+-b COMMON_NAME By default, use CONFIG_NAME. If the cert already exists
+ on the server, with the CLIENT_NAME name, we use the
+ existing one. See comment below if we ever want to
+ check existing common names. They must be unique per
+ server, so you can use $(uuidgen) if needed. You used
+ to be able to create multiple with the same name, but
+ not connect at the same time, but now, the generator
+ keeps track, so you can't generate.
+-c CLIENT_HOST default is localhost. Else we ssh to root@CLIENT_HOST