Fabric-CA Client’s CLI¶
Hyperledger Fabric Certificate Authority Client
Usage:
fabric-ca-client [command]
Available Commands:
affiliation Manage affiliations
certificate Manage certificates
completion Generate the autocompletion script for the specified shell
enroll Enroll an identity
gencrl Generate a CRL
gencsr Generate a CSR
getcainfo Get CA certificate chain and Idemix public key
help Help about any command
identity Manage identities
reenroll Reenroll an identity
register Register an identity
revoke Revoke an identity
version Prints Fabric CA Client version
Flags:
--caname string Name of CA
--csr.cn string The common name field of the certificate signing request
--csr.hosts strings A list of comma-separated host names in a certificate signing request
--csr.keyrequest.algo string Specify key algorithm
--csr.keyrequest.reusekey Reuse existing key during reenrollment
--csr.keyrequest.size int Specify key size
--csr.names strings A list of comma-separated CSR names of the form <name>=<value> (e.g. C=CA,O=Org1)
--csr.serialnumber string The serial number in a certificate signing request
--enrollment.attrs strings A list of comma-separated attribute requests of the form <name>[:opt] (e.g. foo,bar:opt)
--enrollment.label string Label to use in HSM operations
--enrollment.profile string Name of the signing profile to use in issuing the certificate
--enrollment.type string The type of enrollment request: 'x509' or 'idemix' (default "x509")
-h, --help help for fabric-ca-client
-H, --home string Client's home directory (default "$HOME/.fabric-ca-client")
--id.affiliation string The identity's affiliation
--id.attrs strings A list of comma-separated attributes of the form <name>=<value> (e.g. foo=foo1,bar=bar1)
--id.maxenrollments int The maximum number of times the secret can be reused to enroll (default CA's Max Enrollment)
--id.name string Unique name of the identity
--id.secret string The enrollment secret for the identity being registered
--id.type string Type of identity being registered (e.g. 'peer, app, user') (default "client")
--idemix.curve string The identity mixer curve ID to use among {'amcl.Fp256bn', 'gurvy.Bn254', 'amcl.Fp256Miraclbn'} (default "amcl.Fp256bn")
--loglevel string Set logging level (info, warning, debug, error, fatal, critical)
-M, --mspdir string Membership Service Provider directory (default "msp")
-m, --myhost string Hostname to include in the certificate signing request during enrollment (default "$HOSTNAME")
-a, --revoke.aki string AKI (Authority Key Identifier) of the certificate to be revoked
-e, --revoke.name string Identity whose certificates should be revoked
-r, --revoke.reason string Reason for revocation
-s, --revoke.serial string Serial number of the certificate to be revoked
--tls.certfiles strings A list of comma-separated PEM-encoded trusted certificate files (e.g. root1.pem,root2.pem)
--tls.client.certfile string PEM-encoded certificate file when mutual authenticate is enabled
--tls.client.keyfile string PEM-encoded key file when mutual authentication is enabled
-u, --url string URL of fabric-ca-server (default "http://localhost:7054")
Use "fabric-ca-client [command] --help" for more information about a command.
Identity Command¶
Manage identities
Usage:
fabric-ca-client identity [command]
Available Commands:
add Add identity
list List identities
modify Modify identity
remove Remove identity
Flags:
-h, --help help for identity
-----------------------------
Add an identity
Usage:
fabric-ca-client identity add <id> [flags]
Examples:
fabric-ca-client identity add user1 --type peer
Flags:
--affiliation string The identity's affiliation
--attrs strings A list of comma-separated attributes of the form <name>=<value> (e.g. foo=foo1,bar=bar1)
-h, --help help for add
--json string JSON string for adding a new identity
--maxenrollments int The maximum number of times the secret can be reused to enroll (default CA's Max Enrollment)
--secret string The enrollment secret for the identity being added
--type string Type of identity being registered (e.g. 'peer, app, user') (default "user")
-----------------------------
List identities visible to caller
Usage:
fabric-ca-client identity list [flags]
Flags:
-h, --help help for list
--id string Get identity information from the fabric-ca server
-----------------------------
Modify an existing identity
Usage:
fabric-ca-client identity modify <id> [flags]
Examples:
fabric-ca-client identity modify user1 --type peer
Flags:
--affiliation string The identity's affiliation
--attrs strings A list of comma-separated attributes of the form <name>=<value> (e.g. foo=foo1,bar=bar1)
-h, --help help for modify
--json string JSON string for modifying an existing identity
--maxenrollments int The maximum number of times the secret can be reused to enroll
--secret string The enrollment secret for the identity
--type string Type of identity being registered (e.g. 'peer, app, user')
-----------------------------
Remove an identity
Usage:
fabric-ca-client identity remove <id> [flags]
Examples:
fabric-ca-client identity remove user1
Flags:
--force Forces removing your own identity
-h, --help help for remove
Affiliation Command¶
Manage affiliations
Usage:
fabric-ca-client affiliation [command]
Available Commands:
add Add affiliation
list List affiliations
modify Modify affiliation
remove Remove affiliation
Flags:
-h, --help help for affiliation
-----------------------------
Add affiliation
Usage:
fabric-ca-client affiliation add <affiliation> [flags]
Flags:
--force Creates parent affiliations if they do not exist
-h, --help help for add
-----------------------------
List affiliations visible to caller
Usage:
fabric-ca-client affiliation list [flags]
Flags:
--affiliation string Get affiliation information from the fabric-ca server
-h, --help help for list
-----------------------------
Modify existing affiliation
Usage:
fabric-ca-client affiliation modify <affiliation> [flags]
Flags:
--force Forces identities using old affiliation to use new affiliation
-h, --help help for modify
--name string Rename the affiliation
-----------------------------
Remove affiliation
Usage:
fabric-ca-client affiliation remove <affiliation> [flags]
Flags:
--force Forces removal of any child affiliations and any identities associated with removed affiliations
-h, --help help for remove
Certificate Command¶
Manage certificates
Usage:
fabric-ca-client certificate [command]
Available Commands:
list List certificates
Flags:
-h, --help help for certificate
-----------------------------
List all certificates which are visible to the caller and match the flags
Usage:
fabric-ca-client certificate list [flags]
Examples:
fabric-ca-client certificate list --id admin --expiration 2018-01-01::2018-01-30
fabric-ca-client certificate list --id admin --expiration 2018-01-01T01:30:00z::2018-01-30T11:30:00z
fabric-ca-client certificate list --id admin --expiration -30d::-15d
Flags:
--aki string Get certificates for this AKI
--expiration string Get certificates which expire between the UTC timestamp (RFC3339 format) or duration specified (e.g. <begin_time>::<end_time>)
-h, --help help for list
--id string Get certificates for this enrollment ID
--notexpired Don't return expired certificates
--notrevoked Don't return revoked certificates
--revocation string Get certificates that were revoked between the UTC timestamp (RFC3339 format) or duration specified (e.g. <begin_time>::<end_time>)
--serial string Get certificates for this serial number
--store string Store requested certificates in this location