The certificate combinatorial craziness configuration consideration

[hlandau]

This follows on from #107. Different daemons desire diverging designs of DER digests. DNSSEC digression: DANE discordantly demands delivery of directorate dossiers during document dissemination.

certificate
intermediate
root
certificate, intermediate, root
certificate, intermediate
intermediate, root

privkey, certificate
privkey, intermediate
privkey, root
privkey, certificate, intermediate, root
privkey, certificate, intermediate
privkey, intermediate, root

Define data dumping designation?

[bong0]

:+1: for this. LMAO xD (sorry for not providing nothing substatial)

[bvleur]

:grin: issue text :grin:

I personally would like it if all combinations mentioned above are always written in files named:

priv
cert
intr
root
cert+intr
cert+intr+root
priv+cert+intr+root
…

(or alternatively the unabbreviated version, or with a dash instead of a plus sign)

[dlitz]

Don't forget about dhparams! ;)

I think it's fine to just provide what we have now (priv, cert, chain, fullchain), plus the necessary hooks to let application-specific hookscripts provide whatever else the application needs.

In general, I'd rather not have acmetool making a bunch of copies of my private key. Ideally, it should not even expect to be able to read a private key once it's been generated. Private keys might be stored in hardware, or on another machine, or on the same machine but restricted via selinux policies.

[hlandau]

@dlitz Created #136.