TinCanTech
TinCanTech
If the private key is in the PKI then all is good. If the private key is not in the PKI then the owner of the key must create a...
> 1. There is not a canonical renew function that uses the old key I have a patch which introduces `renew-req`, which creates a new request with the original key....
> Any CA should be able to sign any CSR OK. I cannot think of any instances where EasyRSA has not been able to sign a CSR.
FTR, while I generally agree with this discussion about CA/sub-CA, I do not accept that EasyRSA `renew` should be how it is done or even discussed. EasyRSA `renew` only deals...
Re-opening for follow up discussion regarding `renew-req` command. #616
@dekeonus Your comments do not belong on this thread. Please start a new issue. ~~Your comments here **will be deleted**.~~
@dekeonus Please start your thread and refer to it here as a linked URL. Then please, stop bombing other issues. If you wish to discuss other options then we are...
@dekeonus You can open as many **_new_ issues** as you need to. __
Summary: - `renew` builds a new certificate and key, this will not change. - `renew-req` creates a new request from an existing key. `v3.1.1+` only.
`easyrsa` has never been **strictly** POSIX because doing so would require dropping support for Windows. Eg: `cleanup()` and to a lesser extent `hide_read_pass()` To a larger extent, _**aiming** for POSIX...