything on the same machine, then adding the following line to your /etc/hosts should resolve your issue:
127.0.0.1 localhost orderer peer0.org1.example.com peer0.org2.example.com
And then make sure to use the hostnames rather than IP addresses:
export FABRIC_CFG_PATH=$PWD
export CHANNEL_NAME=my_channel
export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=crypto-config/peerOrganizations/org1.example.com/users/[email protected]/msp
export CORE_PEER_ADDRESS=peer0.org1.example.com:7001
peer channel create -o orderer:7040 -c $CHANNEL_NAME -f channel-artifacts/channel.tx --tls true --cafile $ORDERER_CA >&log.txt
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
