Certstrap issues

From UVOO Tech Wiki
Jump to navigation Jump to search

It would be nice to --subject option in order to have complete control over the common name that is limited by assumptions of --common-name

Example 

certstrap init --key-bits=4096 --passphrase "fooo" --common-name "foo, DC = example, DC = com" --exclude-path-length
openssl x509 --text -in out/foo\,_DC_\=_example\,_DC_\=_com.crt | grep "Subject: CN"

returns 

Subject: CN = "foo, DC = example, DC = com"

instead of Subject: CN = foo, DC = example, DC = com

OpenSSL will allow you to do this with 

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout a.key -out a.crt -subj "/DC=com/DC=example/CN=foo"

This might be nitty but there are times it is nice to not have certstrap adding quotes or auto prefixing CN

Retrieved from "https://tech.uvoo.io/index.php?title=Certstrap_issues&oldid=4643"