Update docs, clarify some language.

Closes #310

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>

README.md

@@ -2,7 +2,7 @@
 
 easy-rsa is a CLI utility to build and manage a PKI CA. In laymen's terms,
 this means to create a root certificate authority, and request and sign 
-certificates, including sub-CAs and certificate revocation lists (CRL).
+certificates, including intermediate CAs and certificate revocation lists (CRL).
 
 # Downloads
 

doc/EasyRSA-Readme.md

@@ -191,7 +191,9 @@ Using Easy-RSA as a CA
 
   * client - A TLS client, suitable for a VPN user or web browser (web client)
   * server - A TLS server, suitable for a VPN or web server
-  * ca - A subordinate CA, used when chaining multiple CAs together
+  * ca - A intermediate CA, used when chaining multiple CAs together
+
+    ./easyrsa sign-req <type> nameOfRequest
 
   Additional types of certs may be defined by local sites as needed; see the
   advanced documentation for details.

easyrsa3/easyrsa

@@ -74,7 +74,8 @@ cmd_help() {
       Creates a new CA"
       			opts="
         nopass  - do not encrypt the CA key (default is encrypted)
-        subca   - create a sub-CA keypair and request (default is a root CA)" ;;
+        subca   - create an intermediate CA keypair and request (default is a root CA)
+        intca   - alias to the above" ;;
 		gen-dh) text="
   gen-dh
       Generates DH (Diffie-Hellman) parameters" ;;
@@ -228,7 +229,7 @@ Certificate & Request options: (these impact cert/req field values)
 --dn-mode=MODE  : DN mode to use (cn_only or org)
 --keysize=#     : size in bits of keypair to generate
 --req-cn=NAME   : default CN to use
---subca-len=#   : path length of signed sub-CA certs; must be >= 0 if used
+--subca-len=#   : path length of signed intermediate CA certs; must be >= 0 if used
 --subject-alt-name : Add a subjectAltName. For more info and syntax, see:
                      ./easyrsa help altname
 --use-algo=ALG  : crypto alg to use: choose rsa (default) or ec
@@ -567,6 +568,7 @@ build_ca() {
 	crypto="-aes256"
 	while [ -n "$1" ]; do
 		case "$1" in
+			intca) sub_ca=1 ;;
 			subca) sub_ca=1 ;;
 			nopass) nopass=1 ;;
 			*) warn "Ignoring unknown command option: '$1'" ;;
@@ -577,7 +579,7 @@ build_ca() {
 	verify_pki_init
 	[ "$EASYRSA_ALGO" = "ec" ] && verify_curve
 
-	# setup for the simpler sub-CA situation and overwrite with root-CA if needed:
+	# setup for the simpler intermediate CA situation and overwrite with root-CA if needed:
 	out_file="$EASYRSA_PKI/reqs/ca.req"
 	out_key="$EASYRSA_PKI/private/ca.key"
 	if [ ! $sub_ca ]; then
@@ -591,7 +593,7 @@ build_ca() {
 Unable to create a CA as you already seem to have one set up.
 If you intended to start a new CA, run init-pki first."
 	fi
-	# If a private key exists here, a sub-ca was created but not signed.
+	# If a private key exists here, a intermediate ca was created but not signed.
 	# Notify the user and require a signed ca.crt or a init-pki:
 	[ -f "$out_key" ] && \
 		die "\
@@ -670,7 +672,7 @@ current CA keypair. If you intended to start a new CA, run init-pki first."
 	# Success messages
 	if [ $sub_ca ]; then
 		notice "\
-NOTE: Your sub-CA request is at $out_file
+NOTE: Your intermediate CA request is at $out_file
 and now must be sent to your parent CA for signing. Place your resulting cert
 at $EASYRSA_PKI/ca.crt prior to signing operations.
 "