Hi,
I’ve been doing some testing using Ethereum’s testnet chain but can’t get past this error. In the validator on the homepage https://www.blockcerts.org/, I get an Error: Unable to get issuer profile while it’s parsing issuer keys.
Does someone know what it’s checking for in this spot?
I’m not too sure what the issuer publicKey format is for ethereum so I have it as 0xC1DB…252 (the same as my issuing address) right now. I also have the issuer id hosted, with an identical format to https://www.blockcerts.org/samples/2.0/issuer-testnet.json. I figured if something was wrong it would be involving those but don’t know what’s wrong.
Not sure if you want to provide the certificate and issuer hosted json url, but that might help us debug with you.
Here’s an example of an ethereum testnet json if you’re curious. It sounds like your public key format is okay though. https://github.com/AnthonyRonning/https-github.com-labnol-files/blob/master/issuer-eth.json
Yeah, unfortunately I don’t think I should be giving out the hosted url.
Thanks for posting the ethereum example though, my issuer id looks like it’s okay. It’s missing the introductionURL but I’m assuming that’s not needed. I’m also using the create_issuer script found in cert_tools to generate the json if that helps.
Do you mind going through the steps for issuing the certificate? I realized that mine is never actually entering the signed_certificates directory and going straight into blockchain_certificates. The command i’m using is just python cert_issuer -c conf.ini.
I think that’s the directory they should go to. If there was mention of a “signed_certificates” directory, that may have changed? You can verify if you have transaction details added to the bottom of your certificates from blockchain_certificates.
It’s possible that your hosted URL is refusing connections from blockcerts.org. Pull up the network tab in whatever browser you are using and check any URL’s that it tries to resolve. See if any errors come from that, and verify that it’s the correct URL.
You could also verify that your certificates look similar to those in our cert-verifier-js project. We have a test directory in there, with some ethereum testnet and mainnet certs. Additionally, you could try that project out for verifying your certificates if there is some issue resolving the URL from blockcerts.org.
Oh okay thanks,
I checked the network connections and it looks okay. The verifier on blockcerts.org stopped working for me so I started using the cert-verifier python library with these results.
ERROR:root:Verification step VerificationGroup failed!
ERROR:root:Verification step VerificationGroup failed!
Checking certificate has not been tampered with,passed
Checking certificate has not expired,passed
Checking not revoked by issuer,passed
Checking authenticity,failed
Validation,failed
[{‘name’: ‘Checking certificate has not been tampered with’, ‘status’: ‘passed’}, {‘name’: ‘Checking certificate has not expired’, ‘status’: ‘passed’}, {‘name’: ‘Checking not revoked by issuer’, ‘status’: ‘passed’}, {‘name’: ‘Checking authenticity’, ‘status’: ‘failed’}, {‘name’: ‘Validation’, ‘status’: ‘failed’}]
I noticed the eth_ropsten.json test certificate had signature lines. I took those out since I saw they weren’t needed and didn’t know what to set them to. Could that be the problem and if so what should those fields be?
Hmm. So there’s signature (which is set by cert-issuer) and signatureLines, which is sort of metadata about the signer. This may or may not be a required field for verification, I’d try leaving it in there and doing a testnet issuance again, just to narrow down if that’s the problem or not.
Edit:
There seems to be several things that part checks. Created, expired, revoked for the issuer keys from the issuer profile. Usually blockcerts.org says something like “transaction occurred when issuer keys were not valid” if something funky is happening with dates, but check to make sure you’re created field is before your transaction date.
Figured it out,
The verifier on Blockcerts.org wasn’t working due to a CORS not being enabled on my hosting site. When i used cert_verifier, the verification failed but after some debugging, it turned out that the uppercase characters in the public key (on my hosted issuer id file) weren’t matching with the public key in the certificate, which was parsed as all lowercase. I thought I read this was fixed somewhere but i guess not for this library?
Anyways, thanks for the help!
1 Like
Oh man, I think you’re right, let me open up a ticket with cert-verifier to apply the same uppercase issue there too.
2 Likes