While creating a profile to connect to a hyperledger fabric instance, I get the following error.
0|composer | HLFConnection :login() > admin
0|composer | E0508 11:50:42.311834619 75 ssl_transport_security.c:611] Could not load any root certificate.
0|composer | E0508 11:50:42.311850655 75 ssl_transport_security.c:1348] Cannot load server root certificates.
0|composer | E0508 11:50:42.312139228 75 security_connector.c:837] Handshaker factory creation failed with TSI_INVALID_ARGUMENT.
0|composer | E0508 11:50:42.312149486 75 secure_channel_create.c:127] Failed to create secure subchannel for secure name.
When I check the loaded certificate in the playground logs, '\r\n' has been changed to '\\r\\n'
This is a known issue with the certificate text box when you enter the PEM certificate as a single string.
There are a couple of ways to get around the problem for now. You either need to remove all the \r\n text from the text before putting into the cert field on the UI, or you can import your current connection profile which you use for connection via the command line.
Following is the link to issue in github.
https://github.com/hyperledger/composer/issues/893
Related
The logs around the error is this below. It used to work but after a few days ago, this start failing. I didn't not change deploy flow.
The only change is that we started to pay. Before that we used it as a trial member.
Though I don't think that is the cause...
Does anyone know how to get over this error?
Using app from: /Users/vagrant/deploy/app-production-[REDACTED]-bitrise-signed.apk
Configuration read successfully
Authenticating
Authenticated client created
Create new edit
editID: xxxxxxx
Edit insert created
Upload apks or app bundles
Uploading /Users/vagrant/deploy/app-production-[REDACTED]-bitrise-signed.apk 1/1
Uploaded apk version: 36
Done uploading of 1 apps
New version codes to upload: 36
Applications uploaded
Update track
Release version codes are: [36]
alpha track will be updated.
updated track: alpha
Track updated
Committing edit
Failed to commit edit, error: googleapi: Error 403: You cannot rollout this [REDACTED] because it does not allow any existing users to upgrade to the newly added APKs., forbidden
| |
+---+---------------------------------------------------------------+----------+
| x | google-play-deploy#3.6 (exit code: 1) | 19.44 sec|
+---+---------------------------------------------------------------+----------+
| Issue tracker: https://github.com/bitrise-io/steps-google-play-deploy/issues |
| Source: https://github.com/bitrise-io/steps-google-play-deploy |
+---+---------------------------------------------------------------+----------+
I'm experiencing a somewhat perplexing issue with a self-signed SSL certificate that Windows recognizes as valid, but which no modern browsers will accept.
The certificate is present in the system certificate store (accessed via the Certificates snap-in in MMC), within both the Personal and Trusted Root Certification Authorities folders, and marked as valid.
Per the utility SSL Certificate Verifier, the certificate and certificate chain are valid.
Here is its output:
**************************************************************************
Processing 'localhost'
**************************************************************************
Scan started: 21-09-2020 13:43:33
Generating connection string...
Connection string is: https://localhost:14006/
Entering certificate validation callback function...
Server returned 1 certificates.
Entering server certificate chain validation function...
Leaf certificate issued to: E=REDACTED, CN=localhost, O=localhost, L=New York, S=NY, C=US
Found Subject Alternative Names extension in the certificate.
Fetching SAN values:
DNS Name=localhost
DNS Name=127.0.0.1
DNS Name=::1
IP Address=0000:0000:0000:0000:0000:0000:0000:0001
IP Address=127.0.0.1
Certificate chain successfully passed all checks.
Finished!
Scan ended: 21-09-2020 13:43:33
If I attempt to access the service using Internet Explorer or curl, I get the expected 200 result from the service.
However, if I try to access the service using Edge, Chrome, Opera, or Firefox, I get ERR_CONNECTION_RESET. Before adding the certificate to Firefox's certificate store, I got PR_CONNECT_RESET_ERROR but now that also throws ERR_CONNECTION_RESET.
There are no proxies or VPNs active on my system or anything else that would interfere with Windows' networking. I'm at a complete loss. What on earth is happening here and how do I go about fixing it?
I had exactly the same symptoms - IE and curl working. Chrome, Edge and Firefox not, all reporting ERR_CONNECTION_RESET.
Ultimately it was pinned down to a corrupt HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010002\Functions key.
nmap reported a single cipher in use when it was broken:
| ssl-enum-ciphers:
| TLSv1.2:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (ecdh_x25519) - A
Reloaded the key with a correct value:
| ssl-enum-ciphers:
| TLSv1.2:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp384r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp384r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (ecdh_x25519) - A
The absence of the GCM ciphers is the likely cause, given Chromium was reporting them as obsolete five years ago.
I had a similar problem on chrome where it said
NET::ERR_CERT_COMMON_NAME_INVALID
, turns out the error was with the certificate itself.
Try the to create a certificate with the below link:
SSL Certificate
Any one came across hyperledger composer's chaincode error like : Error: The current identity must be activated (ACTIVATION_REQUIRED)?? The identity which I am using showing ISSUED in composer-playground. But once I am using System/ping through REST server, chaincode log showing this error. I hope at the time when a participant submits a transaction using an enrollment certificate, the Composer chaincode extracts the enrollment ID from the enrollment certificate, and uses it to look up the participant instance that the identity was issued to. I issued identity through CLI and then I am using it in REST server without doing anything in CLI. I am not sure how to overcome this error. Appreciate! any help.
I updated all composer components to 0.12.2. I used the following CLI commands to issue identity:
composer participant add -p jiyababa -n 'digitalproperty-network' -i PeerAdmin -s adminpw -d '{"$class":"net.biz.digitalPropertyNetwork.Person","personId":"dcsen#abc.com","firstName":"Dul","lastName":"Sen"}'
composer identity issue -p jiyababa -n 'digitalproperty-network' -i admin -s adminpw -u dcsen1 -a "resource:net.biz.digitalPropertyNetwork.Person#dcsen#abc.com"
Still getting the same error at composer chaincode.
2017-09-17 14:56:12.599 UTC [Composer] Error -> ERRO 01e #JS : IdentityManager :getIdentity() Error: The current identity has not been registered:admin 2017-09-17 14:56:12.682 UTC [Composer] Error -> ERRO 01f #JS : IdentityManager :getIdentity() Error: The current identity has not been registered:admin 2017-09-17 15:09:58.641 UTC [Composer] Error -> ERRO 020 #JS : IdentityManager :validateIdentity() Error: The current identity must be activated (ACTIVATION_REQUIRED)
I also tried using "admin" user to add participant and issue identity but no luck: getting composer chaincode error::
Error: Unhandled promise rejection {activationRequired:true} at [anon] (/chaincode/input/src/composer/vendor/gopkg.in/olebedev/go-duktape.v3/duk_console.c:55) internal
#JS : IdentityManager :validateIdentity() Error: The current identity must be activated (ACTIVATION_REQUIRED)
But I can ACTIVATE the identity through composer CLI using the following command:
composer network ping -n digitalproperty-network -p jiyababa -i dcsen1 -s BEkeKFlLVnBL
Once I ACTIVATED through CLI, I could NOT use the identity in REST Server. That means, first transaction request from REST server not activating the identity in identity registry.
This can happen if you are using an old version of the CLI/Client Application/Rest Server trying to connect to a much newer version of the composer runtime that is deployed when you deploy the business network.
It sounds like you deployed a business network and issued identities using a newver version of the CLI, but haven't updated the Rest Server to the same version.
Information about updating can be found at
https://hyperledger.github.io/composer/managing/updating-composer.html
A temporary work around is to ACTIVATE the card yourself:
$ composer identity list -c admin#basic-sample-network
✔ List all identities in the business network
-
$class: org.hyperledger.composer.system.Identity
identityId: 8dc315997a5ad0ade3b4343c6b81ae37a3c2c7f22eddab90dd09717e7459772e
name: admin
issuer: ac3dbcbe135ba48b29f97665bb103f8260c38d3872473e584314392797c595f3
certificate:
"""
-----BEGIN CERTIFICATE-----
MIICAjCCAaigAwIBAgIUOA7RAw1TbKo2UjwkeS9YRCSFupowCgYIKoZIzj0EAwIw
czELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNh
biBGcmFuY2lzY28xGTAXBgNVBAoTEG9yZzEuZXhhbXBsZS5jb20xHDAaBgNVBAMT
E2NhLm9yZzEuZXhhbXBsZS5jb20wHhcNMTgwODA4MDYzODAwWhcNMTkwODA4MDY0
MzAwWjAhMQ8wDQYDVQQLEwZjbGllbnQxDjAMBgNVBAMTBWFkbWluMFkwEwYHKoZI
zj0CAQYIKoZIzj0DAQcDQgAEeBeSqbzishSi0Q0+f0HavwPsN1240zIxuL12iWUR
U9aEO/cLusEr9fg44UUh3xzp4VQGChJ5TNRu4s/uBbuFxqNsMGowDgYDVR0PAQH/
BAQDAgeAMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFF1ZYXNpBsGXEomhlTBT9NeJ
CUqIMCsGA1UdIwQkMCKAIBmrZau7BIB9rRLkwKmqpmSecIaOOr0CF6Mi2J5H4aau
MAoGCCqGSM49BAMCA0gAMEUCIQCMuttwm6sSCjtwl8xk4FZM4PHH0F5YGxJvNUjn
SeeCCQIgAmmD9aabcY7jHttdfAZ2zNepihdRKjN1xsxy4i7KaQ4=
-----END CERTIFICATE-----
"""
state: ACTIVATED
participant: resource:org.hyperledger.composer.system.NetworkAdmin#admin
Command succeeded
I just a new beginner of Hyperledger Composer.So I try to deploy REST server using Docker by following this guide
Deploying the REST server for a business network
Then when i run docker, it show this error on docker logs
docker logs rest
0|composer | WARNING: NODE_APP_INSTANCE value of '0' did not match any instance config file names.
0|composer | WARNING: See https://github.com/lorenwest/node-config/wiki/Strict-Mode
0|composer | Discovering types from business network definition ...
0|composer | D0831 07:04:36.180952003 24 env_linux.c:66] Warning: insecure environment read function 'getenv' used
0|composer | D0831 07:04:37.574385287 24 env_linux.c:66] Warning: insecure environment read function 'getenv' used
0|composer | Connection fails: Error: Error trying to ping. Error: Composer runtime (0.11.3) is not compatible with client (0.11.2)
0|composer | It will be retried for the next request.
0|composer | Exception: Error: Error trying to ping. Error: Composer runtime (0.11.3) is not compatible with client (0.11.2)
0|composer | Error: Error trying to ping. Error: Composer runtime (0.11.3) is not compatible with client (0.11.2)
0|composer | at _checkRuntimeVersions.then.catch (/usr/local/lib/node_modules/composer-rest-server/node_modules/composer-connector-hlfv1/lib/hlfconnection.js:696:34)
PM2 | App [composer-rest-server] with id [0] and pid [24], exited with code [1] via signal [SIGINT]
PM2 | Starting execution sequence in -fork mode- for app name:composer-rest-server id:0
PM2 | App name:composer-rest-server id:0 online
So i try to update the version by following on this guide on the same doc
Updating Hyperledger Composer
But after I stop/reboot fabric, redeploy the chaincode again and run the docker, the error still exist.
Can anyone please tell me what i've missing?
Note: I try this solution too but still have the same problem.
Ok i've solve the problem. I remove all docker image and start new fabric to download image again,and it works!!
docker rmi $(docker images -q)
when i run from windows-7 with cygwin to connect CFEngine bersion 3.4.2
cf-agent -Bs 217.64.173.210
Challenge response from server 217.64.173.210/217.64.173.210 was incorrect!
I: Made in version 'not specified' of '/var/cfengine/inputs/update.cf' near line 47
!! Authentication dialogue with 217.64.173.210 failed
Challenge response from server 217.64.173.210/217.64.173.210 was incorrect!
I: Made in version 'not specified' of '/var/cfengine/inputs/update.cf' near line
and in /var/cfengine/inputs/update.cf on line 47 is
47 : perms => m("600"),
on cgwin in folder keys
/var/cfengine/ppkeys
localhost.pub
localhost.priv
root-MD5=b8825ba0a0e7017e34b15766d3b3ac58 (which is also at CFEngine Server Side shared ky)
on Cf-Engine Server Side
/var/cfengine/ppkeys/
localhost.priv
localhost.pub
root-MD5=b8825ba0a0e7017e34b15766d3b3ac58
With Regards
Sandeep
Did you also get the server to trust the client's key? like so:
cf-key -t root-MD5=b8825ba0a0e7017e34b15766d3b3ac58
(on the server)
Also, try restarting cf-serverd in verbose mode with the -v switch on the server, and watch what error messages you get on that end.