Fabric-CA Client’s CLI

Hyperledger Fabric Certificate Authority Client

Usage:
  fabric-ca-client [command]

Available Commands:
  affiliation Manage affiliations
  certificate Manage certificates
  completion  Generate the autocompletion script for the specified shell
  enroll      Enroll an identity
  gencrl      Generate a CRL
  gencsr      Generate a CSR
  getcainfo   Get CA certificate chain and Idemix public key
  help        Help about any command
  identity    Manage identities
  reenroll    Reenroll an identity
  register    Register an identity
  revoke      Revoke an identity
  version     Prints Fabric CA Client version

Flags:
      --caname string                Name of CA
      --csr.cn string                The common name field of the certificate signing request
      --csr.hosts strings            A list of comma-separated host names in a certificate signing request
      --csr.keyrequest.algo string   Specify key algorithm
      --csr.keyrequest.reusekey      Reuse existing key during reenrollment
      --csr.keyrequest.size int      Specify key size
      --csr.names strings            A list of comma-separated CSR names of the form <name>=<value> (e.g. C=CA,O=Org1)
      --csr.serialnumber string      The serial number in a certificate signing request
      --enrollment.attrs strings     A list of comma-separated attribute requests of the form <name>[:opt] (e.g. foo,bar:opt)
      --enrollment.label string      Label to use in HSM operations
      --enrollment.profile string    Name of the signing profile to use in issuing the certificate
      --enrollment.type string       The type of enrollment request: 'x509' or 'idemix' (default "x509")
  -h, --help                         help for fabric-ca-client
  -H, --home string                  Client's home directory (default "$HOME/.fabric-ca-client")
      --id.affiliation string        The identity's affiliation
      --id.attrs strings             A list of comma-separated attributes of the form <name>=<value> (e.g. foo=foo1,bar=bar1)
      --id.maxenrollments int        The maximum number of times the secret can be reused to enroll (default CA's Max Enrollment)
      --id.name string               Unique name of the identity
      --id.secret string             The enrollment secret for the identity being registered
      --id.type string               Type of identity being registered (e.g. 'peer, app, user') (default "client")
      --idemix.curve string          The identity mixer curve ID to use among {'amcl.Fp256bn', 'gurvy.Bn254', 'amcl.Fp256Miraclbn'} (default "amcl.Fp256bn")
      --loglevel string              Set logging level (info, warning, debug, error, fatal, critical)
  -M, --mspdir string                Membership Service Provider directory (default "msp")
  -m, --myhost string                Hostname to include in the certificate signing request during enrollment (default "$HOSTNAME")
  -a, --revoke.aki string            AKI (Authority Key Identifier) of the certificate to be revoked
  -e, --revoke.name string           Identity whose certificates should be revoked
  -r, --revoke.reason string         Reason for revocation
  -s, --revoke.serial string         Serial number of the certificate to be revoked
      --tls.certfiles strings        A list of comma-separated PEM-encoded trusted certificate files (e.g. root1.pem,root2.pem)
      --tls.client.certfile string   PEM-encoded certificate file when mutual authenticate is enabled
      --tls.client.keyfile string    PEM-encoded key file when mutual authentication is enabled
  -u, --url string                   URL of fabric-ca-server (default "http://localhost:7054")

Use "fabric-ca-client [command] --help" for more information about a command.

Identity Command

Manage identities

Usage:
  fabric-ca-client identity [command]

Available Commands:
  add         Add identity
  list        List identities
  modify      Modify identity
  remove      Remove identity

Flags:
  -h, --help   help for identity

-----------------------------

Add an identity

Usage:
  fabric-ca-client identity add <id> [flags]

Examples:
fabric-ca-client identity add user1 --type peer

Flags:
      --affiliation string   The identity's affiliation
      --attrs strings        A list of comma-separated attributes of the form <name>=<value> (e.g. foo=foo1,bar=bar1)
  -h, --help                 help for add
      --json string          JSON string for adding a new identity
      --maxenrollments int   The maximum number of times the secret can be reused to enroll (default CA's Max Enrollment)
      --secret string        The enrollment secret for the identity being added
      --type string          Type of identity being registered (e.g. 'peer, app, user') (default "user")

-----------------------------

List identities visible to caller

Usage:
  fabric-ca-client identity list [flags]

Flags:
  -h, --help        help for list
      --id string   Get identity information from the fabric-ca server

-----------------------------

Modify an existing identity

Usage:
  fabric-ca-client identity modify <id> [flags]

Examples:
fabric-ca-client identity modify user1 --type peer

Flags:
      --affiliation string   The identity's affiliation
      --attrs strings        A list of comma-separated attributes of the form <name>=<value> (e.g. foo=foo1,bar=bar1)
  -h, --help                 help for modify
      --json string          JSON string for modifying an existing identity
      --maxenrollments int   The maximum number of times the secret can be reused to enroll
      --secret string        The enrollment secret for the identity
      --type string          Type of identity being registered (e.g. 'peer, app, user')

-----------------------------

Remove an identity

Usage:
  fabric-ca-client identity remove <id> [flags]

Examples:
fabric-ca-client identity remove user1

Flags:
      --force   Forces removing your own identity
  -h, --help    help for remove

Affiliation Command

Manage affiliations

Usage:
  fabric-ca-client affiliation [command]

Available Commands:
  add         Add affiliation
  list        List affiliations
  modify      Modify affiliation
  remove      Remove affiliation

Flags:
  -h, --help   help for affiliation

-----------------------------

Add affiliation

Usage:
  fabric-ca-client affiliation add <affiliation> [flags]

Flags:
      --force   Creates parent affiliations if they do not exist
  -h, --help    help for add

-----------------------------

List affiliations visible to caller

Usage:
  fabric-ca-client affiliation list [flags]

Flags:
      --affiliation string   Get affiliation information from the fabric-ca server
  -h, --help                 help for list

-----------------------------

Modify existing affiliation

Usage:
  fabric-ca-client affiliation modify <affiliation> [flags]

Flags:
      --force         Forces identities using old affiliation to use new affiliation
  -h, --help          help for modify
      --name string   Rename the affiliation

-----------------------------

Remove affiliation

Usage:
  fabric-ca-client affiliation remove <affiliation> [flags]

Flags:
      --force   Forces removal of any child affiliations and any identities associated with removed affiliations
  -h, --help    help for remove

Certificate Command

Manage certificates

Usage:
  fabric-ca-client certificate [command]

Available Commands:
  list        List certificates

Flags:
  -h, --help   help for certificate

-----------------------------

List all certificates which are visible to the caller and match the flags

Usage:
  fabric-ca-client certificate list [flags]

Examples:
fabric-ca-client certificate list --id admin --expiration 2018-01-01::2018-01-30
fabric-ca-client certificate list --id admin --expiration 2018-01-01T01:30:00z::2018-01-30T11:30:00z
fabric-ca-client certificate list --id admin --expiration -30d::-15d

Flags:
      --aki string          Get certificates for this AKI
      --expiration string   Get certificates which expire between the UTC timestamp (RFC3339 format) or duration specified (e.g. <begin_time>::<end_time>)
  -h, --help                help for list
      --id string           Get certificates for this enrollment ID
      --notexpired          Don't return expired certificates
      --notrevoked          Don't return revoked certificates
      --revocation string   Get certificates that were revoked between the UTC timestamp (RFC3339 format) or duration specified (e.g. <begin_time>::<end_time>)
      --serial string       Get certificates for this serial number
      --store string        Store requested certificates in this location