remove --subject-format from documentation/tutorials

devscripts/validation/docker_compose.py

@@ -73,7 +73,6 @@ def _sign_cert(container: str, ca: str, csr: str, **kwargs: Any) -> str:
         container,
         "sign_cert",
         f"--ca={ca}",
-        "--subject-format=rfc4514",
         f"--subject=CN={subject}",
         input=csr.encode("ascii"),
         compose_args=["-T"],
@@ -537,7 +536,6 @@ def test_acme(release: str, image: str) -> int:
                     "backend",
                     "init_ca",
                     "--path-length=1",
-                    "--subject-format=rfc4514",
                     "Root",
                     "CN=Root",
                     env=environ,
@@ -548,7 +546,6 @@ def test_acme(release: str, image: str) -> int:
                     "--acme-enable",
                     "--parent=Root",
                     "--path=ca/shared",
-                    "--subject-format=rfc4514",
                     "Child",
                     "CN=Child",
                     env=environ,

docs/source/cli/cas.rst

@@ -48,8 +48,8 @@ that has ACMEv2 enabled, simply use:
 
 .. code-block:: console
 
-   $ python manage.py init_ca --path-length=1 --subject-format=rfc4514 Root CN=Root
-   $ python manage.py init_ca --parent=Root --acme-enable --subject-format=rfc4514 Intermediate CN=Intermediate
+   $ python manage.py init_ca --path-length=1 Root CN=Root
+   $ python manage.py init_ca --parent=Root --acme-enable Intermediate CN=Intermediate
 
 .. NOTE::
 
@@ -321,19 +321,19 @@ add it by default.
 
    This option must be given `after` the mandatory ``name`` and ``subject`` arguments::
 
-       $ python manage.py init_ca --subject-format=rfc4514 NameOfCa CN=example.com --key-usage ...
+       $ python manage.py init_ca NameOfCa CN=example.com --key-usage ...
 
    The option has a variable number of values and parsing the command-line would not be unambiguous otherwise.
 
 The extension can be added using the ``--extended-key-usage`` option. Valid values are given by the values of
 the :py:attr:`~django_ca.constants.EXTENDED_KEY_USAGE_NAMES` mapping. For example::
 
-    $ python manage.py init_ca --subject-format=rfc4514 NameOfCa CN=example.com --extended-key-usage clientAuth serverAuth
+    $ python manage.py init_ca NameOfCa CN=example.com --extended-key-usage clientAuth serverAuth
 
 If you need to add OIDs not understood by **django-ca**, you can also pass any valid OID as a dotted string
 instead. In this example, the OID for ``serverAuth`` is used::
 
-    $ python manage.py init_ca --subject-format=rfc4514 NameOfCa CN=example.com --extended-key-usage 1.3.6.1.5.5.7.3.1
+    $ python manage.py init_ca NameOfCa CN=example.com --extended-key-usage 1.3.6.1.5.5.7.3.1
 
 Inhibit anyPolicy
 -----------------
@@ -372,7 +372,7 @@ certificate authorities.
 
    This option must be given `after` the mandatory ``name`` and ``subject`` arguments::
 
-       $ python manage.py init_ca --subject-format=rfc4514 NameOfCa CN=example.com --key-usage ...
+       $ python manage.py init_ca NameOfCa CN=example.com --key-usage ...
 
    The option has a variable number of values and parsing the command-line would not be unambiguous otherwise.
 
@@ -381,7 +381,7 @@ not append to) the default, so you have to name the default values as well. Vali
 values of the :py:attr:`~django_ca.constants.KEY_USAGE_NAMES` mapping. For example, to also set the
 `digitalSignature` flag::
 
-    $ python manage.py init_ca --subject-format=rfc4514 Name CN=example.com \
+    $ python manage.py init_ca Name CN=example.com \
     >    --key-usage keyCertSign cRLSign digitalSignature \
     >    ...
 
@@ -445,7 +445,7 @@ certificate authority to include at least the same features. This is not commonl
 
    This option must be given `after` the mandatory ``name`` and ``subject`` arguments::
 
-       $ python manage.py init_ca --subject-format=rfc4514 NameOfCa CN=example.com --key-usage ...
+       $ python manage.py init_ca NameOfCa CN=example.com --key-usage ...
 
    The option has a variable number of values and parsing the command-line would not be unambiguous otherwise.
 
@@ -454,7 +454,7 @@ any certificate signed by it (or any intermediate CA) will also have to set ``st
 
 You can set the TLS Feature extension with ``--tls-feature``::
 
-    $ python manage.py init_ca --subject-format=rfc4514 NameOfCA CN=example.com --tls-feature status_request ...
+    $ python manage.py init_ca NameOfCA CN=example.com --tls-feature status_request ...
 
 .. _cli_cas_string_formatting:
 
@@ -477,7 +477,7 @@ Authority Information Access extension, but also specifies a second URI that inc
     >     --ca-issuer http://example.com/{CA_ISSUER_PATH} \
     >     --ca-issuer http://ca-issuer.example.com/{SERIAL}/ \
     >     --parent 00:11:22... \
-    >     --subject-format=rfc4514 \
+    >     \
     >     NameOfCA CN=example.com
 
 The following variables are available:
@@ -520,7 +520,7 @@ Here is a shell session that illustrates the respective :command:`manage.py` com
    >     --crl-url=http://ca.example.com/crl \
    >     --ocsp-url=http://ocsp.ca.example.com \
    >     --issuer-url=http://ca.example.com/ca.crt \
-   >     --subject-format=rfc4514 \
+   >     \
    >     TestCA C=AT,L=Vienna,L=Vienna,O=Example,OU=ExampleUnit,CN=ca.example.com
    $ python manage.py list_cas
    BD:5B:AB:5B:A2:1C:49:0D:9A:B2:AA:BC:68:ED:ED:7D - TestCA

docs/source/cli/certs.rst

@@ -90,7 +90,7 @@ that these two will give the same CommonName and ``SubjectAlternativeName``:
 
 .. code-block:: console
 
-   $ python manage.py sign_cert --subject-format=rfc4514 --subject C=AT,...,CN=example.com
+   $ python manage.py sign_cert --subject C=AT,...,CN=example.com
    $ python manage.py sign_cert --alt example.com
 
 A given CommonName is only added to the ``SubjectAlternativeName`` extension if it is a valid :ref:`name
@@ -105,7 +105,7 @@ You can also disable adding the CommonName as ``subjectAlternativeName``:
 
 .. code-block:: console
 
-   $ python manage.py sign_cert --cn-not-in-san --subject-format=rfc4514 --subject C=AT,...,CN=example.com --alt=example.net
+   $ python manage.py sign_cert --cn-not-in-san --subject C=AT,...,CN=example.com --alt=example.net
 
 ... this will only have "example.net" but not example.com as ``subjectAlternativeName``.
 
@@ -117,7 +117,7 @@ in :manpage:`ASN1_GENERATE_NCONF(3SSL)`:
 
 .. code-block:: console
 
-   $ python manage.py sign_cert --subject-format=rfc4514 --subject CN=example.com --alt="otherName:1.3.6.1.4.1.311.20.2.3;UTF8:[email protected]"
+   $ python manage.py sign_cert --subject CN=example.com --alt="otherName:1.3.6.1.4.1.311.20.2.3;UTF8:[email protected]"
 
 Note that currently only UTF8 strings are supported.
 

docs/source/cli/intro.rst

@@ -101,15 +101,15 @@ to create a certificate authority with a country, organization and common name i
 
 .. code-block:: console
 
-   $ python manage.py init_ca --subject-format=rfc4514 \
+   $ python manage.py init_ca \
    >     NameOfCA C=AT,O=MyOrg,CN=ca.example.com
 
 ... but you can also use more special fields named in :py:attr:`~django_ca.constants.NAME_OID_NAMES`, e.g. a
 more verbose common name and an email address:
 
 .. code-block:: console
 
-   $ python manage.py init_ca --subject-format=rfc4514 \
+   $ python manage.py init_ca \
    >     NameOfCA C=AT,O=MyOrg,commonName=ca.example.com,[email protected]
 
 As defined in RFC 4514, you can also use dotted strings to name arbitrary attributes. This example uses the
@@ -119,7 +119,7 @@ valid dotted string could be used as well):
 
 .. code-block:: console
 
-   $ python manage.py init_ca --subject-format=rfc4514 \
+   $ python manage.py init_ca \
    >     NameOfCA C=AT,organizationName=MyOrg,2.5.4.3=ca.example.com
 
 

docs/source/dev/acme.rst

@@ -36,9 +36,9 @@ be used to retrieve certificates. The DNS of setup so that the CA can be reached
    $ docker compose exec backend manage createsuperuser
    ...
    $ docker compose exec backend manage init_ca \
-   >     --path-length=1 --subject-format=rfc4514 Root CN=Root
+   >     --path-length=1 Root CN=Root
    $ docker compose exec backend manage init_ca --path-length=0 --path=ca/shared/ \
-   >     --parent=Root --acme-enable --subject-format=rfc4514 Intermediate CN=Intermediate
+   >     --parent=Root --acme-enable Intermediate CN=Intermediate
 
 After that, you can login to the web interface at http://localhost/admin/ to view progress.
 

docs/source/include/create-user.rst.jinja

@@ -11,8 +11,8 @@ the admin interface) and create a root and intermediate CA:
 
    {% filter wordwrap(width=90, wrapstring=" \\\n   >     ", break_on_hyphens=False) %}root@host:{{ path|default('~') }}# {{ manage }} createsuperuser{% endfilter %}
    ...
-   {% filter wordwrap(width=90, wrapstring=" \\\n   >     ", break_on_hyphens=False) %}root@host:{{ path|default('~') }}# {{ manage }} init_ca --path-length=1 --subject-format=rfc4514 Root "CN=Root"{% endfilter %}
-   {% filter wordwrap(width=90, wrapstring=" \\\n   >     ", break_on_hyphens=False) %}root@host:{{ path|default('~') }}# {{ manage }} init_ca {% if shared %}--path=ca/shared/ {% endif %} --acme-enable --parent="Root" --subject-format=rfc4514 Intermediate "CN=Intermediate"{% endfilter %}
+   {% filter wordwrap(width=90, wrapstring=" \\\n   >     ", break_on_hyphens=False) %}root@host:{{ path|default('~') }}# {{ manage }} init_ca --path-length=1 Root "CN=Root"{% endfilter %}
+   {% filter wordwrap(width=90, wrapstring=" \\\n   >     ", break_on_hyphens=False) %}root@host:{{ path|default('~') }}# {{ manage }} init_ca {% if shared %}--path=ca/shared/ {% endif %} --acme-enable --parent="Root" Intermediate "CN=Intermediate"{% endfilter %}
 {% endif %}
 
 There are a few things to break down in the above commands:

docs/source/include/quickstart_with_docker/setup-cas.yaml

@@ -5,5 +5,5 @@ commands:
       wait_for:
           - command: docker exec -it backend nc -z {{ postgres_host }} 5432
           - command: docker exec -it -e PGPASSWORD={{ postgres_password }} backend psql -U postgres -h {{ postgres_host }} -p 5432 postgres -c "SELECT count(*) from auth_user"
-    - command: docker exec -it backend manage init_ca --path-length=1 --subject-format=rfc4514 Root "CN=Root CA"
-    - command: docker exec -it backend manage init_ca --path=ca/shared/ --parent="Root CA" --subject-format=rfc4514 Intermediate "CN=Intermediate CA"
+    - command: docker exec -it backend manage init_ca --path-length=1 Root "CN=Root CA"
+    - command: docker exec -it backend manage init_ca --path=ca/shared/ --parent="Root CA" Intermediate "CN=Intermediate CA"

docs/source/include/quickstart_with_docker_compose/setup-cas.yaml

@@ -1,5 +1,5 @@
 commands:
     - command: docker compose exec backend manage createsuperuser
       run: docker compose exec backend manage shell -c "from django.contrib.auth import get_user_model; User = get_user_model(); User.objects.create_superuser('user', '[email protected]', 'nopass')"
-    - command: docker compose exec backend manage init_ca --path-length=1 --subject-format=rfc4514 Root CN=Root
-    - command: docker compose exec backend manage init_ca --path=ca/shared/ --parent=Root --subject-format=rfc4514 Intermediate CN=Intermediate
+    - command: docker compose exec backend manage init_ca --path-length=1 Root CN=Root
+    - command: docker compose exec backend manage init_ca --path=ca/shared/ --parent=Root Intermediate CN=Intermediate

docs/source/include/quickstart_with_docker_compose/sign_cert.yaml

@@ -1,5 +1,5 @@
 commands:
-    - command: docker compose exec {% if validation %}-T {% endif %}backend manage sign_cert --ca=Intermediate --subject-format=rfc4514 --subject="CN=example.com"
+    - command: docker compose exec {% if validation %}-T {% endif %}backend manage sign_cert --ca=Intermediate --subject="CN=example.com"
       input: "{{ csr }}"
       display_output: |
           Please paste the CSR:

docs/source/include/quickstart_with_docker_compose/sign_cert_stdin.yaml

@@ -2,5 +2,5 @@ commands:
     - command: openssl genrsa -out example.com.key 4096
       display_output: Generating RSA private key, ...
     - command: openssl req -new -key example.com.key -out example.com.csr -utf8 -batch -subj /CN=example.com
-    - command: '{% if sphinx %}cat example.com.csr | {% endif %}docker compose exec -T backend manage sign_cert --ca=Intermediate --subject-format=rfc4514 --subject="CN=example.com"'
+    - command: '{% if sphinx %}cat example.com.csr | {% endif %}docker compose exec -T backend manage sign_cert --ca=Intermediate --subject="CN=example.com"'
       input_file: example.com.csr

docs/source/ocsp.rst

@@ -70,7 +70,7 @@ properties. Luckily, **django-ca** has a profile predefined for you:
    $ openssl genrsa -out ocsp.key 4096
    $ openssl req -new -key ocsp.key -out ocsp.csr -utf8 -batch
    $ python manage.py sign_cert --csr=ocsp.csr --out=ocsp.pem \
-   >     --subject-format=rfc4514 --subject CN=ocsp.example.com --ocsp
+   >     --subject CN=ocsp.example.com --ocsp
 
 .. WARNING::
 

docs/source/profiles.rst

@@ -217,13 +217,13 @@ with explicitly given values taking precedence. For example, given the following
 
 .. code-block:: console
 
-   $ manage.py sign_cert --subject-format rfc4514 --subject "CN=example.com" ...
+   $ manage.py sign_cert --subject "CN=example.com" ...
 
 will give the certificate a subject of ``C=AT,ST=Vienna,CN=example.com``. If you sign with
 
 .. code-block:: console
 
-   $ manage.py sign_cert --subject-format rfc4514 --subject "ST=Styria,L=Graz,CN=graz.example.com" ...
+   $ manage.py sign_cert --subject "ST=Styria,L=Graz,CN=graz.example.com" ...
 
 you will get ``C=AT,ST=Styria,L=Graz,CN=graz.example.com`` as a subject.
 

docs/source/quickstart/from_source.rst

@@ -251,7 +251,7 @@ Create a private/public key pair for NGINX to use:
 
    root@host:~# openssl genrsa -out /etc/ssl/$HOSTNAME.key 4096
    root@host:~# openssl req -new -key /etc/ssl/$HOSTNAME.key -out /tmp/ca.csr -utf8 -batch
-   root@host:~# django-ca sign_cert --ca=Intermediate --csr=/tmp/ca.csr --bundle --webserver --subject-format=rfc4514 --subject CN=$HOSTNAME \
+   root@host:~# django-ca sign_cert --ca=Intermediate --csr=/tmp/ca.csr --bundle --webserver --subject CN=$HOSTNAME \
    >     > /etc/ssl/$HOSTNAME.pem
 
 Create DH parameters: