[FAB-8750] Fabric-ca docs need updating

Fabric-ca docs currenty refers to an older CLI and config,
this needs to be updated.

Change-Id: Iaa164595217cc29ade49c9997a59545c03060557
Signed-off-by: Saad Karim <skarim@us.ibm.com>

cmd/fabric-ca-client/config.go

@@ -130,10 +130,16 @@ tls:
 #    are abbreviations for the following:
 #        "C": country
 #        "L": locality or municipality (such as city or town name)
-#        "O": organisation
+#        "O": organization
+#        "OU": organizational unit, such as the department responsible for owning the key;
+#         it can also be used for a "Doing Business As" (DBS) name
 #        "ST": the state or province
+#
 #    Note that the "OU" or organizational units of an ECert are always set according
-#    to the values of the identities type and affiliation.
+#    to the values of the identities type and affiliation. OUs are calculated for an enroll
+#    as OU=<type>, OU=<affiliationRoot>, ..., OU=<affiliationLeaf>. For example, an identity
+#    of type "client" with an affiliation of "org1.dept2.team3" would have the following
+#    organizational units: OU=client, OU=org1, OU=dept2, OU=team3
 #
 #  hosts - A list of host names for which the certificate should be valid
 #

docs/source/clientcli.rst

@@ -9,10 +9,12 @@ Fabric-CA Client's CLI
       fabric-ca-client [command]
     
     Available Commands:
+      affiliation Manage affiliations
       enroll      Enroll an identity
       gencrl      Generate a CRL
       gencsr      Generate a CSR
       getcacert   Get CA certificate chain
+      identity    Manage identities
       reenroll    Reenroll an identity
       register    Register an identity
       revoke      Revoke an identity
@@ -31,10 +33,10 @@ Fabric-CA Client's CLI
       -H, --home string                    Client's home directory (default "$HOME/.fabric-ca-client")
           --id.affiliation string          The identity's affiliation
           --id.attrs stringSlice           A list of comma-separated attributes of the form <name>=<value> (e.g. foo=foo1,bar=bar1)
-          --id.maxenrollments int          The maximum number of times the secret can be reused to enroll. (default -1)
+          --id.maxenrollments int          The maximum number of times the secret can be reused to enroll (default CA's Max Enrollment)
           --id.name string                 Unique name of the identity
           --id.secret string               The enrollment secret for the identity being registered
-          --id.type string                 Type of identity being registered (e.g. 'peer, app, user') (default "user")
+          --id.type string                 Type of identity being registered (e.g. 'peer, app, user') (default "client")
       -M, --mspdir string                  Membership Service Provider directory (default "msp")
       -m, --myhost string                  Hostname to include in the certificate signing request during enrollment (default "$HOSTNAME")
       -a, --revoke.aki string              AKI (Authority Key Identifier) of the certificate to be revoked

docs/source/clientconfig.rst

@@ -50,7 +50,7 @@ Fabric-CA Client's Configuration File
     # Membership Service Provider (MSP) directory
     # This is useful when the client is used to enroll a peer or orderer, so
     # that the enrollment artifacts are stored in the format expected by MSP.
-    mspdir:
+    mspdir: msp
     
     #############################################################################
     #    TLS section for secure socket connection
@@ -70,29 +70,38 @@ Fabric-CA Client's Configuration File
         keyfile:
     
     #############################################################################
-    #  Certificate Signing Request section for generating the CSR for
-    #  an enrollment certificate (ECert)
+    #  Certificate Signing Request section for generating the CSR for an
+    #  enrollment certificate (ECert)
     #
     #  cn - Used by CAs to determine which domain the certificate is to be generated for
+    #
+    #  serialnumber - The serialnumber field, if specified, becomes part of the issued
+    #     certificate's DN (Distinguished Name).  For example, one use case for this is
+    #     a company with its own CA (Certificate Authority) which issues certificates
+    #     to its employees and wants to include the employee's serial number in the DN
+    #     of its issued certificates.
+    #     WARNING: The serialnumber field should not be confused with the certificate's
+    #     serial number which is set by the CA but is not a component of the
+    #     certificate's DN.
+    #
     #  names -  A list of name objects. Each name object should contain at least one
-    #  "C", "L", "O", "OU", or "ST" value (or any combination of these). These values are:
-    #      "C": country
-    #      "L": locality or municipality (such as city or town name)
-    #      "O": organisation
-    #      "OU": organisational unit, such as the department responsible for owning the key;
-    #      it can also be used for a "Doing Business As" (DBS) name
-    #      "ST": the state or province
-    #  hosts - A list of space-separated host names which the certificate should be valid for
+    #    "C", "L", "O", or "ST" value (or any combination of these) where these
+    #    are abbreviations for the following:
+    #        "C": country
+    #        "L": locality or municipality (such as city or town name)
+    #        "O": organization
+    #        "OU": organizational unit, such as the department responsible for owning the key;
+    #         it can also be used for a "Doing Business As" (DBS) name
+    #        "ST": the state or province
+    #
+    #    Note that the "OU" or organizational units of an ECert are always set according
+    #    to the values of the identities type and affiliation. OUs are calculated for an enroll
+    #    as OU=<type>, OU=<affiliationRoot>, ..., OU=<affiliationLeaf>. For example, an identity
+    #    of type "client" with an affiliation of "org1.dept2.team3" would have the following
+    #    organizational units: OU=client, OU=org1, OU=dept2, OU=team3
     #
-    #  NOTE: The serialnumber field below, if specified, becomes part of the issued
-    #  certificate's DN (Distinguished Name).  For example, one use case for this is
-    #  a company with its own CA (Certificate Authority) which issues certificates
-    #  to its employees and wants to include the employee's serial number in the DN
-    #  of its issued certificates.
+    #  hosts - A list of host names for which the certificate should be valid
     #
-    #  WARNING: This serialnumber field should not be confused with the certificate's
-    #  serial number which is set by the CA but is not a component of the
-    #  certificate's DN.
     #############################################################################
     csr:
       cn: <<<ENROLLMENT_ID>>>
@@ -105,10 +114,6 @@ Fabric-CA Client's Configuration File
           OU: Fabric
       hosts:
         - <<<MYHOST>>>
-      ca:
-        pathlen:
-        pathlenzero:
-        expiry:
     
     #############################################################################
     #  Registration section used to register a new identity with fabric-ca server
@@ -117,17 +122,18 @@ Fabric-CA Client's Configuration File
     #  type - Type of identity being registered (e.g. 'peer, app, user')
     #  affiliation - The identity's affiliation
     #  maxenrollments - The maximum number of times the secret can be reused to enroll.
-    #                   Specially, -1 means unlimited; 0 means disabled
+    #                   Specially, -1 means unlimited; 0 means to use CA's max enrollment
+    #                   value.
     #  attributes - List of name/value pairs of attribute for identity
     #############################################################################
     id:
       name:
       type:
       affiliation:
-      maxenrollments: -1
+      maxenrollments: 0
       attributes:
-        - name:
-          value:
+       # - name:
+       #   value:
     
     #############################################################################
     #  Enrollment section used to enroll an identity with fabric-ca server