Caused by: java.security.cert.CertificateException: No subject alternative DNS name matching org1...

背景:

fabric多机fabric网络部署完毕,所以开始研究fabric-sdk-java,参照大神教程(https://www.cnblogs.com/aberic/archive/2018/01/05/8206551.html),经过一番折腾,终于能测试了。运行query函数,抛出如下异常:

Caused by: java.security.cert.CertificateException: No subject alternative DNS name matching org1.example.com found.

解决

我是采用fabric-ca手动生成的证书,所有的enroll config文件都是自己配置的。此处以tls-server-config.yaml文件为例,csr的hosts内容如下:

csr:
   cn: fabric-ca-tls-server
   names:
      - C: US
        ST: "North Carolina"
        L:
        O: Hyperledger
        OU: Fabric
   hosts:
     - orderer0.example.com
     - orderer1.example.com
     - orderer2.example.com
     - peer0.org1.example.com
     - peer1.org1.example.com
     - peer0.org2.example.com
     - peer1.org2.example.com
     - org1-VirtualBox
     - org2-VirtualBox
     - org3-VirtualBox
     - org4-VirtualBox
     - 192.168.23.100
     - 192.168.23.101
     - 192.168.23.102
     - 192.168.23.103
     - localhost
   ca:
      expiry: 131400h
      pathlength: 1

仔细发现,hosts中并未配置org1.example.com和org2.example.com,是不是因为没有添加它俩,从而导致TLS证书在和org1和org2通信时出现问题呢?

添加试试:

csr:
   cn: fabric-ca-tls-server
   names:
      - C: US
        ST: "North Carolina"
        L:
        O: Hyperledger
        OU: Fabric
   hosts:
     - orderer0.example.com
     - orderer1.example.com
     - orderer2.example.com
     - org1.example.com
     - org2.example.com
     - peer0.org1.example.com
     - peer1.org1.example.com
     - peer0.org2.example.com
     - peer1.org2.example.com
     - org1-VirtualBox
     - org2-VirtualBox
     - org3-VirtualBox
     - org4-VirtualBox
     - 192.168.23.100
     - 192.168.23.101
     - 192.168.23.102
     - 192.168.23.103
     - localhost
   ca:
      expiry: 131400h
      pathlength: 1

在所有的配置文件的csr-hosts添加org1.exampl.comorg2.example.com,然后生成证书(crypto-config)——创建配置区块(channel-artifacts)——然后分发到所有主机中,重新启动fabric网络。

结果运行正常,可喜可贺,可喜可贺!

注意:hosts中要把example.com也添加上,否则执行query和invoke时会提示
Caused by: java.security.cert.CertificateException: No subject alternative DNS name matching example.com found.

推荐阅读更多精彩内容