Search code examples
hyperledger-fabrichyperledger-fabric-ca

Custom Details(Country, State, Locality) for MSP in Organisation MSP of Hyperledger Fabric

Hyperledger Fabric Documentation states that we can add additional parameters i.e. Specs and CA for an Organization. The sample shows that additional code can be commented out to provide values.

What I'm trying to do:

  • I need to provide custom values of Country, State, Locality in the X509 certificate of the organization.
  • I'm using "cryptogen" tool to generate certificates.

  • Following is the snippet for an organization from crypto-config.yaml file:

    -&Org1

    Name: Org1MSP
    ID: Org1MSP
    MSPDir: crypto-config/peerOrganizations/org1.example.com/msp
    CA:
       Hostname: ca
       Country: Westros
       Province: North
       Locality: Winterfell
       OrganizationalUnit: HouseStark
       StreetAddress: NorthernStreet
       PostalCode: 30000
    Policies:
        Readers:
            Type: Signature
            Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')"
        Writers:
            Type: Signature
        Rule: "OR('Org1MSP.admin', 'Org1MSP.client')"
        Admins:
            Type: Signature
            Rule: "OR('Org1MSP.admin')"
    AnchorPeers:
        - Host: peer0.org1.example.com
          Port: 7051

The error I'm getting while generating certificates:

2019-01-09 13:44:50.557 IST [common/tools/configtxgen/localconfig] Load -> PANI 003 Error unmarshaling config into struct: 3 error (s) decoding:

  • 'Organizations[1]' has invalid keys: CA
  • 'Profiles[TwoOrgsChannel].Application.Organizations[0]' has invalid keys: CA
  • 'Profiles[TwoOrgsOrdererGenesis].Consortiums[SampleConsortium].Organizations[0]' has invalid keys: CA

What I've tried:

  • First, I tried the above configuration which resulted in error.
  • I again read the usage of cryptogen tool. I used to cryptogen showtemplate to check the template used for generating the certificate. It is in similar format to my crypto-config.yaml file.
  • Keeping the configuration simple i.e. w/o CA details, I started the network, went into the fabric-ca-server container and updated the fabric-ca-server-config.yaml to provide values of CA. This resulted in other errors. I assume this is because I generated certificates using some X CA configuration using cryptogen and while on the run I'm putting some Y CA configuration.

Is there something I'm missing out or doing it wrong?

Solution

  • I reinstalled binaries for fabric 1.4 and defined the following in crypto-config.yaml:

    # Setting up orderer of the network
OrdererOrgs:

  - Name: Orderer
    Domain: example.com
    CA:
      Country: IN
      Province: Karnataka
      Locality: Bengaluru
    Specs:
     - Hostname: orderer

# Setting up peer orgs of the network
PeerOrgs:

 - Name: Org1
   Domain: org1.example.com
   EnableNodeOUs: true
   CA:
     Country: IN
     Province: Karnataka
     Locality: Bengaluru
   # Template count is the number of peer nodes for this organization
   Template:
     Count: 2

   Users:
     Count: 1

    I was supplying the wrong values for SubjectDN used for CSR.