I am trying to setup Hyperledger fabric-ca using mysql database using this link: http://fabric-ca.readthedocs.io/en/latest/users-guide.html
Following the content in the link, I am trying to setup fabric-ca-server with mysql as DB and I am specifying the below config for the same in the fabric-ca-server-config.yaml
db:
type: mysql
datasource: root:rootpw@tcp(localhost:3306)/ca?parseTime=true&tls=custom
tls:
enabled: true
certfiles:
- server-cert.pem
client:
certfile: client-cert.pem
keyfile: client-key.pem
I have used docker container to start mysql database using:
docker run --name=mysql --env="MYSQL_ROOT_PASSWORD=mypassword" -p 3306:3306 -p 33060:33060 mysql
After my container starts these logs are produced:
[System] [MY-010116] [Server] /usr/sbin/mysqld (mysqld 8.0.17) starting as process 1
[Warning] [MY-010068] [Server] CA certificate ca.pem is self signed.
[Warning] [MY-011810] [Server] Insecure configuration for --pid-file: Location '/var/run/mysqld' in the path is accessible to all OS users. Consider choosing a different directory.
[System] [MY-010931] [Server] /usr/sbin/mysqld: ready for connections. Version: '8.0.17' socket: '/var/run/mysqld/mysqld.sock' port: 3306 MySQL Community Server - GPL.
[System] [MY-011323] [Server] X Plugin ready for connections. Socket: '/var/run/mysqld/mysqlx.sock' bind-address: '::' port: 33060
And when I start my fabric-ca-server then these logs are produced:
[INFO] Configuration file location: /home/trinayan/Documents/biltinetwork/newca/fabric-ca-server-config.yaml
[INFO] Starting server in home directory: /home/trinayan/Documents/biltinetwork/newca
[WARNING] Unknown provider type: ; metrics disabled
[INFO] Server Version: 1.4.2
[INFO] Server Levels: &{Identity:2 Affiliation:1 Certificate:1 Credential:1 RAInfo:1 Nonce:1}
[WARNING] &{69 The specified CA certificate file /home/trinayan/Documents/biltinetwork/newca/ca-cert.pem does not exist}
[INFO] generating key: &{A:ecdsa S:256}
[INFO] encoded CSR
[INFO] signed certificate with serial number 646347233835345802692423971159804543235939577965
[INFO] The CA key and certificate were generated for CA
[INFO] The key was stored by BCCSP provider 'SW'
[INFO] The certificate is at: /home/trinayan/Documents/biltinetwork/newca/ca-cert.pem
[ERROR] Error occurred initializing database: Failed to connect to MySQL database: x509: certificate is valid for MySQL_Server_8.0.17_Auto_Generated_Server_Certificate, not localhost
[INFO] Home directory for default CA: /home/trinayan/Documents/biltinetwork/newca
[INFO] Operation Server Listening on [::]:36189
[INFO] Listening on http://0.0.0.0:7054
I can't figure out why this error:
[ERROR] Error occurred initializing database: Failed to connect to MySQL database: x509: certificate is valid for MySQL_Server_8.0.17_Auto_Generated_Server_Certificate, not localhost
as this is related to ssl certificate so can anyone help me with this.
From the error, I assume you are trying to connect to MySQL over TLS. Looks like MySQL auto-generated a server certificate with a Common Name or SAN of MySQL_Server_8.0.17_Auto_Generated_Server_Certificate
. Likely in your config you are trying to connect to localhost
which does not match MySQL_Server_8.0.17_Auto_Generated_Server_Certificate
.
So you have a few options:
follow https://dev.mysql.com/doc/refman/8.0/en/creating-ssl-rsa-files-using-mysql.html and generate certificates using openssl with the Common Name or a SAN set to localhost
create a hosts entry on the host server running the CA and MySQL which maps MySQL_Server_8.0.17_Auto_Generated_Server_Certificate
to 127.0.0.1
and replace localhost
with MySQL_Server_8.0.17_Auto_Generated_Server_Certificate
in your fabric-ca-server config file.
don't use TLS and see if things work
I'd go with the first option.
So, since it is not possible to set the Common Name of the certificates generated by mysql_ssl_rsa_setup
A solution when using Docker-Compose, is to use one of the generated names as host for the database connection, and use a link to alias the container.
For example, with:
mysql_ssl_rsa_setup -v --suffix='db'
ran on the mysql container Then, add to your client container:
links:
- db:MySQL_Server_db_Auto_Generated_Server_Certificate
And of course, use MySQL_Server_db_Auto_Generated_Server_Certificate
as the host for the database connection in your client.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.