Fabric-CA Client’s CLI¶
Hyperledger Fabric Certificate Authority Client
Usage:
fabric-ca-client [command]
Available Commands:
affiliation Manage affiliations
certificate Manage certificates
enroll Enroll an identity
gencrl Generate a CRL
gencsr Generate a CSR
getcainfo Get CA certificate chain and Idemix public key
identity Manage identities
reenroll Reenroll an identity
register Register an identity
revoke Revoke an identity
version Prints Fabric CA Client version
Flags:
--caname string Name of CA
--csr.cn string The common name field of the certificate signing request
--csr.hosts stringSlice A list of space-separated host names in a certificate signing request
--csr.names stringSlice A list of comma-separated CSR names of the form <name>=<value> (e.g. C=CA,O=Org1)
--csr.serialnumber string The serial number in a certificate signing request
-d, --debug Enable debug level logging
--enrollment.attrs stringSlice A list of comma-separated attribute requests of the form <name>[:opt] (e.g. foo,bar:opt)
--enrollment.label string Label to use in HSM operations
--enrollment.profile string Name of the signing profile to use in issuing the certificate
--enrollment.type string The type of enrollment request (default "x509")
-H, --home string Client's home directory (default "$HOME/.fabric-ca-client")
--id.affiliation string The identity's affiliation
--id.attrs stringSlice A list of comma-separated attributes of the form <name>=<value> (e.g. foo=foo1,bar=bar1)
--id.maxenrollments int The maximum number of times the secret can be reused to enroll (default CA's Max Enrollment)
--id.name string Unique name of the identity
--id.secret string The enrollment secret for the identity being registered
--id.type string Type of identity being registered (e.g. 'peer, app, user') (default "client")
-M, --mspdir string Membership Service Provider directory (default "msp")
-m, --myhost string Hostname to include in the certificate signing request during enrollment (default "$HOSTNAME")
-a, --revoke.aki string AKI (Authority Key Identifier) of the certificate to be revoked
-e, --revoke.name string Identity whose certificates should be revoked
-r, --revoke.reason string Reason for revocation
-s, --revoke.serial string Serial number of the certificate to be revoked
--tls.certfiles stringSlice A list of comma-separated PEM-encoded trusted certificate files (e.g. root1.pem,root2.pem)
--tls.client.certfile string PEM-encoded certificate file when mutual authenticate is enabled
--tls.client.keyfile string PEM-encoded key file when mutual authentication is enabled
-u, --url string URL of fabric-ca-server (default "http://localhost:7054")
Use "fabric-ca-client [command] --help" for more information about a command.
Identity Command¶
Manage identities
Usage:
fabric-ca-client identity [command]
Available Commands:
add Add identity
list List identities
modify Modify identity
remove Remove identity
-----------------------------
Add an identity
Usage:
fabric-ca-client identity add <id> [flags]
Examples:
fabric-ca-client identity add user1 --type peer
Flags:
--affiliation string The identity's affiliation
--attrs stringSlice A list of comma-separated attributes of the form <name>=<value> (e.g. foo=foo1,bar=bar1)
--json string JSON string for adding a new identity
--maxenrollments int The maximum number of times the secret can be reused to enroll (default CA's Max Enrollment)
--secret string The enrollment secret for the identity being added
--type string Type of identity being registered (e.g. 'peer, app, user') (default "user")
-----------------------------
List identities visible to caller
Usage:
fabric-ca-client identity list [flags]
Flags:
--id string Get identity information from the fabric-ca server
-----------------------------
Modify an existing identity
Usage:
fabric-ca-client identity modify <id> [flags]
Examples:
fabric-ca-client identity modify user1 --type peer
Flags:
--affiliation string The identity's affiliation
--attrs stringSlice A list of comma-separated attributes of the form <name>=<value> (e.g. foo=foo1,bar=bar1)
--json string JSON string for modifying an existing identity
--maxenrollments int The maximum number of times the secret can be reused to enroll
--secret string The enrollment secret for the identity
--type string Type of identity being registered (e.g. 'peer, app, user')
-----------------------------
Remove an identity
Usage:
fabric-ca-client identity remove <id> [flags]
Examples:
fabric-ca-client identity remove user1
Flags:
--force Forces removing your own identity
Affiliation Command¶
Manage affiliations
Usage:
fabric-ca-client affiliation [command]
Available Commands:
add Add affiliation
list List affiliations
modify Modify affiliation
remove Remove affiliation
-----------------------------
Add affiliation
Usage:
fabric-ca-client affiliation add <affiliation> [flags]
Flags:
--force Creates parent affiliations if they do not exist
-----------------------------
List affiliations visible to caller
Usage:
fabric-ca-client affiliation list [flags]
Flags:
--affiliation string Get affiliation information from the fabric-ca server
-----------------------------
Modify existing affiliation
Usage:
fabric-ca-client affiliation modify <affiliation> [flags]
Flags:
--force Forces identities using old affiliation to use new affiliation
--name string Rename the affiliation
-----------------------------
Remove affiliation
Usage:
fabric-ca-client affiliation remove <affiliation> [flags]
Flags:
--force Forces removal of any child affiliations and any identities associated with removed affiliations
Certificate Command¶
Manage certificates
Usage:
fabric-ca-client certificate [command]
Available Commands:
list List certificates
-----------------------------
List all certificates which are visible to the caller and match the flags
Usage:
fabric-ca-client certificate list [flags]
Examples:
fabric-ca-client certificate list --id admin --expiration 2018-01-01::2018-01-30
fabric-ca-client certificate list --id admin --expiration 2018-01-01T01:30:00z::2018-01-30T11:30:00z
fabric-ca-client certificate list --id admin --expiration -30d::-15d
Flags:
--aki string Get certificates for this AKI
--expiration string Get certificates which expire between the UTC timestamp (RFC3339 format) or duration specified (e.g. <begin_time>::<end_time>)
--id string Get certificates for this enrollment ID
--notexpired Don't return expired certificates
--notrevoked Don't return revoked certificates
--revocation string Get certificates that were revoked between the UTC timestamp (RFC3339 format) or duration specified (e.g. <begin_time>::<end_time>)
--serial string Get certificates for this serial number
--store string Store requested certificates in this location