From 3a24b3bf49c988cd734020226464aee6f7bb7572 Mon Sep 17 00:00:00 2001 From: elijah Date: Sat, 17 Nov 2012 01:29:37 -0800 Subject: always generate self-signed provider cert, but include a note that it should be written over. --- lib/leap_cli/commands/ca.rb | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'lib/leap_cli') diff --git a/lib/leap_cli/commands/ca.rb b/lib/leap_cli/commands/ca.rb index 1763ba3..1e69c90 100644 --- a/lib/leap_cli/commands/ca.rb +++ b/lib/leap_cli/commands/ca.rb @@ -100,7 +100,7 @@ module LeapCli; module Commands # desc 'Creates a Certificate Signing Request for use in purchasing a commercial x509 certificate' command :'init-csr' do |c| - c.switch 'sign', :desc => 'additionally creates a cert that is signed by your own CA (recommended only for testing)', :negatable => false + #c.switch 'sign', :desc => 'additionally creates a cert that is signed by your own CA (recommended only for testing)', :negatable => false c.action do |global_options,options,args| assert_config! 'provider.domain' assert_config! 'provider.name' @@ -135,8 +135,8 @@ module LeapCli; module Commands # Sign using our own CA, for use in testing but hopefully not production. # It is not that commerical CAs are so secure, it is just that signing your own certs is # a total drag for the user because they must click through dire warnings. - if options[:sign] - log :generating, "x509 server certificate for testing purposes" do + #if options[:sign] + log :generating, "self-signed x509 server certificate for testing purposes" do cert = csr.to_cert cert.serial_number.number = cert_serial_number(manager.provider.domain) cert.not_before = today @@ -144,8 +144,9 @@ module LeapCli; module Commands cert.parent = ca_root cert.sign! test_cert_signing_profile write_file! [:commercial_cert, manager.provider.domain], cert.to_pem + log "please replace this file with the real certificate you get from a CA using #{Path.relative_path([:commercial_csr, manager.provider.domain])}" end - end + #end end end -- cgit v1.2.3