Re: "Failed to connect to Postgres database" : No usage specified for certificate (update)

On 9/30/19 9:21 AM, Marco Ippolito wrote:
> Hi Adrian,
> important update.
>
> After adding in fabric-ca-server-config.yaml
>
> ca:
>   # Name of this CA
>   name: fabric_ca
>   # Key file (is only used to import a private key into BCCSP)
>   keyfile: /etc/ssl/private/fabric_ca.key
>   # Certificate file (default: ca-cert.pem)
>   certfile: /etc/ssl/certs/fabric_ca.pem
>   # Chain file
>   chainfile:
>
> Now I get this message:
>
> (base) marco(at)pc:~/fabric/fabric-ca$ fabric-ca-server init -b admin:adminpw
> 2019/09/30 18:10:41 [INFO] Configuration file location:
> /home/marco/fabric/fabric-ca/fabric-ca-server-config.yaml
> 2019/09/30 18:10:41 [INFO] Server Version: 1.4.4
> 2019/09/30 18:10:41 [INFO] Server Levels: &{Identity:2 Affiliation:1
> Certificate:1 Credential:1 RAInfo:1 Nonce:1}
> 2019/09/30 18:10:41 [INFO] The CA key and certificate files already exist
> 2019/09/30 18:10:41 [INFO] Key file location: /etc/ssl/private/fabric_ca.key
> 2019/09/30 18:10:41 [INFO] Certificate file location:
> /etc/ssl/certs/fabric_ca.pem
> 2019/09/30 18:10:41 [FATAL] Initialization failure: Validation of
> certificate and key failed: Invalid certificate in file
> '/etc/ssl/certs/fabric_ca.pem': No usage specified for certificate
>
> This is the start of /etc/ssl/certs/fabric_ca.pem:
>
> -----BEGIN CERTIFICATE-----
> MIIDlTCCAn2gAwIBAgIUCm243lybs0PNfAEdgbuw0chmjWkwDQYJKoZIhvcNAQEL
>
> and this is its end:
> xNItFJulgsA1
> -----END CERTIFICATE-----
>
> What does it mean "No usage specified for certificate" ?
>

I have no idea. Per my post upstream I would test your Postgres setup
first without bringing in the fabric server:

psql "host=localhost port=5433 dbname=fabmnet_ca user=postgres
sslmode=require"

Changing sslmode to whatever you need.

--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com