In inventories with multiple domains, the defaults result in debops-pki generating certificates that are invalid (do not fulfil the Name Constraints) whenever a certificate for a non-preferred domain is issued.
I hereby recommend adding name_constraints to the Useful global parameters section, where debops-pki users are pointed to the full variable documentation and discussion.
In inventories with multiple domains, the defaults result in
debops-pki
generating certificates that are invalid (do not fulfil the Name Constraints) whenever a certificate for a non-preferred domain is issued.I hereby recommend adding
name_constraints
to theUseful global parameters
section, wheredebops-pki
users are pointed to the full variable documentation and discussion.