Allow complete customized of common name with new switch
jeremybusk opened this issue · comments
First, this is an excellent project. Thank you!
However, it would be nice to have a --subject option in order to have complete control over the common name that is limited by assumptions of --common-name
Example
certstrap init --key-bits=4096 --passphrase "fooo" --common-name "foo, DC = example, DC = com" --exclude-path-length
openssl x509 --text -in out/foo\,_DC_\=_example\,_DC_\=_com.crt | grep "Subject: CN"
returns
Subject: CN = "foo, DC = example, DC = com"
instead of
Subject: CN = foo, DC = example, DC = com
OpenSSL will allow you to do this with
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout a.key -out a.crt -subj "/DC=com/DC=example/CN=foo"
This might be nitty but there are times it is nice to not have certstrap adding quotes or auto prefixing CN
Maybe there is a reason for controlling CN as full control causes more issues with the file auto format. I'm still playing around with it but it would appear init and request-cert seem to create different auto out file formats when using "=" and "," in the CN.