3

we get this error whenever we try to run fabric-ca-client. Example below:

# fabric-ca-client register --url https://ica-org:7054 --id.name user-org --id.affiliation=org
2019/03/19 20:18:07 [INFO] Configuration file location: /home/fabric-ca-client-config.yaml
2019/03/19 20:18:07 [INFO] TLS Enabled
2019/03/19 20:18:07 [ERROR] Enrollment check failed: Idemix enrollment information does not exist
Error: Enrollment information does not exist. Please execute enroll command first. Example: fabric-ca-client enroll -u http://user:userpw@serverAddr:serverPort

How can we fix this?

Improve this question

3 Answers 3

Reset to default
5

This happens when fabric-ca-client cannot find any X509 or Idemix identity. fabric-ca-client needs to be initialized with an identity (except when its being used to enroll a user). It first tries to load an X509 identity from the mspdir location specified in the fabric-ca-client-config.yaml file or the -M command line argument which takes precedence over mspdir in config file. And if its not able to find X509 identity it will look for an idemix identity. If this fails as well it displays the error in question.

For X509 identity:

  • its public cert needs to be in signcerts
  • and private key needs to be in keystore
  • and the public cert of the authority who issued the public/private keypair needs to be in cacerts folder (if an intermediate ca was used then its cert needs to be in intermediatecerts)

all the folders above are under the mspdir

Improve this answer
1

Solution 1 A potential cause if the folder indicated by FABRIC_CA_CLIENT_HOME is not created you'll get that error. You have to check if FABRIC_CA_CLIENT_HOME points to an existing folder. This happens too when indicating a wrong MSP path exp

fabric-ca-client gencrl -M ~/wrong_path

Solution2:

Resolution to issue fabric-ca-client identity list command is as follows:

  1. start the network with the CA option

    ./network.sh up -ca

  2. after the network is up, navigate to (assumes you are already in the test-network directory):

    cd organizations/peerOrganizations/org1.example.com

  3. export cert path using this command:

    export FABRIC_CA_CLIENT_TLS_CERTFILES=$PWD/ca/ca.org1.example.com-cert.pem

  4. export fabric-ca-client home using this command:

    export FABRIC_CA_CLIENT_HOME=$PWD

  5. issue the following command:

    fabric-ca-client identity list
Improve this answer
0

Since you use TLS, you should be using the --tls.certfiles flag or set the FABRIC_CA_CLIENT_TLS_CERTFILES environment variable when using the fabric-ca-client command. This should hold the full path to your organisation's TLS certificate.

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.