TinCanTech
TinCanTech
Superseded-by: #1096
> Hi, when signing a csr the confirmation screen shows different SAN entries than the final certificate will contain. > > E.g. `./easyrsa --san="ipaddress:127.0.0.1" --san="DNS:localhost.localdomain" sign-req server myCSR` > >...
This seems to be a left-over from some obscure, early incantation of SAN as an `easyrsa` option. The idea that a `LF`, **inside** an option that `easyrsa` intends passing to...
`TLDR;` Global options: `--passin`, `--passout` **Build CA**: Both options MUST be set to the same passphrase. easyrsa --passin=pass:EASYRSA --passout=pass:EASYRSA build-ca **`Build-*-full`**: Gets more interesting ..
With `build-*-full`, `--passin` is the CA passphrase, while `--passout` is the new key passphrase.
With `set-pass`, `--passin` is the current key passphrase, while `--passout` is the new key passphrase.
This PR potentially supersedes #439
Requires thorough testing. The signed cert. output-file could be named after the new `commonName`, which would require that `revoke` and `renew` either not fail for a missing request file or...
Linking: #1087 #1089
I am considering making `comply` be default and having an **opt-out** option. Linking: #1089