github.com/49746628/fabric-ca-gm@v2.0.0-alpha.0.20200822143404-8a07eefa7452+incompatible/testdata/ca/intermediateca/ca2/fabric-ca-server-config.yaml (about) 1 # 2 # Copyright IBM Corp. All Rights Reserved. 3 # 4 # SPDX-License-Identifier: Apache-2.0 5 # 6 ############################################################################# 7 # The CA section contains information specific to this Certificate Authority. 8 # Minimally, the name must be unique for all CAs serviced by the same server. 9 # Additionally, you may specify any of the settings that are defined in the 10 # server's configuration file to override them with a value specific for this CA. 11 # For example, you should provide a different username and password for the 12 # bootstrap identity as found in the "identities" subsection of the "registry" section. 13 14 # See the server's configuration file for comments on all settings. 15 # All settings pertaining to the server's listening endpoint are by definition 16 # server-specific and so will be ignored in a CA configuration file. 17 ############################################################################# 18 ca: 19 # Name of this CA 20 name: ca2 21 # Key file (default: ca-key.pem) 22 keyfile: ca-key.pem 23 # Certificate file (default: ca-cert.pem) 24 certfile: ca-cert.pem 25 # Chain file (default: chain-cert.pem) 26 chainfile: ca-chain.pem 27 28 ############################################################################# 29 # The registry section controls how the fabric-ca-server does two things: 30 # 1) authenticates enrollment requests which contain a username and password 31 # (also known as an enrollment ID and secret). 32 # 2) once authenticated, retrieves the identity's attribute names and values. 33 # These attributes are useful for making access control decisions in 34 # chaincode. 35 # There are two main configuration options: 36 # 1) The fabric-ca-server is the registry 37 # 2) An LDAP server is the registry, in which case the fabric-ca-server 38 # calls the LDAP server to perform these tasks. 39 ############################################################################# 40 registry: 41 # Maximum number of times a password/secret can be reused for enrollment 42 # (default: -1, which means there is no limit) 43 maxEnrollments: -1 44 45 # Contains user information which is used when LDAP is disabled 46 identities: 47 - name: adminca2 48 pass: adminca2pw 49 type: client 50 affiliation: "" 51 attrs: 52 hf.Registrar.Roles: "client,user,peer,validator,auditor,ca" 53 hf.Registrar.DelegateRoles: "client,user,validator,auditor" 54 hf.Revoker: true 55 hf.IntermediateCA: true 56 57 ############################################################################# 58 # Database section 59 # Supported types are: "sqlite3", "postgres", and "mysql". 60 # The datasource value depends on the type. 61 # If the type is "sqlite3", the datasource value is a file name to use 62 # as the database store. Since "sqlite3" is an embedded database, it 63 # may not be used if you want to run the fabric-ca-server in a cluster. 64 # To run the fabric-ca-server in a cluster, you must choose "postgres" 65 # or "mysql". 66 ############################################################################# 67 db: 68 type: sqlite3 69 datasource: fabric-ca2-server.db 70 tls: 71 enabled: false 72 certfiles: 73 - db-server-cert.pem 74 client: 75 certfile: db-client-cert.pem 76 keyfile: db-client-key.pem 77 78 ############################################################################# 79 # Affiliation section 80 ############################################################################# 81 affiliations: 82 org1: 83 - department1 84 - department2 85 org2: 86 - department1 87 88 intermediate: 89 parentserver: 90 url: http://admin:adminpw@localhost:7075 91 caname: rootca2