In inventories with multiple domains, the defaults result in debops-pki generating certificates that are invalid (do not fulfil the Name Constraints) whenever a certificate for a non-preferred domain is issued.
I hereby recommend adding name_constraints to the Useful global parameters section, where debops-pki users are pointed to the full variable documentation and discussion.
In inventories with multiple domains, the defaults result in
debops-pkigenerating certificates that are invalid (do not fulfil the Name Constraints) whenever a certificate for a non-preferred domain is issued.I hereby recommend adding
name_constraintsto theUseful global parameterssection, wheredebops-pkiusers are pointed to the full variable documentation and discussion.