Re: could not accept SSL connection: sslv3 alert bad certificate

Marco Ippolito Thu, 26 Sep 2019 01:11:55 -0700

Hi Adrian,
putting in /fabric/fabric-ca/fabric-ca-server-config.yaml :

db:
  type: postgres
  datasource: host=localhost port=5433 user=fabmnet_admin
password=fabmnet1971 dbname=fabmnetdb sslmode=verify-ca


this is the result:

(base) marco@pc:~/fabric/fabric-ca$ fabric-ca-server start -b admin:adminpw
2019/09/26 09:44:39 [INFO] Configuration file location:
/home/marco/fabric/fabric-ca/fabric-ca-server-config.yaml
2019/09/26 09:44:39 [INFO] Starting server in home directory:
/home/marco/fabric/fabric-ca
2019/09/26 09:44:39 [INFO] Server Version: 1.4.4
2019/09/26 09:44:39 [INFO] Server Levels: &{Identity:2 Affiliation:1
Certificate:1 Credential:1 RAInfo:1 Nonce:1}
2019/09/26 09:44:39 [INFO] The CA key and certificate already exist
2019/09/26 09:44:39 [INFO] The key is stored by BCCSP provider 'SW'
2019/09/26 09:44:39 [INFO] The certificate is at:
/home/marco/fabric/fabric-ca/ca-cert.pem
2019/09/26 09:44:39 [ERROR] Error occurred initializing database: Failed to
create Postgres database: Failed to execute create database query: pq:
permission denied to create database
2019/09/26 09:44:39 [INFO] Home directory for default CA:
/home/marco/fabric/fabric-ca
2019/09/26 09:44:39 [INFO] Operation Server Listening on 127.0.0.1:9443
2019/09/26 09:44:39 [INFO] Listening on http://0.0.0.0:7054

and the corresponding log in /var/log/postgresql/postgresql-11-fabmnet.log :

2019-09-26 09:21:11.605 CEST [1132] LOG:  received fast shutdown request
2019-09-26 09:21:11.613 CEST [1132] LOG:  aborting any active transactions
2019-09-26 09:21:11.615 CEST [1132] LOG:  background worker "logical
replication launcher" (PID 1169) exited with exit code 1
2019-09-26 09:21:11.616 CEST [1161] LOG:  shutting down
2019-09-26 09:21:11.643 CEST [1132] LOG:  database system is shut down
2019-09-26 09:21:57.370 CEST [1077] LOG:  listening on IPv6 address "::1",
port 5433
2019-09-26 09:21:57.370 CEST [1077] LOG:  listening on IPv4 address
"127.0.0.1", port 5433
2019-09-26 09:21:57.372 CEST [1077] LOG:  listening on Unix socket
"/var/run/postgresql/.s.PGSQL.5433"
2019-09-26 09:21:57.426 CEST [1124] LOG:  database system was shut down at
2019-09-26 09:21:11 CEST
2019-09-26 09:21:57.446 CEST [1077] LOG:  database system is ready to
accept connections
2019-09-26 09:21:58.040 CEST [1147] [unknown]@[unknown] LOG:  incomplete
startup packet
2019-09-26 09:44:39.374 CEST [2902] fabmnet_admin@fabmnetdb ERROR:
 permission denied to create database
2019-09-26 09:44:39.374 CEST [2902] fabmnet_admin@fabmnetdb STATEMENT:
 CREATE DATABASE fabmnetdb

Putting in /home/marco/fabric/fabric-ca/fabric-ca-serve-config.yaml :

db:
  type: postgres
  datasource: host=localhost port=5433 user=fabmnet_admin
password=fabmnet1971 dbname=fabmnetdb sslmode=require

which, according to
https://hyperledger-fabric-ca.readthedocs.io/en/release-1.4/users-guide.html#configuring-the-database
means: Always SSL (skip verification)
again the same error message:

(base) marco@pc:~/fabric/fabric-ca$ fabric-ca-server start -b admin:adminpw
2019/09/26 10:08:27 [INFO] Configuration file location:
/home/marco/fabric/fabric-ca/fabric-ca-server-config.yaml
2019/09/26 10:08:27 [INFO] Starting server in home directory:
/home/marco/fabric/fabric-ca
2019/09/26 10:08:27 [INFO] Server Version: 1.4.4
2019/09/26 10:08:27 [INFO] Server Levels: &{Identity:2 Affiliation:1
Certificate:1 Credential:1 RAInfo:1 Nonce:1}
2019/09/26 10:08:27 [INFO] The CA key and certificate already exist
2019/09/26 10:08:27 [INFO] The key is stored by BCCSP provider 'SW'
2019/09/26 10:08:27 [INFO] The certificate is at:
/home/marco/fabric/fabric-ca/ca-cert.pem
2019/09/26 10:08:27 [ERROR] Error occurred initializing database: Failed to
create Postgres database: Failed to execute create database query: pq:
permission denied to create database
2019/09/26 10:08:27 [INFO] Home directory for default CA:
/home/marco/fabric/fabric-ca
2019/09/26 10:08:27 [INFO] Operation Server Listening on 127.0.0.1:9443
2019/09/26 10:08:27 [INFO] Listening on http://0.0.0.0:7054

and the corresponding portion of the log file:

2019-09-26 10:08:27.947 CEST [3728] fabmnet_admin@fabmnetdb ERROR:
 permission denied to create database
2019-09-26 10:08:27.947 CEST [3728] fabmnet_admin@fabmnetdb STATEMENT:
 CREATE DATABASE fabmnetdb

I do not undertand...

Marco

Il giorno gio 26 set 2019 alle ore 02:07 Adrian Klaver <
adrian.kla...@aklaver.com> ha scritto:

> On 9/25/19 12:34 PM, Marco Ippolito wrote:
> > Following the indications here:
> >
> https://hyperledger-fabric-ca.readthedocs.io/en/release-1.4/users-guide.html#configuring-the-database
> > I'm trying to understand how to correctly set Fabric-CA with a
> > PostgreSQL-11 database in Ubuntu 18.04.02 Server Edition.
> >
>
> > This is the corresponding part in
> > /var/log/postgresql/postgresql-11-fabmnet.log :
> >
> >      2019-09-25 20:51:52.655 CEST [1096] LOG:  listening on IPv6 address
> > "::1",
> >      port 5433
> >      2019-09-25 20:51:52.673 CEST [1096] LOG:  listening on IPv4 address
> >      "127.0.0.1", port 5433
> >      2019-09-25 20:51:52.701 CEST [1096] LOG:  listening on Unix socket
> >      "/var/run/postgresql/.s.PGSQL.5433"
> >      2019-09-25 20:51:52.912 CEST [1171] LOG:  database system was
> > interrupted;
> >       last known up at 2019-09-25 09:50:30 CEST
> >      2019-09-25 20:51:53.001 CEST [1171] LOG:  database system was not
> > properly
> >       shut down; automatic recovery in progress
> >      2019-09-25 20:51:53.011 CEST [1171] LOG:  redo starts at 0/1668238
> >      2019-09-25 20:51:53.011 CEST [1171] LOG:  invalid record length at
> >      0/1668318: wanted 24, got 0
> >      2019-09-25 20:51:53.011 CEST [1171] LOG:  redo done at 0/16682E0
> >      2019-09-25 20:51:53.043 CEST [1096] LOG:  database system is ready
> to
> >      accept connections
> >      2019-09-25 20:51:53.569 CEST [1206] [unknown]@[unknown] LOG:
> >   incomplete
> >      startup packet
> >      2019-09-25 20:56:57.540 CEST [4620] [unknown]@[unknown] LOG:  could
> > not
> >      accept SSL connection: sslv3 alert bad certificate
> >      2019-09-25 20:56:57.543 CEST [4622] [unknown]@[unknown] LOG:  could
> not
> >      accept SSL connection: sslv3 alert bad certificate
> >      2019-09-25 20:56:57.544 CEST [4623] [unknown]@[unknown] LOG:  could
> > not
> >      accept SSL connection: sslv3 alert bad certificate
> >
>
> Aargh, I missed the part above.
>
> What happens if you remove the sslmode=verify-full from the *.yaml file?
>
> >
> >      And this is the db's configuration in (base) marco@pc:~$ nano
> > ./fabric/fabric-ca/fabric-ca-
> >      server-config.yaml :
> >
> >      db:
> >        type: postgres
> >        datasource: host=localhost port=5433 user=fabmnet_admin
> > password=pwd dbname=fabmnetdb
> >      sslmode=verify-full
> >
> >
> > How to correctly set up SSL connection to PostgresSQL-11 db?
> >
> > Looking forward to your kind help
> > Marco
>
>
> --
> Adrian Klaver
> adrian.kla...@aklaver.com
>

Re: could not accept SSL connection: sslv3 alert bad certificate

Reply via email to