github.com/bestbeforetoday/fabric-ca@v2.0.0-alpha+incompatible/docs/source/clientconfig.rst (about) 1 Fabric-CA Client's Configuration File 2 ====================================== 3 4 :: 5 6 7 ############################################################################# 8 # This is a configuration file for the fabric-ca-client command. 9 # 10 # COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES 11 # ------------------------------------------------ 12 # Each configuration element can be overridden via command line 13 # arguments or environment variables. The precedence for determining 14 # the value of each element is as follows: 15 # 1) command line argument 16 # Examples: 17 # a) --url https://localhost:7054 18 # To set the fabric-ca server url 19 # b) --tls.client.certfile certfile.pem 20 # To set the client certificate for TLS 21 # 2) environment variable 22 # Examples: 23 # a) FABRIC_CA_CLIENT_URL=https://localhost:7054 24 # To set the fabric-ca server url 25 # b) FABRIC_CA_CLIENT_TLS_CLIENT_CERTFILE=certfile.pem 26 # To set the client certificate for TLS 27 # 3) configuration file 28 # 4) default value (if there is one) 29 # All default values are shown beside each element below. 30 # 31 # FILE NAME ELEMENTS 32 # ------------------ 33 # The value of all fields whose name ends with "file" or "files" are 34 # name or names of other files. 35 # For example, see "tls.certfiles" and "tls.client.certfile". 36 # The value of each of these fields can be a simple filename, a 37 # relative path, or an absolute path. If the value is not an 38 # absolute path, it is interpretted as being relative to the location 39 # of this configuration file. 40 # 41 ############################################################################# 42 43 ############################################################################# 44 # Client Configuration 45 ############################################################################# 46 47 # URL of the Fabric-ca-server (default: http://localhost:7054) 48 url: <<<URL>>> 49 50 # Membership Service Provider (MSP) directory 51 # This is useful when the client is used to enroll a peer or orderer, so 52 # that the enrollment artifacts are stored in the format expected by MSP. 53 mspdir: msp 54 55 ############################################################################# 56 # TLS section for secure socket connection 57 # 58 # certfiles - PEM-encoded list of trusted root certificate files 59 # client: 60 # certfile - PEM-encoded certificate file for when client authentication 61 # is enabled on server 62 # keyfile - PEM-encoded key file for when client authentication 63 # is enabled on server 64 ############################################################################# 65 tls: 66 # TLS section for secure socket connection 67 certfiles: 68 client: 69 certfile: 70 keyfile: 71 72 ############################################################################# 73 # Certificate Signing Request section for generating the CSR for an 74 # enrollment certificate (ECert) 75 # 76 # cn - Used by CAs to determine which domain the certificate is to be generated for 77 # 78 # serialnumber - The serialnumber field, if specified, becomes part of the issued 79 # certificate's DN (Distinguished Name). For example, one use case for this is 80 # a company with its own CA (Certificate Authority) which issues certificates 81 # to its employees and wants to include the employee's serial number in the DN 82 # of its issued certificates. 83 # WARNING: The serialnumber field should not be confused with the certificate's 84 # serial number which is set by the CA but is not a component of the 85 # certificate's DN. 86 # 87 # names - A list of name objects. Each name object should contain at least one 88 # "C", "L", "O", or "ST" value (or any combination of these) where these 89 # are abbreviations for the following: 90 # "C": country 91 # "L": locality or municipality (such as city or town name) 92 # "O": organization 93 # "OU": organizational unit, such as the department responsible for owning the key; 94 # it can also be used for a "Doing Business As" (DBS) name 95 # "ST": the state or province 96 # 97 # Note that the "OU" or organizational units of an ECert are always set according 98 # to the values of the identities type and affiliation. OUs are calculated for an enroll 99 # as OU=<type>, OU=<affiliationRoot>, ..., OU=<affiliationLeaf>. For example, an identity 100 # of type "client" with an affiliation of "org1.dept2.team3" would have the following 101 # organizational units: OU=client, OU=org1, OU=dept2, OU=team3 102 # 103 # hosts - A list of host names for which the certificate should be valid 104 # 105 ############################################################################# 106 csr: 107 cn: <<<ENROLLMENT_ID>>> 108 keyrequest: 109 algo: ecdsa 110 size: 256 111 serialnumber: 112 names: 113 - C: US 114 ST: North Carolina 115 L: 116 O: Hyperledger 117 OU: Fabric 118 hosts: 119 - <<<MYHOST>>> 120 121 ############################################################################# 122 # Registration section used to register a new identity with fabric-ca server 123 # 124 # name - Unique name of the identity 125 # type - Type of identity being registered (e.g. 'peer, app, user') 126 # affiliation - The identity's affiliation 127 # maxenrollments - The maximum number of times the secret can be reused to enroll. 128 # Specially, -1 means unlimited; 0 means to use CA's max enrollment 129 # value. 130 # attributes - List of name/value pairs of attribute for identity 131 ############################################################################# 132 id: 133 name: 134 type: 135 affiliation: 136 maxenrollments: 0 137 attributes: 138 # - name: 139 # value: 140 141 ############################################################################# 142 # Enrollment section used to enroll an identity with fabric-ca server 143 # 144 # profile - Name of the signing profile to use in issuing the certificate 145 # label - Label to use in HSM operations 146 ############################################################################# 147 enrollment: 148 profile: 149 label: 150 151 ############################################################################# 152 # Name of the CA to connect to within the fabric-ca server 153 ############################################################################# 154 caname: 155 156 ############################################################################# 157 # BCCSP (BlockChain Crypto Service Provider) section allows to select which 158 # crypto implementation library to use 159 ############################################################################# 160 bccsp: 161 default: SW 162 sw: 163 hash: SHA2 164 security: 256 165 filekeystore: 166 # The directory used for the software file-based keystore 167 keystore: msp/keystore