However, it would be nice to have a --subject option in order to have complete control over the common name that is limited by assumptions of --common-name
Example
certstrap init --key-bits=4096 --passphrase "fooo" --common-name "foo, DC = example, DC = com" --exclude-path-length
openssl x509 --text -in out/foo\,_DC_\=_example\,_DC_\=_com.crt | grep "Subject: CN"
returns
Subject: CN = "foo, DC = example, DC = com"
instead of
Subject: CN = foo, DC = example, DC = com
This might be nitty but there are times it is nice to not have certstrap adding quotes or auto prefixing CN
Maybe there is a reason for controlling CN as full control causes more issues with the file auto format. I'm still playing around with it but it would appear init and request-cert seem to create different auto out file formats when using "=" and "," in the CN.
First, this is an excellent project. Thank you!
However, it would be nice to have a --subject option in order to have complete control over the common name that is limited by assumptions of --common-name
Example
returns
instead of Subject: CN = foo, DC = example, DC = com
OpenSSL will allow you to do this with
This might be nitty but there are times it is nice to not have certstrap adding quotes or auto prefixing CN
Maybe there is a reason for controlling CN as full control causes more issues with the file auto format. I'm still playing around with it but it would appear init and request-cert seem to create different auto out file formats when using "=" and "," in the CN.