Unable to retrieve TCert from Bluemix

[techteamkyck]

Hi

1. We ran our code with hfc@0.6.0 as Bluemix recommendations. We have enabled the TLS services via the membership.yml, we include this:

tls: certfile: "/var/hyperledger/production/.membersrvc/tlsca.cert" keyfile: "/var/hyperledger/production/.membersrvc/tlsca.priv"

and in core.yml we include this:

pki: eca: paddr: localhost:50051 tca: paddr: localhost:50051 tlsca: paddr: localhost:50051 tls: enabled: true rootcert: file: "/var/hyperledger/production/.membersrvc/tlsca.cert"

2. We deployed the code onto bluemix.

3. We then ran a query operation but we are getting these errors:

   hfc shouldGetTCerts: yes, we have no tcerts +1ms E1102 20:46:27.858910000 123145370996736 handshake.c:128] Security handshake failed: {"created":"@1478090787.858892000","description":"Handshake read failed","file":"../src/core/lib/security/transport/handshake.c","file_line":237,"referenced_errors":[{"created":"@1478090787.858890000","description":"EOF","file":"../src/core/lib/iomgr/tcp_posix.c","file_line":235}]} hfc Failed getting a new TCert [Error] +598ms error: [SDK] error on query: {"error":{"code":14,"metadata":{"_internal_repr":{}}},"msg":"Error"} error: { error: { code: 14, metadata: { _internal_repr: {} } },

4. We are not sure why we are not getting tcerts. Where should the tcerts be coming from.

[masterDev1985]

TCerts come from the membership service. However, I don't understand why membersrvc.yml and core.yml are being deployed "onto Bluemix". The Bluemix service gives you a set of 4 peers and a membership service that are already configured. You can't upload new configurations to these peers. I don't think I understand the environment you're describing.

[techteamkyck]

Hi we had issues with handshaking initially. So we read the bluemix sdk help and it told us to change the membership and core ymls to enable tls.

We then deployed the yml files as part of the chaincode deployment to Bluemix blockchain services. But we are still getting the error above.

[ratnakar-asara]

@techteamkyck can you please try again with latest changes from this repository. main differences are :

• Clone this reposiroty , Instead of downloading individual js and vendor.zip files.
• npm install will ensure you to get the latest hfc version.
• Keeping the certificates along with the code instead of downloading pro grammatically which might create some problems (Earlier we saw some issues on windows OS )
• No need to maintain chaincode at some other location, rather copy your custom chaincode under SDK-Demo/src/chaincode folder and configure deploy/invoke/query parameters under confi.json file (if not used chaincode_example02)
• Finally you can deploy your chaincode with this command node helloblockchain.js

[kumar-b5]

I am trying to run this locally using docker with 4 peers. How can I generate ServiceCredentials.json for my local peers ? and what would be the file 0.secure.blockchain.ibm.com.cert contents when running locally ?