"fabric-ca-client enroll" Error - "Failed to insert"

Q

Why am I getting the "Certificate signing failure: Failed to insert record into database: attempt to write a readonly database" error, when running the "fabric-ca-client enroll" command?

✍: FYIcenter.com

A

If the Fabric CA Server is not able to update its database, you will get the "Certificate signing failure: Failed to insert record into database: attempt to write a readonly database" error. Here is how to resolve the error:

1. Go to the Fabric CA Server system, and review its Fabric CA Server directory:

$ cd fabric-ca/native-server
$ ls -l 
-rw-r--r-- 1 fyicenter   843 Apr  1 14:51 IssuerPublicKey
-rw-r--r-- 1 fyicenter   215 Apr  1 14:51 IssuerRevocationPublicKey
-rw-r--r-- 1 fyicenter   786 Apr  1 14:51 ca-cert.pem
-rw-r--r-- 1 fyicenter 19788 Apr  1 14:51 fabric-ca-server-config.yaml
-rw-r--r-- 1 fyicenter 34851 Apr  1 14:51 fabric-ca-server.db
drwxr-xr-x 3 fyicenter  4096 Apr  1 14:51 msp

2. Make sure that you have the write permission for the database file, fabric-ca-server.db.

3. Restart the Fabric CA Server:

$ $GOPATH/bin/fabric-ca-server start -b admin:adminpw
...
[INFO] Home directory for default CA: ./
[INFO] Operation Server Listening on 127.0.0.1:9443
[INFO] Listening on http://0.0.0.0:7054

4. Go to the Fabric CA Client system, and run the enrollment command again. You should see no errors.

$ cd fabric-ca/native-client/admin
$ export FABRIC_CA_CLIENT_HOME=~/fabric-ca/native-client/admin

$ $GOPATH/bin/fabric-ca-client enroll -u http://admin:adminpw@localhost:7054
[INFO] generating key: &{A:ecdsa S:256}
[INFO] encoded CSR
[INFO] Stored client certificate at ./msp/signcerts/cert.pem
[INFO] Stored root CA certificate at ./msp/cacerts/localhost-7054.pem
[INFO] Stored Issuer public key at ./msp/IssuerPublicKey
[INFO] Stored Issuer revocation public key at ./msp/IssuerRevocationPublicKey

5. Check the Fabric CA Server log. There is no error this time.

[INFO] signed certificate with serial number 3919587373266598440401873607181...
[INFO] 127.0.0.1:50970 POST /enroll 201 0 "OK"

6. Check the Fabric CA Server home directory. The database file, fabric-ca-server.db, is updated.

-rw-r--r-- 1 fyicenter   843 Apr  1 14:51 IssuerPublicKey
-rw-r--r-- 1 fyicenter   215 Apr  1 14:51 IssuerRevocationPublicKey
-rw-r--r-- 1 fyicenter   786 Apr  1 14:51 ca-cert.pem
-rw-r--r-- 1 fyicenter 19788 Apr  1 14:51 fabric-ca-server-config.yaml
-rw-r--r-- 1 fyicenter 61440 Apr  1 18:06 fabric-ca-server.db
drwxr-xr-x 3 fyicenter  4096 Apr  1 14:51 msp

 

Fabric CA Client Wallet

Enroll Fabric CA Client Admin Identity

Fabric CA (Certificate Authority)

⇑⇑ Hyperledger Tutorials

2019-09-27, 296👍, 0💬