Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Problem with Enabling TLS Certificates #105

Open
bcdebusk opened this issue Aug 18, 2022 · 4 comments
Open

Problem with Enabling TLS Certificates #105

bcdebusk opened this issue Aug 18, 2022 · 4 comments

Comments

@bcdebusk
Copy link

When I enable TLS (as per the example):

export MICROFAB_CONFIG='{
"port": 8443,
"tls": {
"enabled": true
}
}'

docker run -p 8443:8443 -e MICROFAB_CONFIG ibmcom/ibp-microfab

I get the following startup error(s):

[ org1peer] 2022-08-18 17:48:22.030 UTC 0032 ERRO [comm.tls] ClientHandshake -> Client TLS handshake failed after 2.06779ms with error: x509: certificate relies on legacy Common Name field, use SANs instead remoteaddress=127.0.0.1:8443
2022/08/18 17:48:22 http: TLS handshake error from 127.0.0.1:39176: remote error: tls: bad certificate
2022/08/18 17:48:23 http: TLS handshake error from 127.0.0.1:39178: remote error: tls: bad certificate
[ org1peer] 2022-08-18 17:48:23.055 UTC 0033 ERRO [comm.tls] ClientHandshake -> Client TLS handshake failed after 4.131417ms with error: x509: certificate relies on legacy Common Name field, use SANs instead remoteaddress=127.0.0.1:8443

Any ideas?
@bcdebusk
Copy link
Author

bcdebusk commented Sep 2, 2022

Any help here? It's been two weeks.

I'm using out-of-the-box microfab and starting it with an example straight out of the github home page:

export MICROFAB_CONFIG='{
"port": 8443,
"tls": {
"enabled": true
}
}'

docker run -p 8443:8443 -e MICROFAB_CONFIG ibmcom/ibp-microfab

... and it doesn't startup.

@mbwhite
Copy link
Contributor

mbwhite commented Sep 9, 2022

Hello - sorry for the lack of input on this; folks have been busy with the upcoming HGF workshop (which will feature microfab).

This TLS error is related to updated checks on the use of common names vs SAN in the x509 certs. A fix for which has so far eluded me.

Generally though microfab is run without TLS as it's aimed at the development end of the use cases. If we can resolve we will.. but at this point I'm not sure what the exact fix is.

@CaptainIRS CaptainIRS mentioned this issue Oct 26, 2022
Closed
@FrancescoPasquaRelatech
Copy link

I'd like to add that a working TLS implementation would be very helpful in order to use IBM Microfab with the Hyperledger Explorer.

@mbwhite
Copy link
Contributor

mbwhite commented Dec 13, 2022

@FrancescoPasquaRelatech well it's just good timing that I merged changes yesterday that I hope should enable TLS support...
FYI @bcdebusk - the scripts/test-container.sh shows the TLS being used.

I'd like to get a final release out before we move to Hyperledger Labs - but if you want to rebuild the code locally ahead of time then please do...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bcdebusk @mbwhite @FrancescoPasquaRelatech