github.com/darrenli6/fabric-sdk-example@v0.0.0-20220109053535-94b13b56df8c/examples/cluster/config/fabric-ca-server-config.yaml (about) 1 # Copyright IBM Corp. All Rights Reserved. 2 # 3 # SPDX-License-Identifier: Apache-2.0 4 # 5 6 ############################################################################# 7 # This is a configuration file for the fabric-ca-server command. 8 # 9 # COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES 10 # ------------------------------------------------ 11 # Each configuration element can be overridden via command line 12 # arguments or environment variables. The precedence for determining 13 # the value of each element is as follows: 14 # 1) command line argument 15 # Examples: 16 # a) --port 443 17 # To set the listening port 18 # b) --ca-keyfile ../mykey.pem 19 # To set the "keyfile" element in the "ca" section below; 20 # note the '-' separator character. 21 # 2) environment variable 22 # Examples: 23 # a) FABRIC_CA_SERVER_PORT=443 24 # To set the listening port 25 # b) FABRIC_CA_SERVER_CA_KEYFILE="../mykey.pem" 26 # To set the "keyfile" element in the "ca" section below; 27 # note the '_' separator character. 28 # 3) configuration file 29 # 4) default value (if there is one) 30 # All default values are shown beside each element below. 31 # 32 # FILE NAME ELEMENTS 33 # ------------------ 34 # All filename elements below end with the word "file". 35 # For example, see "certfile" and "keyfile" in the "ca" section. 36 # The value of each filename element can be a simple filename, a 37 # relative path, or an absolute path. If the value is not an 38 # absolute path, it is interpretted as being relative to the location 39 # of this configuration file. 40 # 41 ############################################################################# 42 43 # Server's listening port (default: 7054) 44 port: 7054 45 46 # Enables debug logging (default: false) 47 debug: false 48 49 ############################################################################# 50 # TLS section for the server's listening port 51 # 52 # The following types are supported for client authentication: NoClientCert, 53 # RequestClientCert, RequireAnyClientCert, VerfiyClientCertIfGiven, 54 # and RequireAndVerifyClientCert. 55 # 56 # Certfiles is a list of root certificate authorities that the server uses 57 # when verifying client certificates. 58 ############################################################################# 59 tls: 60 # Enable TLS (default: false) 61 enabled: false 62 # TLS for the server's listening port 63 certfile: ca.crt 64 keyfile: ca.key 65 clientauth: 66 type: noclientcert 67 certfiles: 68 69 ############################################################################# 70 # The CA section contains information related to the Certificate Authority 71 # including the name of the CA, which should be unique for all members 72 # of a blockchain network. It also includes the key and certificate files 73 # used when issuing enrollment certificates (ECerts) and transaction 74 # certificates (TCerts). 75 # The chainfile (if it exists) contains the certificate chain which 76 # should be trusted for this CA, where the 1st in the chain is always the 77 # root CA certificate. 78 ############################################################################# 79 ca: 80 # Name of this CA 81 name: 82 certfile: ca.crt 83 keyfile: ca.key 84 # Chain file (default: chain-cert.pem) 85 chainfile: ca-chain.pem 86 87 ############################################################################# 88 # The registry section controls how the fabric-ca-server does two things: 89 # 1) authenticates enrollment requests which contain a username and password 90 # (also known as an enrollment ID and secret). 91 # 2) once authenticated, retrieves the identity's attribute names and 92 # values which the fabric-ca-server optionally puts into TCerts 93 # which it issues for transacting on the Hyperledger Fabric blockchain. 94 # These attributes are useful for making access control decisions in 95 # chaincode. 96 # There are two main configuration options: 97 # 1) The fabric-ca-server is the registry 98 # 2) An LDAP server is the registry, in which case the fabric-ca-server 99 # calls the LDAP server to perform these tasks. 100 ############################################################################# 101 registry: 102 # Maximum number of times a password/secret can be reused for enrollment 103 # (default: -1, which means there is no limit) 104 maxEnrollments: -1 105 106 # Contains identity information which is used when LDAP is disabled 107 identities: 108 - name: admin 109 pass: adminpw 110 type: client 111 affiliation: "" 112 attrs: 113 hf.Registrar.Roles: "client,user,peer,validator,auditor,ca" 114 hf.Registrar.DelegateRoles: "client,user,validator,auditor" 115 hf.Revoker: true 116 hf.IntermediateCA: true 117 118 ############################################################################# 119 # Database section 120 # Supported types are: "sqlite3", "postgres", and "mysql". 121 # The datasource value depends on the type. 122 # If the type is "sqlite3", the datasource value is a file name to use 123 # as the database store. Since "sqlite3" is an embedded database, it 124 # may not be used if you want to run the fabric-ca-server in a cluster. 125 # To run the fabric-ca-server in a cluster, you must choose "postgres" 126 # or "mysql". 127 ############################################################################# 128 db: 129 type: sqlite3 130 datasource: /var/hyperledger/fabric-ca-server/state.db 131 tls: 132 enabled: false 133 certfiles: 134 - db-server-cert.pem 135 client: 136 certfile: db-client-cert.pem 137 keyfile: db-client-key.pem 138 139 ############################################################################# 140 # LDAP section 141 # If LDAP is enabled, the fabric-ca-server calls LDAP to: 142 # 1) authenticate enrollment ID and secret (i.e. username and password) 143 # for enrollment requests; 144 # 2) To retrieve identity attributes 145 ############################################################################# 146 ldap: 147 # Enables or disables the LDAP client (default: false) 148 enabled: false 149 # The URL of the LDAP server 150 url: ldap://<adminDN>:<adminPassword>@<host>:<port>/<base> 151 tls: 152 certfiles: 153 - ldap-server-cert.pem 154 client: 155 certfile: ldap-client-cert.pem 156 keyfile: ldap-client-key.pem 157 158 ############################################################################# 159 # Affiliation section 160 ############################################################################# 161 affiliations: 162 org1: 163 - department1 164 - department2 165 org2: 166 - department1 167 168 ############################################################################# 169 # Signing section 170 ############################################################################# 171 signing: 172 profiles: 173 ca: 174 usage: 175 - cert sign 176 expiry: 8000h 177 caconstraint: 178 isca: true 179 default: 180 usage: 181 - cert sign 182 expiry: 8000h 183 184 ########################################################################### 185 # Certificate Signing Request section for generating the CA certificate 186 ########################################################################### 187 csr: 188 cn: fabric-ca-server 189 names: 190 - C: US 191 ST: "North Carolina" 192 L: 193 O: Hyperledger 194 OU: Fabric 195 hosts: 196 - 2008f00aff38 197 ca: 198 pathlen: 199 pathlenzero: 200 expiry: 201 202 ############################################################################# 203 # BCCSP (BlockChain Crypto Service Provider) section is used to select which 204 # crypto library implementation to use 205 ############################################################################# 206 207 bccsp: 208 default: SW 209 sw: 210 hash: SHA2 211 security: 256 212 filekeystore: 213 # The directory used for the software file-based keystore 214 keystore: /var/hyperledger/fabric-ca-server/keystore 215 216 ############################################################################# 217 # The fabric-ca-server init and start commands support the following two 218 # additional mutually exclusive options: 219 # 220 # 1) --cacount <number-of-CAs> 221 # Automatically generate multiple default CA instances. 222 # This is particularly useful in a development environment to quickly set up 223 # multiple CAs. 224 # For example, 225 # fabric-ca-server start -b admin:adminpw --cacount 2 226 # starts a server with a default CA and two non-default CA's with names 227 # 'ca1' and 'ca2'. 228 # 229 # 2) --cafiles <CA-config-files> 230 # For each CA config file in the list, generate a separate signing CA. Each CA 231 # config file in this list MAY contain all of the same elements as are found in 232 # the server config file except port, debug, and tls sections. 233 # For example, 234 # fabric-ca-server start -b admin:adminpw \ 235 # --cafiles ca/ca1/fabric-ca-server-config.yaml \ 236 # --cafiles ca/ca2/fabric-ca-server-config.yaml 237 # is equivalent to the previous example, except the files CA config files 238 # must already exist and can be customized. 239 # 240 ############################################################################# 241 242 cacount: 243 244 cafiles: