stackoom
  简体   繁体   中英

Can't setup mysql database for fabric-ca server due to certificate error

 原文  2019-09-25 11:56:20       mysql/ ssl-certificate/ hyperledger-fabric/ hyperledger/ hyperledger-fabric-ca

Question

I am trying to setup Hyperledger fabric-ca using mysql database using this link: http://fabric-ca.readthedocs.io/en/latest/users-guide.html

Following the content in the link, I am trying to setup fabric-ca-server with mysql as DB and I am specifying the below config for the same in the fabric-ca-server-config.yaml

db:
  type: mysql
  datasource: root:rootpw@tcp(localhost:3306)/ca?parseTime=true&tls=custom
  tls:
      enabled: true
      certfiles:
        - server-cert.pem
      client:
        certfile: client-cert.pem
        keyfile: client-key.pem

I have used docker container to start mysql database using:

docker run --name=mysql --env="MYSQL_ROOT_PASSWORD=mypassword" -p 3306:3306 -p 33060:33060 mysql

After my container starts these logs are produced:

[System] [MY-010116] [Server] /usr/sbin/mysqld (mysqld 8.0.17) starting as process 1
[Warning] [MY-010068] [Server] CA certificate ca.pem is self signed.
[Warning] [MY-011810] [Server] Insecure configuration for --pid-file: Location '/var/run/mysqld' in the path is accessible to all OS users. Consider choosing a different directory.
[System] [MY-010931] [Server] /usr/sbin/mysqld: ready for connections. Version: '8.0.17'  socket: '/var/run/mysqld/mysqld.sock'  port: 3306  MySQL Community Server - GPL.
[System] [MY-011323] [Server] X Plugin ready for connections. Socket: '/var/run/mysqld/mysqlx.sock' bind-address: '::' port: 33060

And when I start my fabric-ca-server then these logs are produced:

[INFO] Configuration file location: /home/trinayan/Documents/biltinetwork/newca/fabric-ca-server-config.yaml
[INFO] Starting server in home directory: /home/trinayan/Documents/biltinetwork/newca
[WARNING] Unknown provider type: ; metrics disabled
[INFO] Server Version: 1.4.2
[INFO] Server Levels: &{Identity:2 Affiliation:1 Certificate:1 Credential:1 RAInfo:1 Nonce:1}
[WARNING] &{69 The specified CA certificate file /home/trinayan/Documents/biltinetwork/newca/ca-cert.pem does not exist}
[INFO] generating key: &{A:ecdsa S:256}
[INFO] encoded CSR
[INFO] signed certificate with serial number 646347233835345802692423971159804543235939577965
[INFO] The CA key and certificate were generated for CA 
[INFO] The key was stored by BCCSP provider 'SW'
[INFO] The certificate is at: /home/trinayan/Documents/biltinetwork/newca/ca-cert.pem
[ERROR] Error occurred initializing database: Failed to connect to MySQL database: x509: certificate is valid for MySQL_Server_8.0.17_Auto_Generated_Server_Certificate, not localhost
[INFO] Home directory for default CA: /home/trinayan/Documents/biltinetwork/newca
[INFO] Operation Server Listening on [::]:36189
[INFO] Listening on http://0.0.0.0:7054

I can't figure out why this error:

[ERROR] Error occurred initializing database: Failed to connect to MySQL database: x509: certificate is valid for MySQL_Server_8.0.17_Auto_Generated_Server_Certificate, not localhost

as this is related to ssl certificate so can anyone help me with this.

2 answers

solution1
 0  2019-10-10 11:05:23

From the error, I assume you are trying to connect to MySQL over TLS. Looks like MySQL auto-generated a server certificate with a Common Name or SAN of MySQL_Server_8.0.17_Auto_Generated_Server_Certificate . Likely in your config you are trying to connect to localhost which does not match MySQL_Server_8.0.17_Auto_Generated_Server_Certificate .

So you have a few options:

  • follow https://dev.mysql.com/doc/refman/8.0/en/creating-ssl-rsa-files-using-mysql.html and generate certificates using openssl with the Common Name or a SAN set to localhost

  • create a hosts entry on the host server running the CA and MySQL which maps MySQL_Server_8.0.17_Auto_Generated_Server_Certificate to 127.0.0.1 and replace localhost with MySQL_Server_8.0.17_Auto_Generated_Server_Certificate in your fabric-ca-server config file.

  • don't use TLS and see if things work

I'd go with the first option.

solution2
 0  2022-11-29 18:54:25

So, since it is not possible to set the Common Name of the certificates generated by mysql_ssl_rsa_setup

A solution when using Docker-Compose, is to use one of the generated names as host for the database connection, and use a link to alias the container.

For example, with:

  • A mysql container named 'db'
  • mysql_ssl_rsa_setup -v --suffix='db' ran on the mysql container
  • The generated certificate properly placed in the client container (fabric-ca, laravel, etc)

Then, add to your client container:

links: 
  - db:MySQL_Server_db_Auto_Generated_Server_Certificate

And of course, use MySQL_Server_db_Auto_Generated_Server_Certificate as the host for the database connection in your client.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to add Mysql as a db in hyperledger fabric-ca? fabric-ca-server connect to mysql with ssl Can't import MySQL database due to syntax error fabric-ca-server connect to azure mysql: this authentication plugin is not supported Remote connection to MySQL server on Mac OS X - ERROR 2003 (HY000): Can't connect to MySQL server on 'duplessis.umontreal.ca' (110) Can't create a MySQL database with PHP on server? Laravel MySQL database setup error Can't connect to remote mysql database server SSH Tunnel with R error: Failed to connect to database: Error: Can't connect to MySQL server on '127.0.0.1' (115) Connecting R to MySQL - “Failed to connect to database: Error: Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)”
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM