Uploaded image for project: 'Fabric'
  1. Fabric
  2. FAB-18205

Certificate expiration - Permit peer CLI to communicate with orderers with expired TLS certificates

    XMLWordPrintable

Details

    • Unset
    • Unset
    • Unset

    Description

      The peer CLI refuses to communicate with an ordering service node that has an expired TLS certificate; you get the following error message:

      Error: failed to create deliver client for orderer: orderer client failed to connect to n23023e-orderingservicenode1-orderer.mycluster-lon02-b3c4x16-9b9c45345f2a063a838d056f9926539a-0000.eu-gb.containers.appdomain.cloud:443: failed to create new connection: context deadline exceeded
      

      This means that it is extremely difficult to submit a config update that updates the consenter sets with the new TLS certificates in order to resolve the problem.

      There is a timeshift option in the ordering service that allows the ordering service nodes to communicate with each other, but that does not resolve this problem.

      Attachments

        Issue Links

          Activity

            People

              wlahti Will Lahti
              sstone1 Simon Stone
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: