5 년 전 · 1592da921d
--- a/cmd/nebula-cert/sign.go
+++ b/cmd/nebula-cert/sign.go
@@ -36,7 +36,7 @@ func newSignFlags() *signFlags {
 
				 	sf.caCertPath = sf.set.String("ca-crt", "ca.crt", "Optional: path to the signing CA cert")
			
 
				 	sf.name = sf.set.String("name", "", "Required: name of the cert, usually a hostname")
			
 
				 	sf.ip = sf.set.String("ip", "", "Required: ip and network in CIDR notation to assign the cert")
			
 
				-	sf.duration = sf.set.Duration("duration", 0, "Required: how long the cert should be valid for. Valid time units are seconds: \"s\", minutes: \"m\", hours: \"h\"")
			
 
				+	sf.duration = sf.set.Duration("duration", 0, "Optional: how long the cert should be valid for. The default is 1 second before the signing cert expires. Valid time units are seconds: \"s\", minutes: \"m\", hours: \"h\"")
			
 
				 	sf.inPubPath = sf.set.String("in-pub", "", "Optional (if out-key not set): path to read a previously generated public key")
			
 
				 	sf.outKeyPath = sf.set.String("out-key", "", "Optional (if in-pub not set): path to write the private key to")
			
 
				 	sf.outCertPath = sf.set.String("out-crt", "", "Optional: path to write the certificate to")
			
--- a/cmd/nebula-cert/sign_test.go
+++ b/cmd/nebula-cert/sign_test.go
@@ -32,7 +32,7 @@ func Test_signHelp(t *testing.T) {
 
				 			"  -ca-key string\n"+
			
 
				 			"    \tOptional: path to the signing CA key (default \"ca.key\")\n"+
			
 
				 			"  -duration duration\n"+
			
 
				-			"    \tRequired: how long the cert should be valid for. Valid time units are seconds: \"s\", minutes: \"m\", hours: \"h\"\n"+
			
 
				+			"    \tOptional: how long the cert should be valid for. The default is 1 second before the signing cert expires. Valid time units are seconds: \"s\", minutes: \"m\", hours: \"h\"\n"+
			
 
				 			"  -groups string\n"+
			
 
				 			"    \tOptional: comma separated list of groups\n"+
			
 
				 			"  -in-pub string\n"+