Following the indications here: https://hyperledger-fabric-ca.readthedocs.io/en/release-1.4/users-guide.html#configuring-the-database I'm trying to understand how to correctly set Fabric-CA with a PostgreSQL-11 database in Ubuntu 18.04.02 Server Edition.
I created a postgresql-11 db to which I can connect with SSL: (base) marco@pc:~$ psql --cluster 11/fabmnet -h 127.0.0.1 -d fabmnetdb -U fabmnet_admin Password for user fabmnet_admin: psql (11.5 (Ubuntu 11.5-1.pgdg18.04+1)) SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off) Type "help" for help. fabmnetdb=> \l List of databases Name | Owner | Encoding | Collate | Ctype | Access privileges -----------+---------------+----------+---------+---------+----------------------- fabmnetdb | fabmnet_admin | UTF8 | C.UTF-8 | C.UTF-8 | postgres | postgres | UTF8 | C.UTF-8 | C.UTF-8 | template0 | postgres | UTF8 | C.UTF-8 | C.UTF-8 | =c/postgres + | | | | | postgres=CTc/postgres template1 | postgres | UTF8 | C.UTF-8 | C.UTF-8 | =c/postgres + | | | | | postgres=CTc/postgres (4 rows) fabmnetdb=> but when trying to start a fabric-ca-server : (base) marco@pc:~/fabric/fabric-ca$ fabric-ca-server start -b admin:adminpw 2019/09/25 20:56:57 [INFO] Configuration file location: /home/marco/fabric /fabric-ca/fabric-ca-server-config.yaml 2019/09/25 20:56:57 [INFO] Starting server in home directory: /home/marco /fabric/fabric-ca 2019/09/25 20:56:57 [INFO] Server Version: 1.4.4 2019/09/25 20:56:57 [INFO] Server Levels: &{Identity:2 Affiliation:1 Certificate:1 Credential:1 RAInfo:1 Nonce:1} 2019/09/25 20:56:57 [INFO] The CA key and certificate already exist 2019/09/25 20:56:57 [INFO] The key is stored by BCCSP provider 'SW' 2019/09/25 20:56:57 [INFO] The certificate is at: /home/marco/fabric /fabric-ca/ca-cert.pem 2019/09/25 20:56:57 [WARNING] Failed to connect to database 'fabmnetdb' 2019/09/25 20:56:57 [WARNING] Failed to connect to database 'postgres' 2019/09/25 20:56:57 [WARNING] Failed to connect to database 'template1' 2019/09/25 20:56:57 [ERROR] Error occurred initializing database: Failed to connect to Postgres database. Postgres requires connecting to a specific database, the following databases were tried: [fabmnetdb postgres template1]. Please create one of these database before continuing 2019/09/25 20:56:57 [INFO] Home directory for default CA: /home/marco /fabric/fabric-ca 2019/09/25 20:56:57 [INFO] Operation Server Listening on 127.0.0.1:9443 2019/09/25 20:56:57 [INFO] Listening on http://0.0.0.0:7054 This is the corresponding part in /var/log/postgresql/postgresql-11-fabmnet.log : 2019-09-25 20:51:52.655 CEST [1096] LOG: listening on IPv6 address "::1", port 5433 2019-09-25 20:51:52.673 CEST [1096] LOG: listening on IPv4 address "127.0.0.1", port 5433 2019-09-25 20:51:52.701 CEST [1096] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5433" 2019-09-25 20:51:52.912 CEST [1171] LOG: database system was interrupted; last known up at 2019-09-25 09:50:30 CEST 2019-09-25 20:51:53.001 CEST [1171] LOG: database system was not properly shut down; automatic recovery in progress 2019-09-25 20:51:53.011 CEST [1171] LOG: redo starts at 0/1668238 2019-09-25 20:51:53.011 CEST [1171] LOG: invalid record length at 0/1668318: wanted 24, got 0 2019-09-25 20:51:53.011 CEST [1171] LOG: redo done at 0/16682E0 2019-09-25 20:51:53.043 CEST [1096] LOG: database system is ready to accept connections 2019-09-25 20:51:53.569 CEST [1206] [unknown]@[unknown] LOG: incomplete startup packet 2019-09-25 20:56:57.540 CEST [4620] [unknown]@[unknown] LOG: could not accept SSL connection: sslv3 alert bad certificate 2019-09-25 20:56:57.543 CEST [4622] [unknown]@[unknown] LOG: could not accept SSL connection: sslv3 alert bad certificate 2019-09-25 20:56:57.544 CEST [4623] [unknown]@[unknown] LOG: could not accept SSL connection: sslv3 alert bad certificate This is how I set the pg_hba.conf file in the fabmnet postgresql cluster : (base) marco@pc:~$ sudo -su postgres (base) postgres@pc:~$ nano /etc/postgresql/11/fabmnet/pg_hba.conf Unable to create directory /home/marco/.local/share/nano/: Permission denied It is required for saving/loading search history or cursor positions. Press Enter to continue # TYPE DATABASE USER ADDRESS METHOD # Database administrative login by Unix domain socket local all postgres peer # TYPE DATABASE USER ADDRESS METHOD # "local" is for Unix domain socket connections only local all all peer # IPv4 local connections: host all all 127.0.0.1/32 md5 # Allow connections from 10.1.2.0/24 subnet only to fabric_ca_db for fabric_ca_user hostssl fabmnetdb fabmnet_admin 10.1.2.0/24 cert # IPv6 local connections: host all all ::1/128 md5 # Allow replication connections from localhost, by a user with the # replication privilege. local replication all peer host replication all 127.0.0.1/32 md5 host replication all ::1/128 md5 And this is the db's configuration in (base) marco@pc:~$ nano ./fabric/fabric-ca/fabric-ca- server-config.yaml : db: type: postgres datasource: host=localhost port=5433 user=fabmnet_admin password=pwd dbname=fabmnetdb sslmode=verify-full How to correctly set up SSL connection to PostgresSQL-11 db? Looking forward to your kind help Marco