fix creating simple certificatesHEADmaster

Creating CAs requires the CALength to be set to a specific value. But
with normal certificates, 99% of the use case, this is not needed.
By setting it to -1 by default, the flag will become ignored for all
signatures apart from CAs.

1 files changed, 2 insertions, 2 deletions

diff --git a/create_cert.go b/create_cert.go
index c49e953..56ec4ca 100644
--- a/create_cert.go
+++ b/create_cert.go
@@ -56,7 +56,7 @@ func CreateCert(args []string) error {
 		flagOutput        string
 	)
 	fs := flag.NewFlagSet("pkictl create-cert", flag.ExitOnError)
-	fs.StringVar(&flagPrivate, "private-key", "", "the private key to generate the request")
+	fs.StringVar(&flagPrivate, "private-key", "", "the private key of the CA signing the certificate")
 	fs.StringVar(&flagCSR, "sign-request", "", "the certificate sign request")
 	fs.StringVar(&flagOutput, "output", "stdout", "path to the output file (default stdout)")
 	fs.BoolVar(&flagIsCA, "is-ca", false, "is the result a CA - when true ca is ignored")
@@ -64,7 +64,7 @@ func CreateCert(args []string) error {
 	fs.StringVar(&flagKeyUsage, "key-usage", "", "comma separated list of key usages")
 	fs.Var(&flagKeyExtUsage, "key-ext-usage", "comma separated list of further usages")
 	fs.Int64Var(&flagSerial, "serial", 0, "the serial for the issued certificate")
-	fs.IntVar(&flagLength, "length", 0, "the number of sub CAs allowed (-1 equals no limit)")
+	fs.IntVar(&flagLength, "length", -1, "the number of sub CAs allowed (-1 equals no limit)")
 	fs.StringVar(&flagCA, "ca", "", "path to the CA certificate")
 	fs.StringVar(
 		&flagNotBefore,