Document why we are not passing the config to cfssl serve

pvarki · Feb 11, 2024 · 60142f5 · 60142f5
1 parent bcae192
commit 60142f5
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/files/cfssl-start.sh b/files/cfssl-start.sh
@@ -16,7 +16,9 @@ cfssl serve -address=$CFSSL_BIND_ADDRESS -port $CFSSL_BIND_PORT \
   -responder="${RUN_OCSP_CERT}" -responder-key="${RUN_OCSP_KEY}" \
   -int-bundle "${RUN_INTER_CA}" -ca-bundle "${RUN_CA}" \
   -loglevel 0
-
+# If we give this config to serve we get [WARNING] failed to sign request: {"code":5100,"message":"Invalid policy: no key usage available"}
+# But when we use it at CLI it works fine. WTF....
+#   -config "${RUN_CA_CFSSL_CONF}" \
 
 #
 # Exit/restart/crash