fix: resolve malformed serial number in certificate renewal #1181

Signed-off-by: SurbhiAgarwal1 <agarwalsurbhi1807@gmail.com>
2026-06-17 15:35:09 +00:00 · 2026-04-19 16:13:25 +05:30 · 2026-04-19 16:13:25 +05:30 · c5f953ba88
commit c5f953ba88
parent bf7e75c6c1
54 changed files with 135 additions and 53 deletions
--- a/test-network/addOrg3/addOrg3.sh
+++ b/test-network/addOrg3/addOrg3.sh
@ -281,4 +281,4 @@ elif [ "${MODE}" == "generate" ]; then ## Generate Artifacts
 else
  printHelp
  exit 1
-fi
+fi
--- a/test-network/addOrg3/ccp-generate.sh
+++ b/test-network/addOrg3/ccp-generate.sh
@ -33,4 +33,4 @@ PEERPEM=../organizations/peerOrganizations/org3.example.com/tlsca/tlsca.org3.exa
 CAPEM=../organizations/peerOrganizations/org3.example.com/ca/ca.org3.example.com-cert.pem

 echo "$(json_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > ../organizations/peerOrganizations/org3.example.com/connection-org3.json
-echo "$(yaml_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > ../organizations/peerOrganizations/org3.example.com/connection-org3.yaml
+echo "$(yaml_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > ../organizations/peerOrganizations/org3.example.com/connection-org3.yaml
--- a/test-network/addOrg3/ccp-template.yaml
+++ b/test-network/addOrg3/ccp-template.yaml
@ -32,4 +32,4 @@ certificateAuthorities:
        - |
          ${CAPEM}
    httpOptions:
-      verify: false
+      verify: false
--- a/test-network/addOrg3/compose/compose-ca-org3.yaml
+++ b/test-network/addOrg3/compose/compose-ca-org3.yaml
@ -22,4 +22,4 @@ services:
    command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
    volumes:
      - ../fabric-ca/org3:/etc/hyperledger/fabric-ca-server
-    container_name: ca_org3
+    container_name: ca_org3
--- a/test-network/addOrg3/compose/compose-couch-org3.yaml
+++ b/test-network/addOrg3/compose/compose-couch-org3.yaml
@ -37,4 +37,4 @@ services:
    depends_on:
      - couchdb4
    networks:
-      - test
+      - test
--- a/test-network/addOrg3/compose/compose-org3.yaml
+++ b/test-network/addOrg3/compose/compose-org3.yaml
@ -48,4 +48,4 @@ services:
    ports:
      - 11051:11051
    networks:
-      - test
+      - test
--- a/test-network/addOrg3/compose/docker/docker-compose-ca-org3.yaml
+++ b/test-network/addOrg3/compose/docker/docker-compose-ca-org3.yaml
@ -1,4 +1,4 @@
 # Copyright IBM Corp. All Rights Reserved.
 #
 # SPDX-License-Identifier: Apache-2.0
-#
+#
--- a/test-network/addOrg3/compose/docker/docker-compose-couch-org3.yaml
+++ b/test-network/addOrg3/compose/docker/docker-compose-couch-org3.yaml
@ -1,4 +1,4 @@
 # Copyright IBM Corp. All Rights Reserved.
 #
 # SPDX-License-Identifier: Apache-2.0
-#
+#
--- a/test-network/addOrg3/compose/docker/docker-compose-org3.yaml
+++ b/test-network/addOrg3/compose/docker/docker-compose-org3.yaml
@ -19,4 +19,4 @@ services:
      - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric_test
    volumes:
      - ./docker/peercfg:/etc/hyperledger/peercfg
-      - ${DOCKER_SOCK}:/host/var/run/docker.sock
+      - ${DOCKER_SOCK}:/host/var/run/docker.sock
--- a/test-network/addOrg3/compose/docker/peercfg/core.yaml
+++ b/test-network/addOrg3/compose/docker/peercfg/core.yaml
@ -774,4 +774,4 @@ metrics:
        writeInterval: 10s

        # prefix is prepended to all emitted statsd metrics
-        prefix:
+        prefix:
--- a/test-network/addOrg3/compose/podman/peercfg/core.yaml
+++ b/test-network/addOrg3/compose/podman/peercfg/core.yaml
@ -774,4 +774,4 @@ metrics:
        writeInterval: 10s

        # prefix is prepended to all emitted statsd metrics
-        prefix:
+        prefix:
--- a/test-network/addOrg3/compose/podman/podman-compose-ca-org3.yaml
+++ b/test-network/addOrg3/compose/podman/podman-compose-ca-org3.yaml
@ -22,4 +22,4 @@ services:
    command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
    volumes:
      - ../fabric-ca/org3:/etc/hyperledger/fabric-ca-server
-    container_name: ca_org3
+    container_name: ca_org3
--- a/test-network/addOrg3/compose/podman/podman-compose-couch-org3.yaml
+++ b/test-network/addOrg3/compose/podman/podman-compose-couch-org3.yaml
@ -37,4 +37,4 @@ services:
    depends_on:
      - couchdb4
    networks:
-      - test
+      - test
--- a/test-network/addOrg3/compose/podman/podman-compose-org3.yaml
+++ b/test-network/addOrg3/compose/podman/podman-compose-org3.yaml
@ -46,4 +46,4 @@ services:
    ports:
      - 11051:11051
    networks:
-      - test
+      - test
--- a/test-network/addOrg3/configtx.yaml
+++ b/test-network/addOrg3/configtx.yaml
@ -35,4 +35,4 @@ Organizations:
                Rule: "OR('Org3MSP.admin')"
            Endorsement:
                Type: Signature
-                Rule: "OR('Org3MSP.peer')"
+                Rule: "OR('Org3MSP.peer')"
--- a/test-network/addOrg3/fabric-ca/org3/fabric-ca-server-config.yaml
+++ b/test-network/addOrg3/fabric-ca/org3/fabric-ca-server-config.yaml
@ -405,4 +405,4 @@ intermediate:
    certfiles:
    client:
      certfile:
-      keyfile:
+      keyfile:
--- a/test-network/addOrg3/fabric-ca/registerEnroll.sh
+++ b/test-network/addOrg3/fabric-ca/registerEnroll.sh
@ -84,4 +84,4 @@ function createOrg3 {
  { set +x; } 2>/dev/null

  cp "${PWD}/../organizations/peerOrganizations/org3.example.com/msp/config.yaml" "${PWD}/../organizations/peerOrganizations/org3.example.com/users/Admin@org3.example.com/msp/config.yaml"
-}
+}
--- a/test-network/addOrg3/org3-crypto.yaml
+++ b/test-network/addOrg3/org3-crypto.yaml
@ -18,4 +18,4 @@ PeerOrgs:
      SANS:
        - localhost
    Users:
-      Count: 1
+      Count: 1
--- a/test-network/compose/compose-bft-test-net.yaml
+++ b/test-network/compose/compose-bft-test-net.yaml
@ -259,4 +259,4 @@ services:
      - 9051:9051
      - 9445:9445
    networks:
-      - test
+      - test
--- a/test-network/compose/compose-ca.yaml
+++ b/test-network/compose/compose-ca.yaml
@ -67,4 +67,4 @@ services:
      - ../organizations/fabric-ca/ordererOrg:/etc/hyperledger/fabric-ca-server
    container_name: ca_orderer
    networks:
-      - test
+      - test
--- a/test-network/compose/compose-couch.yaml
+++ b/test-network/compose/compose-couch.yaml
@ -64,4 +64,4 @@ services:
      - CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=admin
      - CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=adminpw
    depends_on:
-      - couchdb1
+      - couchdb1
--- a/test-network/compose/compose-test-net.yaml
+++ b/test-network/compose/compose-test-net.yaml
@ -132,4 +132,4 @@ services:
      - 9051:9051
      - 9445:9445
    networks:
-      - test
+      - test
--- a/test-network/compose/docker/docker-compose-bft-test-net.yaml
+++ b/test-network/compose/docker/docker-compose-bft-test-net.yaml
@ -28,4 +28,4 @@ services:
      - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric_test
    volumes:
      - ./docker/peercfg:/etc/hyperledger/peercfg
-      - ${DOCKER_SOCK}:/host/var/run/docker.sock
+      - ${DOCKER_SOCK}:/host/var/run/docker.sock
--- a/test-network/compose/docker/docker-compose-test-net.yaml
+++ b/test-network/compose/docker/docker-compose-test-net.yaml
@ -28,4 +28,4 @@ services:
      - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric_test
    volumes:
      - ./docker/peercfg:/etc/hyperledger/peercfg
-      - ${DOCKER_SOCK}:/host/var/run/docker.sock
+      - ${DOCKER_SOCK}:/host/var/run/docker.sock
--- a/test-network/compose/docker/peercfg/core.yaml
+++ b/test-network/compose/docker/peercfg/core.yaml
@ -774,4 +774,4 @@ metrics:
        writeInterval: 10s

        # prefix is prepended to all emitted statsd metrics
-        prefix:
+        prefix:
--- a/test-network/compose/podman/peercfg/core.yaml
+++ b/test-network/compose/podman/peercfg/core.yaml
@ -774,4 +774,4 @@ metrics:
        writeInterval: 10s

        # prefix is prepended to all emitted statsd metrics
-        prefix:
+        prefix:
--- a/test-network/compose/podman/podman-compose-test-net.yaml
+++ b/test-network/compose/podman/podman-compose-test-net.yaml
@ -11,4 +11,3 @@ services:
  peer0.org2.example.com:
    volumes:
      - ./podman/peercfg:/etc/hyperledger/peercfg
-
--- a/test-network/configtx/configtx.yaml
+++ b/test-network/configtx/configtx.yaml
@ -276,4 +276,4 @@ Profiles:
      Organizations:
        - *Org1
        - *Org2
-      Capabilities: *ApplicationCapabilities
+      Capabilities: *ApplicationCapabilities
--- a/test-network/monitordocker.sh
+++ b/test-network/monitordocker.sh
@ -30,4 +30,4 @@ docker run -d --rm --name="logspout" \
 	--network  ${DOCKER_NETWORK} \
 	gliderlabs/logspout
 sleep 3
-curl http://127.0.0.1:${PORT}/logs
+curl http://127.0.0.1:${PORT}/logs
--- a/test-network/network.config
+++ b/test-network/network.config
@ -55,4 +55,3 @@ CC_INVOKE_CONSTRUCTOR=''{\"Args\":[\"InitLedger\"]}''
 # Default constructor for testing a chaincode query (-cciq)
 CC_QUERY_CONSTRUCTOR=''{\"Args\":[\"GetAllAssets\"]}''

-
--- a/test-network/network.sh
+++ b/test-network/network.sh
@ -678,7 +678,10 @@ elif [ "$MODE" == "cc" ] && [ "$SUBCOMMAND" == "invoke" ]; then
  invokeChaincode
 elif [ "$MODE" == "cc" ] && [ "$SUBCOMMAND" == "query" ]; then
  queryChaincode
+elif [ "$MODE" == "renew" ]; then
+  infoln "Renewing certificates"
+  ./scripts/renewCerts.sh
 else
  printHelp
  exit 1
-fi
+fi
--- a/test-network/organizations/ccp-generate.sh
+++ b/test-network/organizations/ccp-generate.sh
@ -42,4 +42,4 @@ PEERPEM=organizations/peerOrganizations/org2.example.com/tlsca/tlsca.org2.exampl
 CAPEM=organizations/peerOrganizations/org2.example.com/ca/ca.org2.example.com-cert.pem

 echo "$(json_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/org2.example.com/connection-org2.json
-echo "$(yaml_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/org2.example.com/connection-org2.yaml
+echo "$(yaml_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/org2.example.com/connection-org2.yaml
--- a/test-network/organizations/ccp-template.yaml
+++ b/test-network/organizations/ccp-template.yaml
@ -32,4 +32,4 @@ certificateAuthorities:
        - |
          ${CAPEM}
    httpOptions:
-      verify: false
+      verify: false
--- a/test-network/organizations/cfssl/registerEnroll.sh
+++ b/test-network/organizations/cfssl/registerEnroll.sh
@ -273,4 +273,4 @@ function generate_orderer_certs() {
    mv "$CERT_DIR/orderers/$USER/tls/server.pem" "$CERT_DIR/orderers/$USER/tls/server.crt"
    mv "$CERT_DIR/orderers/$USER/tls/server-key.pem" "$CERT_DIR/orderers/$USER/tls/server.key"
    rm "$PWD/organizations/cfssl/orderer-${USER}.json"
-}
+}
--- a/test-network/organizations/cryptogen/crypto-config-org1.yaml
+++ b/test-network/organizations/cryptogen/crypto-config-org1.yaml
@ -58,4 +58,4 @@ PeerOrgs:
    # Count: The number of user accounts _in addition_ to Admin
    # ---------------------------------------------------------------------------
    Users:
-      Count: 1
+      Count: 1
--- a/test-network/organizations/cryptogen/crypto-config-org2.yaml
+++ b/test-network/organizations/cryptogen/crypto-config-org2.yaml
@ -58,4 +58,4 @@ PeerOrgs:
    # Count: The number of user accounts _in addition_ to Admin
    # ---------------------------------------------------------------------------
    Users:
-      Count: 1
+      Count: 1
--- a/test-network/organizations/fabric-ca/ordererOrg/fabric-ca-server-config.yaml
+++ b/test-network/organizations/fabric-ca/ordererOrg/fabric-ca-server-config.yaml
@ -403,4 +403,4 @@ intermediate:
    certfiles:
    client:
      certfile:
-      keyfile:
+      keyfile:
--- a/test-network/organizations/fabric-ca/org1/fabric-ca-server-config.yaml
+++ b/test-network/organizations/fabric-ca/org1/fabric-ca-server-config.yaml
@ -403,4 +403,4 @@ intermediate:
    certfiles:
    client:
      certfile:
-      keyfile:
+      keyfile:
--- a/test-network/organizations/fabric-ca/org2/fabric-ca-server-config.yaml
+++ b/test-network/organizations/fabric-ca/org2/fabric-ca-server-config.yaml
@ -403,4 +403,4 @@ intermediate:
    certfiles:
    client:
      certfile:
-      keyfile:
+      keyfile:
--- a/test-network/organizations/fabric-ca/registerEnroll.sh
+++ b/test-network/organizations/fabric-ca/registerEnroll.sh
@ -251,4 +251,4 @@ function createOrderer() {
  { set +x; } 2>/dev/null

  cp "${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml" "${PWD}/organizations/ordererOrganizations/example.com/users/Admin@example.com/msp/config.yaml"
-}
+}
--- a/test-network/prometheus-grafana/docker-compose.yaml
+++ b/test-network/prometheus-grafana/docker-compose.yaml
@ -63,4 +63,4 @@ services:
 networks:
  default:
    external: true
-    name: fabric_test
+    name: fabric_test
--- a/test-network/scripts/configUpdate.sh
+++ b/test-network/scripts/configUpdate.sh
@ -67,4 +67,4 @@ signConfigtxAsPeerOrg() {
  set -x
  peer channel signconfigtx -f "${CONFIGTXFILE}"
  { set +x; } 2>/dev/null
-}
+}
--- a/test-network/scripts/createChannel.sh
+++ b/test-network/scripts/createChannel.sh
@ -124,4 +124,4 @@ setAnchorPeer 1
 infoln "Setting anchor peer for org2..."
 setAnchorPeer 2

-successln "Channel '$CHANNEL_NAME' joined"
+successln "Channel '$CHANNEL_NAME' joined"
--- a/test-network/scripts/deployCC.sh
+++ b/test-network/scripts/deployCC.sh
@ -115,4 +115,4 @@ else
  chaincodeInvokeInit 1 2
 fi

-exit 0
+exit 0
--- a/test-network/scripts/deployCCAAS.sh
+++ b/test-network/scripts/deployCCAAS.sh
@ -220,4 +220,4 @@ else
  chaincodeInvokeInit 1 2
 fi

-exit 0
+exit 0
--- a/test-network/scripts/envVar.sh
+++ b/test-network/scripts/envVar.sh
@ -86,4 +86,4 @@ verifyResult() {
  if [ $1 -ne 0 ]; then
    fatalln "$2"
  fi
-}
+}
--- a/test-network/scripts/org3-scripts/joinChannel.sh
+++ b/test-network/scripts/org3-scripts/joinChannel.sh
@ -73,4 +73,4 @@ infoln "Setting anchor peer for org3..."
 setAnchorPeer 3

 successln "Channel '$CHANNEL_NAME' joined"
-successln "Org3 peer successfully added to network"
+successln "Org3 peer successfully added to network"
--- a/test-network/scripts/org3-scripts/updateChannelConfig.sh
+++ b/test-network/scripts/org3-scripts/updateChannelConfig.sh
@ -53,4 +53,4 @@ set -x
 peer channel update -f ${TEST_NETWORK_HOME}/channel-artifacts/org3_update_in_envelope.pb -c ${CHANNEL_NAME} -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile "$ORDERER_CA"
 { set +x; } 2>/dev/null

-successln "Config transaction to add org3 to network submitted"
+successln "Config transaction to add org3 to network submitted"
--- a/test-network/scripts/packageCC.sh
+++ b/test-network/scripts/packageCC.sh
@ -98,4 +98,4 @@ packageChaincode() {
 ## package the chaincode
 packageChaincode

-exit 0
+exit 0
--- a/test-network/scripts/pkgcc.sh
+++ b/test-network/scripts/pkgcc.sh
@ -104,4 +104,4 @@ tar -C "$tempdir/pkg" -czf "$label.tgz" metadata.json code.tar.gz
 rm -Rf "$tempdir"

 packageid="${label}:$(shasum -a 256 audit-trail.tgz | cut -d ' ' -f1)"
-echo ${packageid}
+echo ${packageid}
--- a/test-network/scripts/renewCerts.sh
+++ b/test-network/scripts/renewCerts.sh
@ -0,0 +1,73 @@
+#!/bin/bash
+#
+# Copyright IBM Corp All Rights Reserved
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+# This script is used to renew certificates in the test network.
+# It re-enrolls the identities using the Fabric CA.
+
+. scripts/utils.sh
+
+function renewOrg1() {
+  infoln "Renewing Org1 certificates"
+
+  export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/peerOrganizations/org1.example.com/
+
+  # Remove existing MSP and TLS - this is important to avoid 'malformed serial number'
+  # and other parsing errors when fabric-ca-client tries to use old certs for auth.
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/msp"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/tls"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/ca"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/tlsca"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/peers"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/users"
+
+  # Re-enroll everything
+  . organizations/fabric-ca/registerEnroll.sh
+  createOrg1
+}
+
+function renewOrg2() {
+  infoln "Renewing Org2 certificates"
+
+  export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/peerOrganizations/org2.example.com/
+
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/msp"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/tls"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/ca"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/tlsca"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/peers"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/users"
+
+  . organizations/fabric-ca/registerEnroll.sh
+  createOrg2
+}
+
+function renewOrderer() {
+  infoln "Renewing Orderer certificates"
+
+  export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/ordererOrganizations/example.com
+
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/msp"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/tls"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/ca"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/tlsca"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/orderers"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/users"
+
+  . organizations/fabric-ca/registerEnroll.sh
+  createOrderer
+}
+
+# Check if CAs are running
+if [ $(docker ps -q --filter name=ca_org1 --filter status=running | wc -l) -eq 0 ]; then
+  fatalln "Fabric CAs must be running to renew certificates. Please run './network.sh up -ca' first."
+fi
+
+renewOrg1
+renewOrg2
+renewOrderer
+
+infoln "Certificates renewed successfully. You may need to restart your network nodes (peer/orderer) to pick up the new certificates."
--- a/test-network/scripts/setAnchorPeer.sh
+++ b/test-network/scripts/setAnchorPeer.sh
@ -64,4 +64,4 @@ setGlobals $ORG

 createAnchorPeerUpdate 

-updateAnchorPeer 
+updateAnchorPeer 
--- a/test-network/scripts/utils.sh
+++ b/test-network/scripts/utils.sh
@ -143,8 +143,15 @@ function printHelp() {
    println "   network.sh cc invoke -c channel1 -ccic '{\"Args\":[\"CreateAsset\",\"asset1\",\"red\",\"10\",\"fred\",\"500\"]}'"
    println "   network.sh cc query -c channel1 -ccqc '{\"Args\":[\"ReadAsset\",\"asset1\"]}'"
    println
+    println
    println " NOTE: Default settings can be changed in network.config"
    println
+  elif [ "$USAGE" == "renew" ]; then
+    println "Usage: "
+    println "  network.sh \033[0;32mrenew\033[0m"
+    println
+    println "    Example:"
+    println "      network.sh renew"
  else
    println "Usage: "
    println "  network.sh <Mode> [Flags]"
@ -156,6 +163,7 @@ function printHelp() {
    println "      \033[0;32mdeployCC\033[0m - Deploy a chaincode to a channel (defaults to asset-transfer-basic)"
    println "      \033[0;32mcc\033[0m - chaincode functions, use \"network.sh cc -h\" for options"
    println "      \033[0;32mdown\033[0m - Bring down the network"
+    println "      \033[0;32mrenew\033[0m - Renew certificates for the network"
    println
    println "    Flags:"
    println "    Used with \033[0;32mnetwork.sh prereq\033[0m"
@ -262,4 +270,4 @@ function fatalln() {
 export -f errorln
 export -f successln
 export -f infoln
-export -f warnln
+export -f warnln
--- a/test-network/setOrgEnv.sh
+++ b/test-network/setOrgEnv.sh
@ -56,4 +56,4 @@ echo "CORE_PEER_MSPCONFIGPATH=${CORE_PEER_MSPCONFIGPATH}"
 echo "CORE_PEER_ADDRESS=${CORE_PEER_ADDRESS}"
 echo "CORE_PEER_TLS_ROOTCERT_FILE=${CORE_PEER_TLS_ROOTCERT_FILE}"

-echo "CORE_PEER_LOCALMSPID=${CORE_PEER_LOCALMSPID}"
+echo "CORE_PEER_LOCALMSPID=${CORE_PEER_LOCALMSPID}"