Skip to content

Commit

Permalink
[FAB-3121] Improve Intermediate CA error message
Browse files Browse the repository at this point in the history 
When initializing an intermediate CA, it requires
enrolling with a root CA to get the intermediate
CA's signing cert.  If the "-u" option is used
to specify the URL of the root CA, a username
and password must be part of the URL.  If it is
missing, return a better error message.

I also updated the doc to make this clearer.

Change-Id: Ic31a8f6adbd3cacf298bba4f3d85eda13ec0e532
Signed-off-by: Keith Smith <[email protected]>
  • Loading branch information
Keith Smith committed May 17, 2017
1 parent 6deff4b commit 52f09ed
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 3 deletions.
10 changes: 7 additions & 3 deletions docs/source/users-guide.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -649,9 +649,13 @@ command again.
The ``fabric-ca-server init`` command generates a self-signed CA certificate
unless the ``-u <parent-fabric-ca-server-URL>`` option is specified.
If the ``-u`` is specified, the server's CA certificate is signed by the
parent Fabric CA server. The ``fabric-ca-server init`` command also
generates a default configuration file named **fabric-ca-server-config.yaml**
in the server's home directory.
parent Fabric CA server.
In order to authenticate to the parent Fabric CA server, the URL must
be of the form ``<scheme>://<enrollmentID>:<secret>@<host>:<port>``, where
<enrollmentID> and <secret> correspond to an identity with an 'hf.IntermediateCA'
attribute whose value equals 'true'.
The ``fabric-ca-server init`` command also generates a default configuration
file named **fabric-ca-server-config.yaml** in the server's home directory.

Algorithms and key sizes

Expand Down
9 changes: 9 additions & 0 deletions lib/clientconfig.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ limitations under the License.
package lib

import (
"fmt"
"net/url"

"github.com/hyperledger/fabric-ca/api"
Expand Down Expand Up @@ -54,6 +55,14 @@ func (c *ClientConfig) Enroll(rawurl, home string) (*EnrollmentResponse, error)
c.Enrollment.Secret = secret
purl.User = nil
}
if c.Enrollment.Name == "" {
expecting := fmt.Sprintf(
"%s://<enrollmentID>:<secret>@%s",
purl.Scheme, purl.Host)
return nil, fmt.Errorf(
"The URL of the fabric CA server is missing the enrollment ID and secret;"+
" found '%s' but expecting '%s'", rawurl, expecting)
}
c.Enrollment.CAName = c.CAName
c.URL = purl.String()
c.TLS.Enabled = purl.Scheme == "https"
Expand Down

0 comments on commit 52f09ed

Please sign in to comment.