cfssl certinfo should be pipeable into cfssl genkey -

Question

cfssl certinfo should be pipeable into cfssl genkey -

mrnetops opened this issue 2 years ago · comments

cfssl certinfo should be pipeable into cfssl genkey - to generate a new csr and key based off of a preexisting cert, csr or domain.

i.e.

cfssl certinfo -domain www.cloudflare.com | cfssl genkey -

This would be useful for renewals.

Currently, I end up with pretty much none of the data translating into the new csr/key

No subject
No san
No matching key algorithm

cfssl certinfo doesn't provide full key details.

i.e. no "key": { "algo": "rsa", "size": 2048 } or equivalent

cfssl certinfo and cfssl genkey don't represent data the same way, nor does cfssl genkey seem to alias or understand cfssl certinfo data.

i.e.
cfssl certinfo .sans vs cfssl genkey - .hosts
cfssl certinfo .subject (and sub-key names) vs cfssl genkey .names (and sub-key names)

Mr. Netops · Answer 1 · Tue Mar 29 2022 08:03:43 GMT+0800 (China Standard Time)

Tangentially related, for cfssl genkey, why is names an array then an object instead of just an object? When would there be multiple objects under names?

ala

    "names": [
        {
            "C":  "US",
            "L":  "San Francisco",
            "O":  "Internet Widgets, Inc.",
            "OU": "WWW",
            "ST": "California"
        }
    ]

vs

    "names": {
            "C":  "US",
            "L":  "San Francisco",
            "O":  "Internet Widgets, Inc.",
            "OU": "WWW",
            "ST": "California"
    }