github.com/hyperledger/fabric-ca@v2.0.0-alpha.0.20201120210307-7b4f34729db1+incompatible/docs/source/clientconfig.rst (about) 1 Fabric-CA Client's Configuration File 2 ====================================== 3 4 :: 5 6 7 ############################################################################# 8 # This is a configuration file for the fabric-ca-client command. 9 # 10 # COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES 11 # ------------------------------------------------ 12 # Each configuration element can be overridden via command line 13 # arguments or environment variables. The precedence for determining 14 # the value of each element is as follows: 15 # 1) command line argument 16 # Examples: 17 # a) --url https://localhost:7054 18 # To set the fabric-ca server url 19 # b) --tls.client.certfile certfile.pem 20 # To set the client certificate for TLS 21 # 2) environment variable 22 # Examples: 23 # a) FABRIC_CA_CLIENT_URL=https://localhost:7054 24 # To set the fabric-ca server url 25 # b) FABRIC_CA_CLIENT_TLS_CLIENT_CERTFILE=certfile.pem 26 # To set the client certificate for TLS 27 # 3) configuration file 28 # 4) default value (if there is one) 29 # All default values are shown beside each element below. 30 # 31 # FILE NAME ELEMENTS 32 # ------------------ 33 # The value of all fields whose name ends with "file" or "files" are 34 # name or names of other files. 35 # For example, see "tls.certfiles" and "tls.client.certfile". 36 # The value of each of these fields can be a simple filename, a 37 # relative path, or an absolute path. If the value is not an 38 # absolute path, it is interpretted as being relative to the location 39 # of this configuration file. 40 # 41 ############################################################################# 42 43 ############################################################################# 44 # Client Configuration 45 ############################################################################# 46 47 # URL of the Fabric-ca-server (default: http://localhost:7054) 48 url: <<<URL>>> 49 50 # Membership Service Provider (MSP) directory 51 # This is useful when the client is used to enroll a peer or orderer, so 52 # that the enrollment artifacts are stored in the format expected by MSP. 53 mspdir: msp 54 55 ############################################################################# 56 # TLS section for secure socket connection 57 # 58 # certfiles - PEM-encoded list of trusted root certificate files 59 # client: 60 # certfile - PEM-encoded certificate file for when client authentication 61 # is enabled on server 62 # keyfile - PEM-encoded key file for when client authentication 63 # is enabled on server 64 ############################################################################# 65 tls: 66 # TLS section for secure socket connection 67 certfiles: 68 client: 69 certfile: 70 keyfile: 71 72 ############################################################################# 73 # Certificate Signing Request section for generating the CSR for an 74 # enrollment certificate (ECert) 75 # 76 # cn - Used by CAs to determine which domain the certificate is to be generated for 77 # 78 # keyrequest - Properties to use when generating a private key. 79 # algo - key generation algorithm to use 80 # size - size of key to generate 81 # reusekey - reuse existing key during reenrollment 82 # 83 # serialnumber - The serialnumber field, if specified, becomes part of the issued 84 # certificate's DN (Distinguished Name). For example, one use case for this is 85 # a company with its own CA (Certificate Authority) which issues certificates 86 # to its employees and wants to include the employee's serial number in the DN 87 # of its issued certificates. 88 # WARNING: The serialnumber field should not be confused with the certificate's 89 # serial number which is set by the CA but is not a component of the 90 # certificate's DN. 91 # 92 # names - A list of name objects. Each name object should contain at least one 93 # "C", "L", "O", or "ST" value (or any combination of these) where these 94 # are abbreviations for the following: 95 # "C": country 96 # "L": locality or municipality (such as city or town name) 97 # "O": organization 98 # "OU": organizational unit, such as the department responsible for owning the key; 99 # it can also be used for a "Doing Business As" (DBS) name 100 # "ST": the state or province 101 # 102 # Note that the "OU" or organizational units of an ECert are always set according 103 # to the values of the identities type and affiliation. OUs are calculated for an enroll 104 # as OU=<type>, OU=<affiliationRoot>, ..., OU=<affiliationLeaf>. For example, an identity 105 # of type "client" with an affiliation of "org1.dept2.team3" would have the following 106 # organizational units: OU=client, OU=org1, OU=dept2, OU=team3 107 # 108 # hosts - A list of host names for which the certificate should be valid 109 # 110 ############################################################################# 111 csr: 112 cn: <<<ENROLLMENT_ID>>> 113 keyrequest: 114 algo: ecdsa 115 size: 256 116 reusekey: false 117 serialnumber: 118 names: 119 - C: US 120 ST: North Carolina 121 L: 122 O: Hyperledger 123 OU: Fabric 124 hosts: 125 - <<<MYHOST>>> 126 127 ############################################################################# 128 # Registration section used to register a new identity with fabric-ca server 129 # 130 # name - Unique name of the identity 131 # type - Type of identity being registered (e.g. 'peer, app, user') 132 # affiliation - The identity's affiliation 133 # maxenrollments - The maximum number of times the secret can be reused to enroll. 134 # Specially, -1 means unlimited; 0 means to use CA's max enrollment 135 # value. 136 # attributes - List of name/value pairs of attribute for identity 137 ############################################################################# 138 id: 139 name: 140 type: 141 affiliation: 142 maxenrollments: 0 143 attributes: 144 # - name: 145 # value: 146 147 ############################################################################# 148 # Enrollment section used to enroll an identity with fabric-ca server 149 # 150 # profile - Name of the signing profile to use in issuing the certificate 151 # label - Label to use in HSM operations 152 ############################################################################# 153 enrollment: 154 profile: 155 label: 156 157 ############################################################################# 158 # Name of the CA to connect to within the fabric-ca server 159 ############################################################################# 160 caname: 161 162 ############################################################################# 163 # BCCSP (BlockChain Crypto Service Provider) section allows to select which 164 # crypto implementation library to use 165 ############################################################################# 166 bccsp: 167 default: SW 168 sw: 169 hash: SHA2 170 security: 256 171 filekeystore: 172 # The directory used for the software file-based keystore 173 keystore: msp/keystore