Hyperledger Fabric Certificate Authority Server
Usage:
fabric-ca-server [command]
Available Commands:
completion Generate the autocompletion script for the specified shell
help Help about any command
init Initialize the fabric-ca server
start Start the fabric-ca server
version Prints Fabric CA Server version
Flags:
--address string Listening address of fabric-ca-server (default "0.0.0.0")
-b, --boot string The user:pass for bootstrap admin which is required to build default config file
--ca.certfile string PEM-encoded CA certificate file (default "ca-cert.pem")
--ca.chainfile string PEM-encoded CA chain file (default "ca-chain.pem")
--ca.keyfile string PEM-encoded CA key file
-n, --ca.name string Certificate Authority name
--ca.reenrollignorecertexpiry Ignore Certificate Expiry for re-enroll
--cacount int Number of non-default CA instances
--cafiles strings A list of comma-separated CA configuration files
--cfg.affiliations.allowremove Enables removal of affiliations dynamically
--cfg.identities.allowremove Enables removal of identities dynamically
--cfg.identities.passwordattempts int Number of incorrect password attempts allowed (default 10)
--cors.enabled Enable CORS for the fabric-ca-server
--cors.origins strings Comma-separated list of Access-Control-Allow-Origin domains
--crl.expiry duration Expiration for the CRL generated by the gencrl request (default 24h0m0s)
--crlsizelimit int Size limit of an acceptable CRL in bytes (default 512000)
--csr.cn string The common name field of the certificate signing request to a parent fabric-ca-server
--csr.hosts strings A list of comma-separated host names in a certificate signing request to a parent fabric-ca-server
--csr.keyrequest.algo string Specify key algorithm
--csr.keyrequest.reusekey Reuse existing key during reenrollment
--csr.keyrequest.size int Specify key size
--csr.serialnumber string The serial number in a certificate signing request to a parent fabric-ca-server
--db.datasource string Data source which is database specific (default "fabric-ca-server.db")
--db.tls.certfiles strings A list of comma-separated PEM-encoded trusted certificate files (e.g. root1.pem,root2.pem)
--db.tls.client.certfile string PEM-encoded certificate file when mutual authenticate is enabled
--db.tls.client.keyfile string PEM-encoded key file when mutual authentication is enabled
--db.type string Type of database; one of: sqlite3, postgres, mysql (default "sqlite3")
-d, --debug Enable debug level logging (slows server)
-h, --help help for fabric-ca-server
-H, --home string Server's home directory (default "/etc/hyperledger/fabric-ca")
--idemix.curve string Name of the curve among {'amcl.Fp256bn', 'gurvy.Bn254', 'amcl.Fp256Miraclbn'}, defaults to 'amcl.Fp256bn' (default "amcl.Fp256bn")
--idemix.nonceexpiration string Duration after which a nonce expires (default "15s")
--idemix.noncesweepinterval string Interval at which expired nonces are deleted (default "15m")
--idemix.rhpoolsize int Specifies revocation handle pool size (default 100)
--intermediate.enrollment.label string Label to use in HSM operations
--intermediate.enrollment.profile string Name of the signing profile to use in issuing the certificate
--intermediate.enrollment.type string The type of enrollment request: 'x509' or 'idemix' (default "x509")
--intermediate.parentserver.caname string Name of the CA to connect to on fabric-ca-server
-u, --intermediate.parentserver.url string URL of the parent fabric-ca-server (e.g. http://<username>:<password>@<address>:<port)
--intermediate.tls.certfiles strings A list of comma-separated PEM-encoded trusted certificate files (e.g. root1.pem,root2.pem)
--intermediate.tls.client.certfile string PEM-encoded certificate file when mutual authenticate is enabled
--intermediate.tls.client.keyfile string PEM-encoded key file when mutual authentication is enabled
--ldap.attribute.names strings The names of LDAP attributes to request on an LDAP search
--ldap.enabled Enable the LDAP client for authentication and attributes
--ldap.groupfilter string The LDAP group filter for a single affiliation group (default "(memberUid=%s)")
--ldap.tls.certfiles strings A list of comma-separated PEM-encoded trusted certificate files (e.g. root1.pem,root2.pem)
--ldap.tls.client.certfile string PEM-encoded certificate file when mutual authenticate is enabled
--ldap.tls.client.keyfile string PEM-encoded key file when mutual authentication is enabled
--ldap.url string LDAP client URL of form ldap://adminDN:adminPassword@host[:port]/base
--ldap.userfilter string The LDAP user filter to use when searching for users (default "(uid=%s)")
--loglevel string Set logging level (info, warning, debug, error, fatal, critical)
-p, --port int Listening port of fabric-ca-server (default 7054)
--registry.maxenrollments int Maximum number of enrollments; valid if LDAP not enabled (default -1)
--tls.certfile string PEM-encoded TLS certificate file for server's listening port (default "tls-cert.pem")
--tls.clientauth.certfiles strings A list of comma-separated PEM-encoded trusted certificate files (e.g. root1.pem,root2.pem)
--tls.clientauth.type string Policy the server will follow for TLS Client Authentication. (default "noclientcert")
--tls.enabled Enable TLS on the listening port
--tls.keyfile string PEM-encoded TLS key for server's listening port
Use "fabric-ca-server [command] --help" for more information about a command.