github.com/extrame/fabric-ca@v2.0.0-alpha+incompatible/testdata/ca/rootca/ca1/fabric-ca-server-config.yaml

github.com/extrame/fabric-ca@v2.0.0-alpha+incompatible/testdata/ca/rootca/ca1/fabric-ca-server-config.yaml (about)

     1  #
     2  # Copyright IBM Corp. All Rights Reserved.
     3  #
     4  # SPDX-License-Identifier: Apache-2.0
     5  #
     6  #############################################################################
     7  # The CA section contains information specific to this Certificate Authority.
     8  # Minimally, the name must be unique for all CAs serviced by the same server.
     9  # Additionally, you may specify any of the settings that are defined in the
    10  # server's configuration file to override them with a value specific for this CA.
    11  # For example, you should provide a different username and password for the
    12  # bootstrap identity as found in the "identities" subsection of the "registry" section.
    13  
    14  # See the server's configuration file for comments on all settings.
    15  # All settings pertaining to the server's listening endpoint are by definition
    16  # server-specific and so will be ignored in a CA configuration file.
    17  #############################################################################
    18  ca:
    19    # Name of this CA
    20    name: rootca1
    21  
    22  ###########################################################################
    23  #  Certificate Signing Request section for generating the CA certificate
    24  ###########################################################################
    25  csr:
    26    cn: fabric-ca-server-rootca1
    27  
    28  #############################################################################
    29  #  The registry section controls how the fabric-ca-server does two things:
    30  #  1) authenticates enrollment requests which contain a username and password
    31  #     (also known as an enrollment ID and secret).
    32  #  2) once authenticated, retrieves the identity's attribute names and
    33  #     values which the fabric-ca-server optionally puts into TCerts
    34  #     which it issues for transacting on the Hyperledger Fabric blockchain.
    35  #     These attributes are useful for making access control decisions in
    36  #     chaincode.
    37  #  There are two main configuration options:
    38  #  1) The fabric-ca-server is the registry
    39  #  2) An LDAP server is the registry, in which case the fabric-ca-server
    40  #     calls the LDAP server to perform these tasks.
    41  #############################################################################
    42  registry:
    43    # Maximum number of times a password/secret can be reused for enrollment
    44    # (default: -1, which means there is no limit)
    45    maxEnrollments: -1
    46  
    47    # Contains user information which is used when LDAP is disabled
    48    identities:
    49       - name: adminca1
    50         pass: adminca1pw
    51         type: client
    52         affiliation: ""
    53         maxenrollments: -1
    54         attrs:
    55            hf.Registrar.Roles: "client,user,peer,validator,auditor,ca"
    56            hf.Registrar.DelegateRoles: "client,user,validator,auditor"
    57            hf.Revoker: true
    58            hf.IntermediateCA: true
    59            hf.Registrar.Attributes: "*"