Open allthingsclowd opened 4 years ago
@allthingsclowd thank you for spotting this! You are absolutely correct, the documentation https://www.consul.io/docs/commands/tls/ca.html is wrong. Domain is supported and it is part of the filename of the CA and the key. It would be great to document that since the CA will also have a constraint on that domain name: https://github.com/hashicorp/consul/blob/5a6e602b86224a5179ba6f30a1771396bc14de9b/tlsutil/generate.go#L65-L68.
Would you like to create a PR or should I take care of this?
Hi Team,
I may just be interpreting the documentation incorrectly, apologies if that's the case. The documentation for the
consul tls
helper function for creating consul pki certificates implies that a filename prefix can be added as follows:Usage: consul tls ca create [filename-prefix] [options]
sourceHowever when I try using a filename prefix of bananas, it's ignored:
Looking at the code it appears the the filename prefix is actually taken by reading the
-domain
flag sourceAnd by testing I get the desired result:
If the code is correct I think that it may be clearer to remove the
[filename-prefix]
from the usage examples and just update the options section for-domain
to mention this is also used as the prefix for the generated files?Thank you.