更新时间:2023-11-24 17:43:40
Mmm ...父根CA TLS证书(受信任的根证书)应使用--intermediate.tls.certfiles
指定. --tls.certfile
和--tls.keyfile
定义了中间CA TLS证书以及对其子级/客户端的关键方面.
Mmm... The parent root CA TLS certificate (the trusted root certificates) should be specified with --intermediate.tls.certfiles
. --tls.certfile
and --tls.keyfile
define the intermediate CA TLS certificate and key respect to its children/clients.
设置--loglevel debug
以获得更多信息(并共享).
Set --loglevel debug
to get more information (and share it).
编辑:当您谈论--tls.keyfile
时,要回答您的版本(我不敢评论您的帖子).我并不是说您必须使用它.我的意思是,如果使用--tls.certfile
,则还必须使用--tls.keyfile
,因为它们旨在通过TLS提供中间CA服务,而不是信任父根CA的TLS证书.为了您的目的,您有--intermediate.tls.certfiles
.
您的命令应如下所示:
To answer to your edition (I have no reputation to comment your post), when you talk about --tls.keyfile
. I don't mean that you must use it. I mean that, if you use --tls.certfile
, you must also use --tls.keyfile
, as they are intended to serve your intermediate CA services via TLS, not to trust your parent root CA's TLS certificate. For your purpose, you have --intermediate.tls.certfiles
.
Your command should look like:
fabric-ca-server start -b admin:adminpw -u https://<registered-identity>:<pw>@ca-root:7054 --intermediate.parentserver.caname ca-root --intermediate.tls.certfiles /path/to/copied/tls-cert.pem
我可能想到的错误:
ca-root
没有指向您的根CA.ca-root
匹配.ca-root
does not point to your root CA.ca-root
.如果您说它在根CA不使用TLS时有效,并且在更改过程中没有破坏其他任何事物,则它可能是4-6之一...
If you say that it worked when the root CA did not use TLS, and you have not broken any other thing during your changes, it can be one of 4-6...