github.com/extrame/fabric-ca@v2.0.0-alpha+incompatible/testdata/ca/intermediateca/ca2/fabric-ca-server-config.yaml (about) 1 # 2 # Copyright IBM Corp. All Rights Reserved. 3 # 4 # SPDX-License-Identifier: Apache-2.0 5 # 6 ############################################################################# 7 # The CA section contains information specific to this Certificate Authority. 8 # Minimally, the name must be unique for all CAs serviced by the same server. 9 # Additionally, you may specify any of the settings that are defined in the 10 # server's configuration file to override them with a value specific for this CA. 11 # For example, you should provide a different username and password for the 12 # bootstrap identity as found in the "identities" subsection of the "registry" section. 13 14 # See the server's configuration file for comments on all settings. 15 # All settings pertaining to the server's listening endpoint are by definition 16 # server-specific and so will be ignored in a CA configuration file. 17 ############################################################################# 18 ca: 19 # Name of this CA 20 name: ca2 21 # Key file (default: ca-key.pem) 22 keyfile: ca-key.pem 23 # Certificate file (default: ca-cert.pem) 24 certfile: ca-cert.pem 25 # Chain file (default: chain-cert.pem) 26 chainfile: ca-chain.pem 27 28 ############################################################################# 29 # The registry section controls how the fabric-ca-server does two things: 30 # 1) authenticates enrollment requests which contain a username and password 31 # (also known as an enrollment ID and secret). 32 # 2) once authenticated, retrieves the identity's attribute names and 33 # values which the fabric-ca-server optionally puts into TCerts 34 # which it issues for transacting on the Hyperledger Fabric blockchain. 35 # These attributes are useful for making access control decisions in 36 # chaincode. 37 # There are two main configuration options: 38 # 1) The fabric-ca-server is the registry 39 # 2) An LDAP server is the registry, in which case the fabric-ca-server 40 # calls the LDAP server to perform these tasks. 41 ############################################################################# 42 registry: 43 # Maximum number of times a password/secret can be reused for enrollment 44 # (default: -1, which means there is no limit) 45 maxEnrollments: -1 46 47 # Contains user information which is used when LDAP is disabled 48 identities: 49 - name: adminca2 50 pass: adminca2pw 51 type: client 52 affiliation: "" 53 attrs: 54 hf.Registrar.Roles: "client,user,peer,validator,auditor,ca" 55 hf.Registrar.DelegateRoles: "client,user,validator,auditor" 56 hf.Revoker: true 57 hf.IntermediateCA: true 58 59 ############################################################################# 60 # Database section 61 # Supported types are: "sqlite3", "postgres", and "mysql". 62 # The datasource value depends on the type. 63 # If the type is "sqlite3", the datasource value is a file name to use 64 # as the database store. Since "sqlite3" is an embedded database, it 65 # may not be used if you want to run the fabric-ca-server in a cluster. 66 # To run the fabric-ca-server in a cluster, you must choose "postgres" 67 # or "mysql". 68 ############################################################################# 69 db: 70 type: sqlite3 71 datasource: fabric-ca2-server.db 72 tls: 73 enabled: false 74 certfiles: 75 - db-server-cert.pem 76 client: 77 certfile: db-client-cert.pem 78 keyfile: db-client-key.pem 79 80 ############################################################################# 81 # Affiliation section 82 ############################################################################# 83 affiliations: 84 org1: 85 - department1 86 - department2 87 org2: 88 - department1 89 90 intermediate: 91 parentserver: 92 url: http://admin:adminpw@localhost:7075 93 caname: rootca2