cfssl certinfo should be pipeable into cfssl genkey -
mrnetops opened this issue · comments
Mr. Netops commented
cfssl certinfo
should be pipeable into cfssl genkey -
to generate a new csr and key based off of a preexisting cert, csr or domain.
i.e.
cfssl certinfo -domain www.cloudflare.com | cfssl genkey -
This would be useful for renewals.
Currently, I end up with pretty much none of the data translating into the new csr/key
- No subject
- No san
- No matching key algorithm
cfssl certinfo
doesn't provide full key details.
i.e. no "key": { "algo": "rsa", "size": 2048 }
or equivalent
cfssl certinfo
andcfssl genkey
don't represent data the same way, nor doescfssl genkey
seem to alias or understandcfssl certinfo
data.
i.e.
cfssl certinfo
.sans vs cfssl genkey -
.hosts
cfssl certinfo
.subject (and sub-key names) vs cfssl genkey
.names (and sub-key names)
Mr. Netops commented
Tangentially related, for cfssl genkey
, why is names
an array then an object instead of just an object? When would there be multiple objects under names
?
ala
"names": [
{
"C": "US",
"L": "San Francisco",
"O": "Internet Widgets, Inc.",
"OU": "WWW",
"ST": "California"
}
]
vs
"names": {
"C": "US",
"L": "San Francisco",
"O": "Internet Widgets, Inc.",
"OU": "WWW",
"ST": "California"
}