gimmecert Changeset - 9b7abc96e6fa

Changeset - 9b7abc96e6fa

Parent rev.

Child rev.

[Not reviewed]

0 2 0

Branko Majic (branko) - 6 years ago 2018-03-21 21:21:12
branko@majic.rs

GC-19: Added documentation for the --update-dns-names server option:

- Updated CLI help examples.
- Added documentation for the server command describing the
--update-dns-names option
- Fixed invalid documentation for server and client commands that
states the existing artifacts will be overwritten.

2 files changed with 25 insertions and 5 deletions:

docs/usage.rst

gimmecert/cli.py

0 comments (0 inline, 0 general)

docs/usage.rst

➞

Show inline comments

@@ @@ -175,9 +175,6 @@ The command will: @@
 - Issue a certificate associated with the generated private key using
   the leaf CA (the one deepest in hierachy).
 Rerunning the command will overwrite existing private key and
 certificate without warning.
 Resulting private keys and certificates are stored within directory
 ``.gimmecert/server/``. Private key naming convention is
 ``NAME.key.pem``, while certificates are stored as
 server use (e.g. *digital signature* + *key encipherment* for KU, and
 *TLS WWW server authentication* for EKU).
 Rerunning the command will not overwrite existing data. However, if
 you made a mistake with additional DNS subject alternative names, you
 can easily fix this with the ``--update-dns-names`` option::
   # Replace existing additional names.
   gimmecert server --update-dns-names myserver correctname.example.com
   # Remove additional names altogether.
   gimmecert server --update-dns-names myserver
 The ``--update-dns-command`` will keep the private key intact - only
 the certificate will be renewed. If you haven't issued any certificate
 for this server entity before, though, the option is ignored, and the
 command behaves as if it was not specified (so you still get a private
 key and certificate).
 Issuing client certificates
 ---------------------------
@@ @@ -212,8 +225,7 @@ The command will: @@
 - Issue a certificate associated with the generated private key using
   the leaf CA (the one deepest in hierachy).
 Rerunning the command will overwrite existing private key and
 certificate without warning.
 Rerunning the command will not overwrite existing data.
 Resulting private keys and certificates are stored within directory
 ``.gimmecert/client/``. Private key naming convention is

gimmecert/cli.py

➞

Show inline comments

@@ @@ -50,6 +50,14 @@ Examples: @@
     # Issue a TLS client certificate.
     gimmecert client myclient
     # Renew a TLS server certificate with updated DNS subject alternative names. Keeps the private key if any.
     gimmecert server myserver wrongdns.local
     gimmecert server --update-dns-names myserver correctdns1.local correctdns2.local
     # Renew a TLS server certificate removing extra DNS subject alternative names. Keeps the private key if any.
     gimmecert server myserver dontneedthisname.local
     gimmecert server myserver --update-dns-names
 """

0 comments (0 inline, 0 general)