aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/leap_cli/commands/ca.rb9
1 files changed, 5 insertions, 4 deletions
diff --git a/lib/leap_cli/commands/ca.rb b/lib/leap_cli/commands/ca.rb
index 1763ba3..1e69c90 100644
--- a/lib/leap_cli/commands/ca.rb
+++ b/lib/leap_cli/commands/ca.rb
@@ -100,7 +100,7 @@ module LeapCli; module Commands
#
desc 'Creates a Certificate Signing Request for use in purchasing a commercial x509 certificate'
command :'init-csr' do |c|
- c.switch 'sign', :desc => 'additionally creates a cert that is signed by your own CA (recommended only for testing)', :negatable => false
+ #c.switch 'sign', :desc => 'additionally creates a cert that is signed by your own CA (recommended only for testing)', :negatable => false
c.action do |global_options,options,args|
assert_config! 'provider.domain'
assert_config! 'provider.name'
@@ -135,8 +135,8 @@ module LeapCli; module Commands
# Sign using our own CA, for use in testing but hopefully not production.
# It is not that commerical CAs are so secure, it is just that signing your own certs is
# a total drag for the user because they must click through dire warnings.
- if options[:sign]
- log :generating, "x509 server certificate for testing purposes" do
+ #if options[:sign]
+ log :generating, "self-signed x509 server certificate for testing purposes" do
cert = csr.to_cert
cert.serial_number.number = cert_serial_number(manager.provider.domain)
cert.not_before = today
@@ -144,8 +144,9 @@ module LeapCli; module Commands
cert.parent = ca_root
cert.sign! test_cert_signing_profile
write_file! [:commercial_cert, manager.provider.domain], cert.to_pem
+ log "please replace this file with the real certificate you get from a CA using #{Path.relative_path([:commercial_csr, manager.provider.domain])}"
end
- end
+ #end
end
end