I am trying to setup a fabric-ca with tls enabled. Started the server, enrolled the admin with tls enabled successfully. But when I try to register the user, I'm getting the error
POST https://peer2:7054/register
{"id":"sound","type":"client","affiliation":"org0.department1","attrs":[{"name":"hf.Revoker","value":"true"},{"name":"admin","value":"true","ecert":true}]}
2019/12/10 07:32:33 [DEBUG] Received response statusCode=403 (403 Forbidden)
Error: Response from server: Error Code: 71 - Authorization failure
https://peer2 - peer2 indicates the host which owns the root certificates mentioned in the admin enroll command.
Can anyone guide on registering the fabric-ca with tls enabled.
The command I used for registering user is:
fabric-ca-client register -d --id.name sound --id.affiliation org0.department1 --id.attrs 'hf.Revoker=true,admin=true:ecert' --tls.certfiles /root/bcnetwork/conf/crypto-config/peerOrganizations/org0/peers/peer2.org0/tls/ca.crt --tls.client.certfile /root/bcnetwork/conf/crypto-config/peerOrganizations/org0/peers/peer2.org0/tls/server.crt --tls.client.keyfile /root/bcnetwork/conf/crypto-config/peerOrganizations/org0/peers/peer2.org0/tls/server.key
First, your CA must have TLS_ENABLES=true and mapped the path with tls certificates.
Next, in the command you are probably missing
--tls true
and
--clientauth
I have a cli running with TLS enabled and a CA with TLS enabled, when I want to register a new user I use these options in the command line, adding keyfile and certfiles too.