[英]Can't setup mysql database for fabric-ca server due to certificate error
I am trying to setup Hyperledger fabric-ca using mysql database using this link: http://fabric-ca.readthedocs.io/en/latest/users-guide.html我正在尝试使用此链接使用 mysql 数据库设置 Hyperledger fabric-ca: http://fabric-ca.readthedocs.io/en/latest/users-guide.html
Following the content in the link, I am trying to setup fabric-ca-server with mysql as DB and I am specifying the below config for the same in the fabric-ca-server-config.yaml按照链接中的内容,我正在尝试使用 mysql 将 fabric-ca-server 设置为 DB,并在 fabric-ca-server-config.yaml 中指定以下配置
db:
type: mysql
datasource: root:rootpw@tcp(localhost:3306)/ca?parseTime=true&tls=custom
tls:
enabled: true
certfiles:
- server-cert.pem
client:
certfile: client-cert.pem
keyfile: client-key.pem
I have used docker container to start mysql database using:我已经使用 docker 容器启动 mysql 数据库,使用:
docker run --name=mysql --env="MYSQL_ROOT_PASSWORD=mypassword" -p 3306:3306 -p 33060:33060 mysql
After my container starts these logs are produced:在我的容器启动后,会生成这些日志:
[System] [MY-010116] [Server] /usr/sbin/mysqld (mysqld 8.0.17) starting as process 1
[Warning] [MY-010068] [Server] CA certificate ca.pem is self signed.
[Warning] [MY-011810] [Server] Insecure configuration for --pid-file: Location '/var/run/mysqld' in the path is accessible to all OS users. Consider choosing a different directory.
[System] [MY-010931] [Server] /usr/sbin/mysqld: ready for connections. Version: '8.0.17' socket: '/var/run/mysqld/mysqld.sock' port: 3306 MySQL Community Server - GPL.
[System] [MY-011323] [Server] X Plugin ready for connections. Socket: '/var/run/mysqld/mysqlx.sock' bind-address: '::' port: 33060
And when I start my fabric-ca-server then these logs are produced:当我启动我的 fabric-ca-server 时,会生成这些日志:
[INFO] Configuration file location: /home/trinayan/Documents/biltinetwork/newca/fabric-ca-server-config.yaml
[INFO] Starting server in home directory: /home/trinayan/Documents/biltinetwork/newca
[WARNING] Unknown provider type: ; metrics disabled
[INFO] Server Version: 1.4.2
[INFO] Server Levels: &{Identity:2 Affiliation:1 Certificate:1 Credential:1 RAInfo:1 Nonce:1}
[WARNING] &{69 The specified CA certificate file /home/trinayan/Documents/biltinetwork/newca/ca-cert.pem does not exist}
[INFO] generating key: &{A:ecdsa S:256}
[INFO] encoded CSR
[INFO] signed certificate with serial number 646347233835345802692423971159804543235939577965
[INFO] The CA key and certificate were generated for CA
[INFO] The key was stored by BCCSP provider 'SW'
[INFO] The certificate is at: /home/trinayan/Documents/biltinetwork/newca/ca-cert.pem
[ERROR] Error occurred initializing database: Failed to connect to MySQL database: x509: certificate is valid for MySQL_Server_8.0.17_Auto_Generated_Server_Certificate, not localhost
[INFO] Home directory for default CA: /home/trinayan/Documents/biltinetwork/newca
[INFO] Operation Server Listening on [::]:36189
[INFO] Listening on http://0.0.0.0:7054
I can't figure out why this error:我无法弄清楚为什么会出现此错误:
[ERROR] Error occurred initializing database: Failed to connect to MySQL database: x509: certificate is valid for MySQL_Server_8.0.17_Auto_Generated_Server_Certificate, not localhost
as this is related to ssl certificate so can anyone help me with this.因为这与 ssl 证书有关,所以任何人都可以帮我解决这个问题。
From the error, I assume you are trying to connect to MySQL over TLS.从错误中,我假设您正在尝试通过 TLS 连接到 MySQL。 Looks like MySQL auto-generated a server certificate with a Common Name or SAN of
MySQL_Server_8.0.17_Auto_Generated_Server_Certificate
.看起来 MySQL 自动生成了一个具有通用名称或 SAN 的服务器证书
MySQL_Server_8.0.17_Auto_Generated_Server_Certificate
。 Likely in your config you are trying to connect to localhost
which does not match MySQL_Server_8.0.17_Auto_Generated_Server_Certificate
.可能在您的配置中,您尝试连接到与
MySQL_Server_8.0.17_Auto_Generated_Server_Certificate
不匹配的localhost
。
So you have a few options:所以你有几个选择:
follow https://dev.mysql.com/doc/refman/8.0/en/creating-ssl-rsa-files-using-mysql.html and generate certificates using openssl with the Common Name or a SAN set to localhost
follow https://dev.mysql.com/doc/refman/8.0/en/creating-ssl-rsa-files-using-mysql.html and generate certificates using openssl with the Common Name or a SAN set to
localhost
create a hosts entry on the host server running the CA and MySQL which maps MySQL_Server_8.0.17_Auto_Generated_Server_Certificate
to 127.0.0.1
and replace localhost
with MySQL_Server_8.0.17_Auto_Generated_Server_Certificate
in your fabric-ca-server config file.在运行 CA 和 MySQL 的主机服务器上创建一个主机条目,它将
MySQL_Server_8.0.17_Auto_Generated_Server_Certificate
映射到127.0.0.1
并在您的 fabric-ca-server 配置文件中将localhost
替换为MySQL_Server_8.0.17_Auto_Generated_Server_Certificate
。
don't use TLS and see if things work不要使用 TLS,看看是否可行
I'd go with the first option.我会用第一个选项 go 。
So, since it is not possible to set the Common Name of the certificates generated by mysql_ssl_rsa_setup因此,由于无法设置 mysql_ssl_rsa_setup 生成的证书的通用名称
A solution when using Docker-Compose, is to use one of the generated names as host for the database connection, and use a link to alias the container.使用 Docker-Compose 时的一种解决方案是使用生成的名称之一作为数据库连接的主机,并使用链接为容器别名。
For example, with:例如,与:
mysql_ssl_rsa_setup -v --suffix='db'
ran on the mysql container mysql_ssl_rsa_setup -v --suffix='db'
在 mysql 容器上运行 Then, add to your client container:然后,添加到您的客户端容器:
links:
- db:MySQL_Server_db_Auto_Generated_Server_Certificate
And of course, use MySQL_Server_db_Auto_Generated_Server_Certificate
as the host for the database connection in your client.当然,使用
MySQL_Server_db_Auto_Generated_Server_Certificate
作为客户端数据库连接的主机。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.