On Mar 24, 2017, at 1:17 PM, A.L.M.Buxey@lboro.ac.uk wrote: given that the script creates CA and server cert only valid for 30 days its hardly ready for production.
those who want to use the provided scripts to start up their own proper system would normally edit a few values - CA and server lifetime values..
Yes.
now, assuming that they populate the fields correctly, what are the errors/issues with the provided bootstrap (lots of work has gone into keeping them relevant) - the CA:False etc , migration to SHA methods, better DH etc have all been done. IIRC the only things missing are CRLDP and SubjectAlternativeName , correct?
Pretty much. Some integration with LDAP may be useful, but that quickly devolves into lots of complexity. Alan DeKok.