Sans #71
Sans #71
Conversation
* examples * modify WithHosts to add only if missing * add a new claim to step provisioning tokens
|
I will remove the dep on 'sans' branch of certificates before merging (update the dependency and run dep ensure). Just wanted it for testing. |
Codecov Report
@@ Coverage Diff @@
## master #71 +/- ##
=========================================
Coverage ? 68.28%
=========================================
Files ? 58
Lines ? 7778
Branches ? 0
=========================================
Hits ? 5311
Misses ? 2102
Partials ? 365
Continue to review full report at Codecov.
|
command/ca/certificate.go
Outdated
| @@ -27,7 +27,8 @@ func newCertificateCommand() cli.Command { | |||
| Usage: "generate a new private key and certificate signed by the root certificate", | |||
| UsageText: `**step ca certificate** <hostname> <crt-file> <key-file> | |||
There was a problem hiding this comment.
<hostname> here should be common name, and only should be treated as hostname if no --san are given
There was a problem hiding this comment.
Change the definition of <hostname> in ##POSITIONAL ARGUMENTS
There was a problem hiding this comment.
At least we should discuss if subject should be a hostname or just the common name if --san is provided
command/ca/token.go
Outdated
| @@ -243,6 +266,7 @@ func generateToken(sub, kid, iss, aud, root string, notBefore, notAfter time.Tim | |||
| if len(root) > 0 { | |||
| tokOptions = append(tokOptions, token.WithRootCA(root)) | |||
| } | |||
| tokOptions = append(tokOptions, token.WithSANS(appendIfMissing(sans, sub))) | |||
There was a problem hiding this comment.
See previous comments about sub == cn and sans
* hostname -> common name
command/ca/certificate.go
Outdated
| @@ -25,16 +25,18 @@ func newCertificateCommand() cli.Command { | |||
| Name: "certificate", | |||
| Action: command.ActionFunc(newCertificateAction), | |||
| Usage: "generate a new private key and certificate signed by the root certificate", | |||
| UsageText: `**step ca certificate** <hostname> <crt-file> <key-file> | |||
| UsageText: `**step ca certificate** <common-name> <crt-file> <key-file> | |||
There was a problem hiding this comment.
For consistency with step ca token let's call this <subject>
* travis trying to use go modules
Add SAN support to
step certificate createandstep ca certificateCurrently the CLI does not support adding Subject Alternative Names. The user can provide one cmd line arg which doubles as a Common Name and the only subject alternative name (in
step certificate createit is not duplicated in the SANs).This PR adds the ability to configure SANs from the cli. If no SANs are configured then:
step ca certificatewill duplicate the cmd line arg as both a subject common name and the only SAN.step certificate createwill use the cmd line arg as a subject common name and have no SANs.If at least one SAN is configured (via the cmd line) then only those SANs which are explicitly configured will be set.