easy-rsa icon indicating copy to clipboard operation
easy-rsa copied to clipboard

Published 20 hours ago verified publisher icon OpenVPN

init-pki: Option SOFT, keep certificate signing requests

Open TinCanTech opened this issue 2 years ago • 2 comments

This allows a new CA to sign certificates "in the field".

TinCanTech avatar Apr 19 '23 01:04 TinCanTech

No matter how you renew a CA, this still requires that the client update their certificates.

However, all of the updates required here are public data and can be shared openly.

TinCanTech avatar Apr 19 '23 01:04 TinCanTech

The idea of keeping CSR's is good but I think this may be better as (yet another) option:

  • eg: easyrsa init-pki rebuild-pki

This is intended for use by a new CA, to sign valid certifcates "in the field".

The command above could simply be: easyrsa rebuild-pki

TinCanTech avatar Apr 19 '23 12:04 TinCanTech