[docs]: usage of 'ca token' unclear #1065
Description
Hello!
- Vote on this issue by adding a 👍 reaction
- If you want to document this feature, comment to let us know (we'll work with you on design, scheduling, etc.)
Affected area/feature
Re: step ca token
(1) The help text states that --not-after and --not-before are used for the certificate validity. After (running into this and) looking into command/ca/token.go I found that these flags are for the token validity, not the certificate.
(2) --cert-not-after and --cert-not-before are described as This flag is only supported on SSH certificates. But I found no evidence in command/ca/token.go or in utils/cautils that this is true – it seems to work both for ssh and non-ssh tokens. Also, if it only applied to ssh certs, dedicated non-ssh cert options would be missing.