Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save issacg/606e0b37dda524230b45 to your computer and use it in GitHub Desktop.
Save issacg/606e0b37dda524230b45 to your computer and use it in GitHub Desktop.
C:\Users\issacg\vlt-test2>vault mount -path ca pki
Successfully mounted 'pki' at 'ca'!
C:\Users\issacg\vlt-test2>vault mount -path int pki
Successfully mounted 'pki' at 'int'!
C:\Users\issacg\vlt-test2>vault write ca/root/generate/internal common_name=ca ttl=24h
Key Value
lease_id ca/root/generate/internal/207e3f59-c007-92a5-1c19-a4bdc207142b
lease_duration 86399
lease_renewable false
certificate -----BEGIN CERTIFICATE-----
MIIDQTCCAimgAwIBAgIUXrXtjMd49ewhnZVqVwpSYBDyfWkwDQYJKoZIhvcNAQEL
BQAwDTELMAkGA1UEAxMCY2EwHhcNMTUxMjI5MTY0NzM0WhcNMTUxMjMwMTY0NzM0
WjANMQswCQYDVQQDEwJjYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AOdofVjFRL+sPFKjTu1ZxvUEBAwT8NtO37nQBUPjrdjlkfIi4FdUTtynaY7jGZ3D
EV3nL5UzqwKvv3lRJMAXkxie8cHDvREEgsxGaBiOhS06530i1iEAsYObMqANnj9J
AE7Mcx17QGS7tb48vtg4b2pgM7avEdCZlz2O5hGIb4eHTnYo7TqjK3iQd4euZ6uT
rat3AI7jkHXdzcjvjuMHoJeLzzP7x9PLs9ri2TfBu2LCR58k79Uv61qp1YaqTVdQ
yvRBzyLvZHH0238JUbZ1vfuxMUNFrJbk/tjvlpqNpjGx9B4ft5zu2DTzOSQqfpkj
t87OMh2ES9eKh/shX5c0ZvECAwEAAaOBmDCBlTAOBgNVHQ8BAf8EBAMCAa4wIwYD
VR0lBBwwGgYEVR0lAAYIKwYBBQUHAwEGCCsGAQUFBwMCMA8GA1UdEwEB/wQFMAMB
Af8wHQYDVR0OBBYEFJk4OqGCebQZ/6o+XxQ3jGT8u6Q9MB8GA1UdIwQYMBaAFJk4
OqGCebQZ/6o+XxQ3jGT8u6Q9MA0GA1UdEQQGMASCAmNhMA0GCSqGSIb3DQEBCwUA
A4IBAQAh8Pxlc4a9jrkJdnKVTspRJ06Mo9ptXtQjE/AExCDG1FoO1/UbyQj6G8Tq
E29RKcoGWIZ91GNZTzOJDfyObzTBENy2Om7eWxZd0MJ8M8PDnK6FbESE5xJBBQJl
+HIZaBpV9dkQYZ8H02SG+HJY/GFGmMUSg66Sw/Pd5EQpiotjXcUvZCWF0QXoe7SF
wDAMwIa3L5ekYbCjk86MabAbDG1qijxEiKt7DH+XA98Sg9hoqXgb/Wff5g7MsSla
5QvHuC5pv++iBso6QS2Y03mbDa5h2B7UII68WTFsk7K1mkmwdZmRdFa1fKjYxuvc
kNR76VWGiLCe42vf03AwOS6jadt5
-----END CERTIFICATE-----
expiration 1.451494054e+09
issuing_ca -----BEGIN CERTIFICATE-----
MIIDQTCCAimgAwIBAgIUXrXtjMd49ewhnZVqVwpSYBDyfWkwDQYJKoZIhvcNAQEL
BQAwDTELMAkGA1UEAxMCY2EwHhcNMTUxMjI5MTY0NzM0WhcNMTUxMjMwMTY0NzM0
WjANMQswCQYDVQQDEwJjYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AOdofVjFRL+sPFKjTu1ZxvUEBAwT8NtO37nQBUPjrdjlkfIi4FdUTtynaY7jGZ3D
EV3nL5UzqwKvv3lRJMAXkxie8cHDvREEgsxGaBiOhS06530i1iEAsYObMqANnj9J
AE7Mcx17QGS7tb48vtg4b2pgM7avEdCZlz2O5hGIb4eHTnYo7TqjK3iQd4euZ6uT
rat3AI7jkHXdzcjvjuMHoJeLzzP7x9PLs9ri2TfBu2LCR58k79Uv61qp1YaqTVdQ
yvRBzyLvZHH0238JUbZ1vfuxMUNFrJbk/tjvlpqNpjGx9B4ft5zu2DTzOSQqfpkj
t87OMh2ES9eKh/shX5c0ZvECAwEAAaOBmDCBlTAOBgNVHQ8BAf8EBAMCAa4wIwYD
VR0lBBwwGgYEVR0lAAYIKwYBBQUHAwEGCCsGAQUFBwMCMA8GA1UdEwEB/wQFMAMB
Af8wHQYDVR0OBBYEFJk4OqGCebQZ/6o+XxQ3jGT8u6Q9MB8GA1UdIwQYMBaAFJk4
OqGCebQZ/6o+XxQ3jGT8u6Q9MA0GA1UdEQQGMASCAmNhMA0GCSqGSIb3DQEBCwUA
A4IBAQAh8Pxlc4a9jrkJdnKVTspRJ06Mo9ptXtQjE/AExCDG1FoO1/UbyQj6G8Tq
E29RKcoGWIZ91GNZTzOJDfyObzTBENy2Om7eWxZd0MJ8M8PDnK6FbESE5xJBBQJl
+HIZaBpV9dkQYZ8H02SG+HJY/GFGmMUSg66Sw/Pd5EQpiotjXcUvZCWF0QXoe7SF
wDAMwIa3L5ekYbCjk86MabAbDG1qijxEiKt7DH+XA98Sg9hoqXgb/Wff5g7MsSla
5QvHuC5pv++iBso6QS2Y03mbDa5h2B7UII68WTFsk7K1mkmwdZmRdFa1fKjYxuvc
kNR76VWGiLCe42vf03AwOS6jadt5
-----END CERTIFICATE-----
serial_number 5e:b5:ed:8c:c7:78:f5:ec:21:9d:95:6a:57:0a:52:60:10:f2:7d:69
C:\Users\issacg\vlt-test2>notepad ca.crt
C:\Users\issacg\vlt-test2>vault write int/intermediate/generate/internal common_name=int
Key Value
csr -----BEGIN CERTIFICATE REQUEST-----
MIICdDCCAVwCAQAwDjEMMAoGA1UEAxMDaW50MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAlODupQvL/t1vHE5ZcdAdWE77L/zImS6jKTHYjyiphcF7bo+l
qnK7WNLecMUQ1UgDOWw4cGBqac1qU7sqEE+o5oCDzgdjTjJDhz09Yq44Th2EnTC7
Asx53NdsRd9x5nOuUijwAiDJ4nnD7Vpw7Yjb+MkkOyKLwbWXdMJlv2PpO239sgvp
BiCyXLKYL1yd6aw3KUxMWjbP+BRRsY6CUExjOKQnAVlinDeOpbxX9jWxw6aHWgu2
PSmnfotLPI43kl9XfZQKErME3VDn6eJC/EDKWuCTghpEiPPsCKX8k8eaufp8BbG6
EuyCIL/6r7wcInoAYVS2l6bmd9KdZBbXOgKKIwIDAQABoCEwHwYJKoZIhvcNAQkO
MRIwEDAOBgNVHREEBzAFggNpbnQwDQYJKoZIhvcNAQELBQADggEBAHGl84tRvE2e
ef8qRXID4Pl4cYW55LI9AUYPaPM9+kiqxhUBKsscOtfzbJ850xqeYN4wIwvi7J6Q
dho/OBaSLj3tTPcRGgFyPQpmPhyN36yRAFlkgCtHAtxWatjdjZbylqvf9sOMynR1
cWUfZx6EajxXq8zAJYbXQhwY8wpjM0C2fp0IoOb17tixEv2n+jbpkgWOWFplpt1l
Dguxer55ASUOFy5JXvKaBBFSvkxh1rffWiXQt9+WMuiktjXor68UEyF8vU/rg3al
RebWwnPxhA7ip5zr0nuKl4pXAyrwA1pGS0SPOG+Xu678YUeJuKOQQl7DWMxYo8KP
herIytGYBdE=
-----END CERTIFICATE REQUEST-----
C:\Users\issacg\vlt-test2>notepad int.csr
C:\Users\issacg\vlt-test2>vault write ca/root/sign-intermediate csr=@int.csr use_csr_values=true ttl=23h
Key Value
lease_id ca/root/sign-intermediate/69e4011b-8658-799c-5df6-e5ea980b374c
lease_duration 82799
lease_renewable false
certificate -----BEGIN CERTIFICATE-----
MIIDQzCCAiugAwIBAgIUMnHhTmpmS9iwYdgjEiZh/f15++UwDQYJKoZIhvcNAQEL
BQAwDTELMAkGA1UEAxMCY2EwHhcNMTUxMjI5MTY0ODI3WhcNMTUxMjMwMTU0ODI3
WjAOMQwwCgYDVQQDEwNpbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCU4O6lC8v+3W8cTllx0B1YTvsv/MiZLqMpMdiPKKmFwXtuj6WqcrtY0t5wxRDV
SAM5bDhwYGppzWpTuyoQT6jmgIPOB2NOMkOHPT1irjhOHYSdMLsCzHnc12xF33Hm
c65SKPACIMniecPtWnDtiNv4ySQ7IovBtZd0wmW/Y+k7bf2yC+kGILJcspgvXJ3p
rDcpTExaNs/4FFGxjoJQTGM4pCcBWWKcN46lvFf2NbHDpodaC7Y9Kad+i0s8jjeS
X1d9lAoSswTdUOfp4kL8QMpa4JOCGkSI8+wIpfyTx5q5+nwFsboS7IIgv/qvvBwi
egBhVLaXpuZ30p1kFtc6AoojAgMBAAGjgZkwgZYwDgYDVR0PAQH/BAQDAgGuMCMG
A1UdJQQcMBoGBFUdJQAGCCsGAQUFBwMBBggrBgEFBQcDAjAPBgNVHRMBAf8EBTAD
AQH/MB0GA1UdDgQWBBRrM3PkJrAu595rLvEJKbmd/MI6jDAfBgNVHSMEGDAWgBSZ
ODqhgnm0Gf+qPl8UN4xk/LukPTAOBgNVHREEBzAFggNpbnQwDQYJKoZIhvcNAQEL
BQADggEBAEaWtjmTjSZpETh0mKr+kAQRE+Cbmmga2hY66xWGoOBqRJgPQHV6uMsn
wMaiKtt+XL7RvLje2uDkbmH8NTb6D4eW7j5+pHzbudeUfc0+Mz77fk2HrSgOwQT+
p3rKquJBbe66zY/KpaELgw0EyHM5LvY0hmzef7BAlW3/vKlo8KK9olIefvP1CXnh
GzPvrYf9yY9c3i6uiEsI8udcAlpxE3AN6Dvnrluxcr9tVsrd8iaZhC1mDJxs4XNX
1FYG9wlaFxUn140gusNpAR8zj6q+x1UpODh4O7Z1cOro5GMuyrzZxqMUHygIY7QK
r+F7QPTExU7pV9OOe4BtdAYEkvbYogg=
-----END CERTIFICATE-----
expiration 1.451490507e+09
issuing_ca -----BEGIN CERTIFICATE-----
MIIDQTCCAimgAwIBAgIUXrXtjMd49ewhnZVqVwpSYBDyfWkwDQYJKoZIhvcNAQEL
BQAwDTELMAkGA1UEAxMCY2EwHhcNMTUxMjI5MTY0NzM0WhcNMTUxMjMwMTY0NzM0
WjANMQswCQYDVQQDEwJjYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AOdofVjFRL+sPFKjTu1ZxvUEBAwT8NtO37nQBUPjrdjlkfIi4FdUTtynaY7jGZ3D
EV3nL5UzqwKvv3lRJMAXkxie8cHDvREEgsxGaBiOhS06530i1iEAsYObMqANnj9J
AE7Mcx17QGS7tb48vtg4b2pgM7avEdCZlz2O5hGIb4eHTnYo7TqjK3iQd4euZ6uT
rat3AI7jkHXdzcjvjuMHoJeLzzP7x9PLs9ri2TfBu2LCR58k79Uv61qp1YaqTVdQ
yvRBzyLvZHH0238JUbZ1vfuxMUNFrJbk/tjvlpqNpjGx9B4ft5zu2DTzOSQqfpkj
t87OMh2ES9eKh/shX5c0ZvECAwEAAaOBmDCBlTAOBgNVHQ8BAf8EBAMCAa4wIwYD
VR0lBBwwGgYEVR0lAAYIKwYBBQUHAwEGCCsGAQUFBwMCMA8GA1UdEwEB/wQFMAMB
Af8wHQYDVR0OBBYEFJk4OqGCebQZ/6o+XxQ3jGT8u6Q9MB8GA1UdIwQYMBaAFJk4
OqGCebQZ/6o+XxQ3jGT8u6Q9MA0GA1UdEQQGMASCAmNhMA0GCSqGSIb3DQEBCwUA
A4IBAQAh8Pxlc4a9jrkJdnKVTspRJ06Mo9ptXtQjE/AExCDG1FoO1/UbyQj6G8Tq
E29RKcoGWIZ91GNZTzOJDfyObzTBENy2Om7eWxZd0MJ8M8PDnK6FbESE5xJBBQJl
+HIZaBpV9dkQYZ8H02SG+HJY/GFGmMUSg66Sw/Pd5EQpiotjXcUvZCWF0QXoe7SF
wDAMwIa3L5ekYbCjk86MabAbDG1qijxEiKt7DH+XA98Sg9hoqXgb/Wff5g7MsSla
5QvHuC5pv++iBso6QS2Y03mbDa5h2B7UII68WTFsk7K1mkmwdZmRdFa1fKjYxuvc
kNR76VWGiLCe42vf03AwOS6jadt5
-----END CERTIFICATE-----
serial_number 32:71:e1:4e:6a:66:4b:d8:b0:61:d8:23:12:26:61:fd:fd:79:fb:e5
C:\Users\issacg\vlt-test2>notepad int.ca
C:\Users\issacg\vlt-test2>vault write int/intermediate/set-signed certificate=@int.ca
Success! Data written to: int/intermediate/set-signed
C:\Users\issacg\vlt-test2>vault write int/roles/example.com allowed_domains="example.com" allow_subdomains=true
Success! Data written to: int/roles/example.com
C:\Users\issacg\vlt-test2>vault write int/issue/example.com common_name=test.example.com ttl=22h
Key Value
lease_id int/issue/example.com/b45a908c-a271-3ae5-8267-6b4595611e09
lease_duration 79199
lease_renewable false
certificate -----BEGIN CERTIFICATE-----
MIIDRzCCAi+gAwIBAgIUXmX+UMtMhSmr22VBNlHibBEbBT4wDQYJKoZIhvcNAQEL
BQAwDjEMMAoGA1UEAxMDaW50MB4XDTE1MTIyOTE2NDkwOFoXDTE1MTIzMDE0NDkw
OFowGzEZMBcGA1UEAxMQdGVzdC5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAJeNG01Qi2RqEh6AeJc8YUhWAoMO2vFJkxzC6eWz6PA+
FNFruF7c8K/nlhtKX+jF72M6y+oQQ5Tj+s29cctTETWhGJfEmkCdvAbBzlQ/iYbk
IJAAXqe6QkRuJXgMJqFdqYknHupduIh1napRo2SxmDLAuRKSKmnilBPsn2HqRtYF
xgtxkh4rWpR5KQZvsQUXJRm1ZGvI2/sY0hYZqY68kTv1sWLOpMs8EOiWXTE2tyFl
he07kPYWSgLmSmI/FRVcE9gxuQqac1uqUooFDy1JfvpM6WtKVCcvfZM5RbgO3r2e
Fcil95hHyrP21r88qaHsmnO7fUs3YrHNPCIhZfKAFQMCAwEAAaOBjzCBjDAOBgNV
HQ8BAf8EBAMCA6gwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1Ud
DgQWBBTgHv50FhCRjOFT8UC+afC7tv3NxTAfBgNVHSMEGDAWgBRrM3PkJrAu595r
LvEJKbmd/MI6jDAbBgNVHREEFDASghB0ZXN0LmV4YW1wbGUuY29tMA0GCSqGSIb3
DQEBCwUAA4IBAQBNzrY+Pg5OlGXMQbyAFAMQaOq2MfzXe/NboG7ogM2iWTn1tYgN
ont3YP+z3b9U9PcmUcwamduMfb/Nr2bDsaBXSY27idVWNbM3nlSQnOwdRr1KO0Pp
xw0bnU72ncBkzOyaKPE7Ur1vObCZORBh87eRTN4uP1EcuobnLylFZRLmH25upRvn
fIYPn/vzM08cdiAF02+ehPVN1a+42Jm9ARqBmiMQY+jMdp2yzmFqPurDYkCvaJ8X
HrFVu8wHU6HqNyIKPUFOAegzwXgC10QIEcqDuLrnpd1KFZ4/2If9YZPX0fN/zX2k
jGJVecRoonH/AwNMw51KIdLltmxWfV/3VGnI
-----END CERTIFICATE-----
issuing_ca -----BEGIN CERTIFICATE-----
MIIDQzCCAiugAwIBAgIUMnHhTmpmS9iwYdgjEiZh/f15++UwDQYJKoZIhvcNAQEL
BQAwDTELMAkGA1UEAxMCY2EwHhcNMTUxMjI5MTY0ODI3WhcNMTUxMjMwMTU0ODI3
WjAOMQwwCgYDVQQDEwNpbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCU4O6lC8v+3W8cTllx0B1YTvsv/MiZLqMpMdiPKKmFwXtuj6WqcrtY0t5wxRDV
SAM5bDhwYGppzWpTuyoQT6jmgIPOB2NOMkOHPT1irjhOHYSdMLsCzHnc12xF33Hm
c65SKPACIMniecPtWnDtiNv4ySQ7IovBtZd0wmW/Y+k7bf2yC+kGILJcspgvXJ3p
rDcpTExaNs/4FFGxjoJQTGM4pCcBWWKcN46lvFf2NbHDpodaC7Y9Kad+i0s8jjeS
X1d9lAoSswTdUOfp4kL8QMpa4JOCGkSI8+wIpfyTx5q5+nwFsboS7IIgv/qvvBwi
egBhVLaXpuZ30p1kFtc6AoojAgMBAAGjgZkwgZYwDgYDVR0PAQH/BAQDAgGuMCMG
A1UdJQQcMBoGBFUdJQAGCCsGAQUFBwMBBggrBgEFBQcDAjAPBgNVHRMBAf8EBTAD
AQH/MB0GA1UdDgQWBBRrM3PkJrAu595rLvEJKbmd/MI6jDAfBgNVHSMEGDAWgBSZ
ODqhgnm0Gf+qPl8UN4xk/LukPTAOBgNVHREEBzAFggNpbnQwDQYJKoZIhvcNAQEL
BQADggEBAEaWtjmTjSZpETh0mKr+kAQRE+Cbmmga2hY66xWGoOBqRJgPQHV6uMsn
wMaiKtt+XL7RvLje2uDkbmH8NTb6D4eW7j5+pHzbudeUfc0+Mz77fk2HrSgOwQT+
p3rKquJBbe66zY/KpaELgw0EyHM5LvY0hmzef7BAlW3/vKlo8KK9olIefvP1CXnh
GzPvrYf9yY9c3i6uiEsI8udcAlpxE3AN6Dvnrluxcr9tVsrd8iaZhC1mDJxs4XNX
1FYG9wlaFxUn140gusNpAR8zj6q+x1UpODh4O7Z1cOro5GMuyrzZxqMUHygIY7QK
r+F7QPTExU7pV9OOe4BtdAYEkvbYogg=
-----END CERTIFICATE-----
private_key -----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAl40bTVCLZGoSHoB4lzxhSFYCgw7a8UmTHMLp5bPo8D4U0Wu4
Xtzwr+eWG0pf6MXvYzrL6hBDlOP6zb1xy1MRNaEYl8SaQJ28BsHOVD+JhuQgkABe
p7pCRG4leAwmoV2piSce6l24iHWdqlGjZLGYMsC5EpIqaeKUE+yfYepG1gXGC3GS
HitalHkpBm+xBRclGbVka8jb+xjSFhmpjryRO/WxYs6kyzwQ6JZdMTa3IWWF7TuQ
9hZKAuZKYj8VFVwT2DG5CppzW6pSigUPLUl++kzpa0pUJy99kzlFuA7evZ4VyKX3
mEfKs/bWvzypoeyac7t9Szdisc08IiFl8oAVAwIDAQABAoIBAFvCq1I/v3aYJspj
HSDtBTYoJbM2zmgkFTfn6HkVWqgD3tUCNQrzGaRYQ3HYsYOePRjG4+qf2FuRQi1K
VFk4vYXMObjC6GbRWqR4ujYWlm2fOPwXzTgfNbp7OqKaMNWpgVoy3qwm/PFazZDv
h1ATm8S3HhfZembMMr5xmftOP3+b5sD3+Yyh3CEIKpNxfHm7zMEapOLdo/GDTIqU
fCaMwBpr+Hyj0Tkpo3gLoZnAhmF33hNwPPyRXdnhIyEcs6kiTr5KStSCQa+ZftAr
riec+ktw5Ay+opqpmXAABOR8/UhpZPha9WP9HNyA7nFjoLdtSHXVNw6rPdf5VvmE
j/GlxwECgYEAyNsDHC0WGcozQlz9tLAbgXNTnXp19+95vxVD8Rz0PhkJw7cQ5uhx
P0s6b5VpD3WDNVd71eMAG2N7rinrzOVCVVt1+DEsPLJ3gnM/3hGe4DMqFRc8rmte
+Vi9Ieilthb0TDTPjTPdY+WukA/M2kkyMmRhV4nD0SNGihSf5s7Sg4ECgYEAwSjG
fm2MV4nkYih3q4AVVQ1ynzYbEvc/AwRw58j0hPkGgKTUaBTtaEv617JvKOM3boSI
0dl0HM8FkvKbB6/2SadxGKryf87zgjCZRKxlwGgV7GAPvesQSdhtJ2Mx5atjRUXT
u8IepKbg0i0ueA7g3uoO8zjinTToanzcYbaDyoMCgYAv1PA1qosD00JHwItuly3F
sygrbXlgdPgiSDco2UNU8nN/1z3AL4SglRKydftSAiMf9dh4xBlHbHaMsFEGN2aH
m0NJurQVNE7/kuCXysxyCd0wrpr10n4IlVhdFeE4rti4uS7gKoTDgHQEvK6FIT9B
/uOrjBRE3siyo1y9A23ggQKBgQCvWr0YeYs2zVAwbFx3rUewdwzfzNa3WQ4zRwzY
325caVal4v2Rn64HSTLoLm0LyXrBMkCjga4PmUGOLgDf8ba9Fu1tX4PW06HtRwFd
fsTA7703Yd3opEWdRIWThFIAFp+Ae+vEQG5hO75OEAZnp9othH8d/z57SVTVl5Ta
gD8U0QKBgD3StdGxQukQd46iwphv3zrgwTl/WY1b1QGEmQmWy18UrTkZdOclc+hU
Rf07PIUFvD+dFF/G4NgZckcgiybCvf8Km83t/rWjM8C4xZEPHpFAwI/269A92m7c
tzitygqjnBr9zTdvNf7029RIgO/mPkEzC0jXoj8djrSywQkQPKKs
-----END RSA PRIVATE KEY-----
private_key_type rsa
serial_number 5e:65:fe:50:cb:4c:85:29:ab:db:65:41:36:51:e2:6c:11:1b:05:3e
C:\Users\issacg\vlt-test2>notepad cert.key
C:\Users\issacg\vlt-test2>notepad cert.crt
C:\Users\issacg\vlt-test2>notepad int.ca
C:\Users\issacg\vlt-test2>notepad ca.crt
C:\Users\issacg\vlt-test2>\openssl\bin\openssl.exe s_client -connect test.example.com:8201 -CAfile ca.crt
Loading 'screen' into random state - done
CONNECTED(000001CC)
depth=2 CN = ca
verify return:1
depth=1 CN = int
verify return:1
depth=0 CN = test.example.com
verify return:1
---
Certificate chain
0 s:/CN=test.example.com
i:/CN=int
1 s:/CN=int
i:/CN=ca
2 s:/CN=ca
i:/CN=ca
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDRzCCAi+gAwIBAgIUXmX+UMtMhSmr22VBNlHibBEbBT4wDQYJKoZIhvcNAQEL
BQAwDjEMMAoGA1UEAxMDaW50MB4XDTE1MTIyOTE2NDkwOFoXDTE1MTIzMDE0NDkw
OFowGzEZMBcGA1UEAxMQdGVzdC5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAJeNG01Qi2RqEh6AeJc8YUhWAoMO2vFJkxzC6eWz6PA+
FNFruF7c8K/nlhtKX+jF72M6y+oQQ5Tj+s29cctTETWhGJfEmkCdvAbBzlQ/iYbk
IJAAXqe6QkRuJXgMJqFdqYknHupduIh1napRo2SxmDLAuRKSKmnilBPsn2HqRtYF
xgtxkh4rWpR5KQZvsQUXJRm1ZGvI2/sY0hYZqY68kTv1sWLOpMs8EOiWXTE2tyFl
he07kPYWSgLmSmI/FRVcE9gxuQqac1uqUooFDy1JfvpM6WtKVCcvfZM5RbgO3r2e
Fcil95hHyrP21r88qaHsmnO7fUs3YrHNPCIhZfKAFQMCAwEAAaOBjzCBjDAOBgNV
HQ8BAf8EBAMCA6gwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1Ud
DgQWBBTgHv50FhCRjOFT8UC+afC7tv3NxTAfBgNVHSMEGDAWgBRrM3PkJrAu595r
LvEJKbmd/MI6jDAbBgNVHREEFDASghB0ZXN0LmV4YW1wbGUuY29tMA0GCSqGSIb3
DQEBCwUAA4IBAQBNzrY+Pg5OlGXMQbyAFAMQaOq2MfzXe/NboG7ogM2iWTn1tYgN
ont3YP+z3b9U9PcmUcwamduMfb/Nr2bDsaBXSY27idVWNbM3nlSQnOwdRr1KO0Pp
xw0bnU72ncBkzOyaKPE7Ur1vObCZORBh87eRTN4uP1EcuobnLylFZRLmH25upRvn
fIYPn/vzM08cdiAF02+ehPVN1a+42Jm9ARqBmiMQY+jMdp2yzmFqPurDYkCvaJ8X
HrFVu8wHU6HqNyIKPUFOAegzwXgC10QIEcqDuLrnpd1KFZ4/2If9YZPX0fN/zX2k
jGJVecRoonH/AwNMw51KIdLltmxWfV/3VGnI
-----END CERTIFICATE-----
subject=/CN=test.example.com
issuer=/CN=int
---
No client certificate CA names sent
---
SSL handshake has read 3159 bytes and written 443 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 4190911973A94A3FA800345279A740282C4CAF11A6069DA7045715C730D01107
Session-ID-ctx:
Master-Key: CA2AFE3ECB09CB641A3AE7E906D3DE66009A5352234E798B009E767C13C9C3BF1714BBB3DBD9F86E7DB7A275B658270A
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket:
0000 - e5 3d a3 f4 3c 59 8f bb-4d 5a 73 f4 a8 27 c9 d5 .=..<Y..MZs..'..
0010 - d3 69 d7 4d fb 83 29 60-d8 7b 38 c6 44 f4 6c e1 .i.M..)`.{8.D.l.
0020 - 71 77 d2 95 8c 46 24 a4-53 d2 ae f9 dc 1e aa 6e qw...F$.S......n
0030 - ca cb 14 50 00 3c 2d 29-c9 c6 5f d8 b0 b2 0d 9d ...P.<-).._.....
0040 - 7e 30 09 c0 ed 90 c7 80-da ee ae 13 31 aa 6e e3 ~0..........1.n.
0050 - 02 d5 34 0d 2e 7b bb a8-8c 75 4c 72 e5 44 da 18 ..4..{...uLr.D..
0060 - 90 d3 cb 48 b7 e8 c9 61-12 d0 ae 03 e4 4c 58 05 ...H...a.....LX.
0070 - b5 d4 c7 36 51 c9 6f 85- ...6Q.o.
Start Time: 1451407846
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
read:errno=10093
C:\Users\issacg\vlt-test2>\openssl\bin\openssl.exe x509 -noout -purpose -in int.ca
Certificate purposes:
SSL client : Yes
SSL client CA : Yes
SSL server : Yes
SSL server CA : Yes
Netscape SSL server : Yes
Netscape SSL server CA : Yes
S/MIME signing : No
S/MIME signing CA : No
S/MIME encryption : No
S/MIME encryption CA : No
CRL signing : Yes
CRL signing CA : Yes
Any Purpose : Yes
Any Purpose CA : Yes
OCSP helper : Yes
OCSP helper CA : Yes
Time Stamp signing : No
Time Stamp signing CA : Yes
C:\Users\issacg>set VAULT_ADDR=http://127.0.0.1:8200
C:\Users\issacg>mkdir vlt-test
C:\Users\issacg>cd vlt-test
C:\Users\issacg\vlt-test>vault mounts
Path Type Default TTL Max TTL Description
cubbyhole/ cubbyhole n/a n/a per-token private secret storage
secret/ generic system system generic secret storage
sys/ system n/a n/a system endpoints used for control, policy and debugging
C:\Users\issacg\vlt-test>vault mount -path ca pki
Successfully mounted 'pki' at 'ca'!
C:\Users\issacg\vlt-test>vault mount -path int pki
Successfully mounted 'pki' at 'int'!
C:\Users\issacg\vlt-test>vault write ca/root/generate/internal common_name=ca ttl=24h
Key Value
lease_id ca/root/generate/internal/c21bfd8f-050d-c556-44e7-3db0a6cc7cfa
lease_duration 86399
lease_renewable false
certificate -----BEGIN CERTIFICATE-----
MIIDLTCCAhWgAwIBAgIULjMf8jYl1sug34Hn/GUJOjCIC+cwDQYJKoZIhvcNAQEL
BQAwDTELMAkGA1UEAxMCY2EwHhcNMTUxMjI5MTYxODAxWhcNMTUxMjMwMTYxODAx
WjANMQswCQYDVQQDEwJjYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AKUVfj4jsNWpdXF+pJE22q7ylPd74E9Ip0e2HIfuFqRd4U9cqi/kIqh1Ng1ZzD26
1Nr7F3FAaYWIvYVlU9s4oByCf6XdqGlMegU17iiLsAy0FxZVePkDkzL3u/qQpK9+
qPlYTx9QhVm/Gq4O5JM1qFqRfolpR4TD3xfzc1EoILu/0zWZtwQPHohyscmK5Soa
y3Ca7xu7vfU07El41Q8hwx2ui1kHm8lamDytz2jR/jMJSi3zZ1yfv66a4w+xdSsa
Dxx3LPxxUMELZOvTbznTC2De+dZb82YZQejzgHGIS+eB1/+36otQrw0W9zbXu+SN
NHLrwjW4/8aU/+NM8u/GDzsCAwEAAaOBhDCBgTAOBgNVHQ8BAf8EBAMCAa4wDwYD
VR0lBAgwBgYEVR0lADAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQjoF4wJUpG
ySCi9ayx6XIcs16I+TAfBgNVHSMEGDAWgBQjoF4wJUpGySCi9ayx6XIcs16I+TAN
BgNVHREEBjAEggJjYTANBgkqhkiG9w0BAQsFAAOCAQEAGIjXwqEPlh1lNblV/QhR
Nw9+eEzd9eE6IsuAiu8hCjtl0bOi9VNBkRsFBNASXoM/r5NH8eA/ilrJA9ZxShlc
+auXcRMiYCNTMTsuxxVPczBf8MO98fVvGAe/vm41wJlsrnkycoKEnGQ5SAFSUdCL
Evg9F/Lq9ug8Ch9DCA6aW5ZT7mY5zxi8pENnCKICGjFtqpU2FamN7/nytxd0P7lI
x2wJbqvgxrKbl9ulzW0qDKxcXKid1sUQbGsB3B85LvuMNoJ+PCCOd9UUam7ZsIR3
83ULJX9wmA+IBSsctLakIJ9kRCIn2Fo1aGZ41bA5zSoaCWtNujz5bhRkQqlX6yqQ
FA==
-----END CERTIFICATE-----
expiration 1.451492281e+09
issuing_ca -----BEGIN CERTIFICATE-----
MIIDLTCCAhWgAwIBAgIULjMf8jYl1sug34Hn/GUJOjCIC+cwDQYJKoZIhvcNAQEL
BQAwDTELMAkGA1UEAxMCY2EwHhcNMTUxMjI5MTYxODAxWhcNMTUxMjMwMTYxODAx
WjANMQswCQYDVQQDEwJjYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AKUVfj4jsNWpdXF+pJE22q7ylPd74E9Ip0e2HIfuFqRd4U9cqi/kIqh1Ng1ZzD26
1Nr7F3FAaYWIvYVlU9s4oByCf6XdqGlMegU17iiLsAy0FxZVePkDkzL3u/qQpK9+
qPlYTx9QhVm/Gq4O5JM1qFqRfolpR4TD3xfzc1EoILu/0zWZtwQPHohyscmK5Soa
y3Ca7xu7vfU07El41Q8hwx2ui1kHm8lamDytz2jR/jMJSi3zZ1yfv66a4w+xdSsa
Dxx3LPxxUMELZOvTbznTC2De+dZb82YZQejzgHGIS+eB1/+36otQrw0W9zbXu+SN
NHLrwjW4/8aU/+NM8u/GDzsCAwEAAaOBhDCBgTAOBgNVHQ8BAf8EBAMCAa4wDwYD
VR0lBAgwBgYEVR0lADAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQjoF4wJUpG
ySCi9ayx6XIcs16I+TAfBgNVHSMEGDAWgBQjoF4wJUpGySCi9ayx6XIcs16I+TAN
BgNVHREEBjAEggJjYTANBgkqhkiG9w0BAQsFAAOCAQEAGIjXwqEPlh1lNblV/QhR
Nw9+eEzd9eE6IsuAiu8hCjtl0bOi9VNBkRsFBNASXoM/r5NH8eA/ilrJA9ZxShlc
+auXcRMiYCNTMTsuxxVPczBf8MO98fVvGAe/vm41wJlsrnkycoKEnGQ5SAFSUdCL
Evg9F/Lq9ug8Ch9DCA6aW5ZT7mY5zxi8pENnCKICGjFtqpU2FamN7/nytxd0P7lI
x2wJbqvgxrKbl9ulzW0qDKxcXKid1sUQbGsB3B85LvuMNoJ+PCCOd9UUam7ZsIR3
83ULJX9wmA+IBSsctLakIJ9kRCIn2Fo1aGZ41bA5zSoaCWtNujz5bhRkQqlX6yqQ
FA==
-----END CERTIFICATE-----
serial_number 2e:33:1f:f2:36:25:d6:cb:a0:df:81:e7:fc:65:09:3a:30:88:0b:e7
C:\Users\issacg\vlt-test>notepad ca.crt
C:\Users\issacg\vlt-test>vault write int/intermediate/generate/internal common_name=int
Key Value
csr -----BEGIN CERTIFICATE REQUEST-----
MIICdDCCAVwCAQAwDjEMMAoGA1UEAxMDaW50MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAvB978Hti5YfiPVFnH7cmu/JuqeG2WAorlyfy1Xv3K9ScIIQ8
PL8wYahv+5OUmb58uZpG3uOw314QixFWXDXFrP+X+alFNFTxh10W3HZp7Pl8PaIA
LjKoytJDEWxwrn3h8IRm8bKrJw1JE2v/BsSq5qNseOOqXyYC7Ldi0ERs0qVNGsJn
lP//a9j3V4PoGtGpy9l0sHbGfX0qfBpYOHKdrsFrlpFhaacUnTZPiQtmUV2UuP3/
sWXi4xzJLtq5NnGC4Gcb5WefaEDm0nxUhavwLE2tSjmIoCtKiIYxmZWsJqafSoA2
ovjF+9gh0bA41AAnE4/9d6uc1te9ZeSDBSjPjQIDAQABoCEwHwYJKoZIhvcNAQkO
MRIwEDAOBgNVHREEBzAFggNpbnQwDQYJKoZIhvcNAQELBQADggEBAAMN+MHohRH7
iNmoSyMTZ+hew8HMQeNpTA7P0yd0vZo5Hx+0h21FsI9s0z9edM1EZB4odpk8qIzI
qlvGRfj+N0jXXamOL1OtrvCuT+Niqs/NIDPXTMc/hyVdz3FGHAsd2BlUDLErXLXU
6ICO/0DsbEXIzu+LFeg8DbT1ogQJQII9u3nAuwUSw1cA5SqQlI31srW6IIF8o6ou
b9CCyX9CMhyIWQLlzBmZsd2vo/SXrbJwiTT0f+sQx3pWodIDAO64ElLbZwq42Err
ijE94TvXk5apsj8G3IhHb5FVrv0+RJT1uTYKMcWtMOQ8JNc4CShWh30h1SstOGn8
ABiJPVl8ihM=
-----END CERTIFICATE REQUEST-----
C:\Users\issacg\vlt-test>notepad int.csr
C:\Users\issacg\vlt-test>vault write ca/root/sign-intermediate csr=@int.csr use_csr_values=true ttl=23h
Key Value
lease_id ca/root/sign-intermediate/3ba73013-ba72-79cb-5528-07d060ffa32f
lease_duration 82799
lease_renewable false
certificate -----BEGIN CERTIFICATE-----
MIIDLzCCAhegAwIBAgIUKBEZrTuuGdpyB7r/PEWrXCjR1fgwDQYJKoZIhvcNAQEL
BQAwDTELMAkGA1UEAxMCY2EwHhcNMTUxMjI5MTYxOTU1WhcNMTUxMjMwMTUxOTU1
WjAOMQwwCgYDVQQDEwNpbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC8H3vwe2Llh+I9UWcftya78m6p4bZYCiuXJ/LVe/cr1JwghDw8vzBhqG/7k5SZ
vny5mkbe47DfXhCLEVZcNcWs/5f5qUU0VPGHXRbcdmns+Xw9ogAuMqjK0kMRbHCu
feHwhGbxsqsnDUkTa/8GxKrmo2x446pfJgLst2LQRGzSpU0awmeU//9r2PdXg+ga
0anL2XSwdsZ9fSp8Glg4cp2uwWuWkWFppxSdNk+JC2ZRXZS4/f+xZeLjHMku2rk2
cYLgZxvlZ59oQObSfFSFq/AsTa1KOYigK0qIhjGZlawmpp9KgDai+MX72CHRsDjU
ACcTj/13q5zW171l5IMFKM+NAgMBAAGjgYUwgYIwDgYDVR0PAQH/BAQDAgGuMA8G
A1UdJQQIMAYGBFUdJQAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU7xVq0C9C
NasJZk97lMGEvBd4r34wHwYDVR0jBBgwFoAUI6BeMCVKRskgovWsselyHLNeiPkw
DgYDVR0RBAcwBYIDaW50MA0GCSqGSIb3DQEBCwUAA4IBAQBcovwKBEOAyGjocXia
gre4e0xjUpWL4mbkV2Wt8Xri9X4xCHFqb5kKaU26ilVXcX+w288BgV5ua8S8v+rO
PDcpl4WfF5jfxHaIIhiqSBU5Soaue+qyuYhB6oInVkBeTTtzt7W0mppiATbs9JW4
2Qjk7+ByBV8hZRYNKobBjHO7jbjq85KuENw4NjlXpZqW9TiQ4sqzT59Qw71HTkoY
XRw1dGLZd7F4W9JSeztASwBH1TraFTzaKsfEwPdaeJCTuBZdp8tPkIodnM79wZT3
YyEhe/TKdEvi19zIOJuVK2grUw6Gj1G0us2z9tsLdQjqUC+uBo8tb+p0tLfm0wB/
AOJC
-----END CERTIFICATE-----
expiration 1.451488795e+09
issuing_ca -----BEGIN CERTIFICATE-----
MIIDLTCCAhWgAwIBAgIULjMf8jYl1sug34Hn/GUJOjCIC+cwDQYJKoZIhvcNAQEL
BQAwDTELMAkGA1UEAxMCY2EwHhcNMTUxMjI5MTYxODAxWhcNMTUxMjMwMTYxODAx
WjANMQswCQYDVQQDEwJjYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AKUVfj4jsNWpdXF+pJE22q7ylPd74E9Ip0e2HIfuFqRd4U9cqi/kIqh1Ng1ZzD26
1Nr7F3FAaYWIvYVlU9s4oByCf6XdqGlMegU17iiLsAy0FxZVePkDkzL3u/qQpK9+
qPlYTx9QhVm/Gq4O5JM1qFqRfolpR4TD3xfzc1EoILu/0zWZtwQPHohyscmK5Soa
y3Ca7xu7vfU07El41Q8hwx2ui1kHm8lamDytz2jR/jMJSi3zZ1yfv66a4w+xdSsa
Dxx3LPxxUMELZOvTbznTC2De+dZb82YZQejzgHGIS+eB1/+36otQrw0W9zbXu+SN
NHLrwjW4/8aU/+NM8u/GDzsCAwEAAaOBhDCBgTAOBgNVHQ8BAf8EBAMCAa4wDwYD
VR0lBAgwBgYEVR0lADAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQjoF4wJUpG
ySCi9ayx6XIcs16I+TAfBgNVHSMEGDAWgBQjoF4wJUpGySCi9ayx6XIcs16I+TAN
BgNVHREEBjAEggJjYTANBgkqhkiG9w0BAQsFAAOCAQEAGIjXwqEPlh1lNblV/QhR
Nw9+eEzd9eE6IsuAiu8hCjtl0bOi9VNBkRsFBNASXoM/r5NH8eA/ilrJA9ZxShlc
+auXcRMiYCNTMTsuxxVPczBf8MO98fVvGAe/vm41wJlsrnkycoKEnGQ5SAFSUdCL
Evg9F/Lq9ug8Ch9DCA6aW5ZT7mY5zxi8pENnCKICGjFtqpU2FamN7/nytxd0P7lI
x2wJbqvgxrKbl9ulzW0qDKxcXKid1sUQbGsB3B85LvuMNoJ+PCCOd9UUam7ZsIR3
83ULJX9wmA+IBSsctLakIJ9kRCIn2Fo1aGZ41bA5zSoaCWtNujz5bhRkQqlX6yqQ
FA==
-----END CERTIFICATE-----
serial_number 28:11:19:ad:3b:ae:19:da:72:07:ba:ff:3c:45:ab:5c:28:d1:d5:f8
C:\Users\issacg\vlt-test>notepad int.ca
C:\Users\issacg\vlt-test>vault write int/intermediate/set-signed certificate=@int.ca
Success! Data written to: int/intermediate/set-signed
C:\Users\issacg\vlt-test>vault write int/roles/example.com allowed_domains="example.com" allow_subdomains=true
Success! Data written to: int/roles/example.com
C:\Users\issacg\vlt-test>vault write int/issue/example.com common_name=test.example.com ttl=22h
Key Value
lease_id int/issue/example.com/c8cf38f6-3fbf-ac85-9976-ad1b446403e0
lease_duration 79199
lease_renewable false
certificate -----BEGIN CERTIFICATE-----
MIIDRzCCAi+gAwIBAgIUUXTaz3lNvScDF9WTCpeZHQvj/uowDQYJKoZIhvcNAQEL
BQAwDjEMMAoGA1UEAxMDaW50MB4XDTE1MTIyOTE2MjE1MVoXDTE1MTIzMDE0MjE1
MVowGzEZMBcGA1UEAxMQdGVzdC5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBALpuUcYqi17c6UQNmtgJd4dX3xS5Ulja+SJgjMd73LpA
/zoWCIOCKK9XyyWObxM7MRpkwTfn7v0NUDGTv46PKODhOKhb85VJBZAhf1a9Daa/
mqUM7qdI1HbZATHtxd95h2bKMngmwcOekDa3Hv1NXwq2jS6SASkFdo/BEV+NQmHV
Xel0Ivlhr/2hGdTLfJ/IWbOcTiYKnQEcW7Rz0Uw11Mo+la9GVPzGmfGGKKISbKQZ
SDffOkgRxe8XegnzUTbL7PPs1FhoBBj1BGsNRCBXL8CuOJZIDVLtmc7P8usTem+A
dezx9HxlS+uu5mG/mA4ztYAjbsUjoJnSwCCCXHXE6p8CAwEAAaOBjzCBjDAOBgNV
HQ8BAf8EBAMCA6gwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1Ud
DgQWBBTbmeduCjENuwPrvAfPlY/zftQzqTAfBgNVHSMEGDAWgBTvFWrQL0I1qwlm
T3uUwYS8F3ivfjAbBgNVHREEFDASghB0ZXN0LmV4YW1wbGUuY29tMA0GCSqGSIb3
DQEBCwUAA4IBAQBPOxCKT96gHOVZrQ3Np/ShKqjAnNAMF2FVPGZNqoa722+PBtVX
l6GWkNWABBdKeOTWkC3caYXGzaGQutTiVFgYoiidP8f54/RCYp0aWbMb0odo8fhY
b+9rJhG0+POmnZxIsWhNSgdy+sEXW4pA+IKInGZr8eyPQf0xAv/+Hqq1daXHbqYK
6H3ewSc9QKY74Rsh6b423+jYyOQlFA5UZ/5TPc2y5j0Y2ckQVx30E/eaclCqzqxg
6uQcj9i0yN6CiW9nHTwYiXHiqu6J2WIJwEIPEgMESHYSSFJXTahFqA5+qA0JRvUl
K27f3hAjeDXQl91jWSD9h3LGd/2x6DYkHjBv
-----END CERTIFICATE-----
issuing_ca -----BEGIN CERTIFICATE-----
MIIDLzCCAhegAwIBAgIUKBEZrTuuGdpyB7r/PEWrXCjR1fgwDQYJKoZIhvcNAQEL
BQAwDTELMAkGA1UEAxMCY2EwHhcNMTUxMjI5MTYxOTU1WhcNMTUxMjMwMTUxOTU1
WjAOMQwwCgYDVQQDEwNpbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC8H3vwe2Llh+I9UWcftya78m6p4bZYCiuXJ/LVe/cr1JwghDw8vzBhqG/7k5SZ
vny5mkbe47DfXhCLEVZcNcWs/5f5qUU0VPGHXRbcdmns+Xw9ogAuMqjK0kMRbHCu
feHwhGbxsqsnDUkTa/8GxKrmo2x446pfJgLst2LQRGzSpU0awmeU//9r2PdXg+ga
0anL2XSwdsZ9fSp8Glg4cp2uwWuWkWFppxSdNk+JC2ZRXZS4/f+xZeLjHMku2rk2
cYLgZxvlZ59oQObSfFSFq/AsTa1KOYigK0qIhjGZlawmpp9KgDai+MX72CHRsDjU
ACcTj/13q5zW171l5IMFKM+NAgMBAAGjgYUwgYIwDgYDVR0PAQH/BAQDAgGuMA8G
A1UdJQQIMAYGBFUdJQAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU7xVq0C9C
NasJZk97lMGEvBd4r34wHwYDVR0jBBgwFoAUI6BeMCVKRskgovWsselyHLNeiPkw
DgYDVR0RBAcwBYIDaW50MA0GCSqGSIb3DQEBCwUAA4IBAQBcovwKBEOAyGjocXia
gre4e0xjUpWL4mbkV2Wt8Xri9X4xCHFqb5kKaU26ilVXcX+w288BgV5ua8S8v+rO
PDcpl4WfF5jfxHaIIhiqSBU5Soaue+qyuYhB6oInVkBeTTtzt7W0mppiATbs9JW4
2Qjk7+ByBV8hZRYNKobBjHO7jbjq85KuENw4NjlXpZqW9TiQ4sqzT59Qw71HTkoY
XRw1dGLZd7F4W9JSeztASwBH1TraFTzaKsfEwPdaeJCTuBZdp8tPkIodnM79wZT3
YyEhe/TKdEvi19zIOJuVK2grUw6Gj1G0us2z9tsLdQjqUC+uBo8tb+p0tLfm0wB/
AOJC
-----END CERTIFICATE-----
private_key -----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAum5RxiqLXtzpRA2a2Al3h1ffFLlSWNr5ImCMx3vcukD/OhYI
g4Ior1fLJY5vEzsxGmTBN+fu/Q1QMZO/jo8o4OE4qFvzlUkFkCF/Vr0Npr+apQzu
p0jUdtkBMe3F33mHZsoyeCbBw56QNrce/U1fCraNLpIBKQV2j8ERX41CYdVd6XQi
+WGv/aEZ1Mt8n8hZs5xOJgqdARxbtHPRTDXUyj6Vr0ZU/MaZ8YYoohJspBlIN986
SBHF7xd6CfNRNsvs8+zUWGgEGPUEaw1EIFcvwK44lkgNUu2Zzs/y6xN6b4B17PH0
fGVL667mYb+YDjO1gCNuxSOgmdLAIIJcdcTqnwIDAQABAoIBADP98jZGxSmGiFNf
S/C16yzGl8Mqz8lSACrTLE+xvmP/Hm6vmF48nWYRIOlvaJC/cDlBIhWaTC8sWFIL
N1/lkuvsQ6XIRw06GSASB3ZEMRtw0gr3qVLj38TpTgkDm6xwMw+6kgqqHF2WyfdI
aI8R1dCiCouTUlmDWYZLvLGeLoYjxhcUVNHDFSavrjssyLdZRkAIJlh5XMwQkiHw
iva7xPnCkNpgObA6DNW4TbxdGl9Ingl95LvRVSchiPZQ6pDcbZlzmkRa5RX86jVM
VCjcFy0IY0KNxA5tzA3Y/Oh3kbaiMRgX2WxwT9Hj619kko6KRIPxqSK8AWtsj66N
VADd9kECgYEA0B1d2ZnUK8Pwi0ZFMhRySESt0yXGXpO244owXRlM58+NhZTrX48z
R2r1KUZubZAKLF0dnejb7XbBkHMk2vKxRfI6D9cj8RKgB3co9ENpzNix9LMMXBye
o7NctR+YhAPt1Q8ZwpUUN9uWb4v7POLL/ayMoI8eJSQNRRsnukA6nf8CgYEA5VO1
MZpFKMPXAZ+j+Q00yzpCyAdtlnehTZsMvsQ7nHYjjxMDxCkENx4ooJuDaBS7QqbH
S1yBkOrfX2a8vsSICb3KhuBMhzY08CXKRGOOUpKbWVGT0E3iPBqC2SaH8bmiH6MS
w3wkLvBYmNpVfnb81RVgP5bq6NFyA2b+kvBq82ECgYBJkug34oM4ybeDdV9HGiVg
2S7eo88iZnRUsujwMN6YYS72F7SyfsyxJeXwJp8piq+eCXlL9yOxKre5motgAEad
pMnUCcoCEwSSPxUybZa8vasECDyJX/DRjLpsqfPgUAdHuGPx/4Q7Tx066DD00HUv
hE3fAVm15a3vTW9ZEBXo/wKBgC0ugNR1AIs3inTXbwbygyRHJkEitYSfrTgNBEXR
g60f2YGmzWcobZwuZPK/sPQgoYRQN5OxdhWHMNsq8qTjM6o3ql9Icctx8pwd1ewD
cVbza4f9epHfxmLxFjaSUNZfLIHvLxM0sixNTidPXOi9qLKSs5PTuBSGr1/cOuvY
UjoBAoGAezmOXLsTe7YZA+a/qnZnRhhdXyjcwX2VAOofWyV7DC9Xu+ZojPtRDrGe
wnrXwoECApuy7n/Hbc7WQc+xsCc4+sDxZxdWSrI/qBJjWqci3K1F2GzjCAZgTNIw
4StlMx+qVm/NDbBFI/YluXj//mIY6vwWYxJAahIuwtmCyuzuWJs=
-----END RSA PRIVATE KEY-----
private_key_type rsa
serial_number 51:74:da:cf:79:4d:bd:27:03:17:d5:93:0a:97:99:1d:0b:e3:fe:ea
C:\Users\issacg\vlt-test>
C:\Users\issacg\vlt-test>notepad cert.key
C:\Users\issacg\vlt-test>notepad cert.crt
C:\Users\issacg\vlt-test>\openssl\bin\openssl.exe s_client -connect test.example.com:8201
Loading 'screen' into random state - done
CONNECTED(000001F4)
depth=2 CN = ca
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
0 s:/CN=test.example.com
i:/CN=int
1 s:/CN=int
i:/CN=ca
2 s:/CN=ca
i:/CN=ca
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDRzCCAi+gAwIBAgIUUXTaz3lNvScDF9WTCpeZHQvj/uowDQYJKoZIhvcNAQEL
BQAwDjEMMAoGA1UEAxMDaW50MB4XDTE1MTIyOTE2MjE1MVoXDTE1MTIzMDE0MjE1
MVowGzEZMBcGA1UEAxMQdGVzdC5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBALpuUcYqi17c6UQNmtgJd4dX3xS5Ulja+SJgjMd73LpA
/zoWCIOCKK9XyyWObxM7MRpkwTfn7v0NUDGTv46PKODhOKhb85VJBZAhf1a9Daa/
mqUM7qdI1HbZATHtxd95h2bKMngmwcOekDa3Hv1NXwq2jS6SASkFdo/BEV+NQmHV
Xel0Ivlhr/2hGdTLfJ/IWbOcTiYKnQEcW7Rz0Uw11Mo+la9GVPzGmfGGKKISbKQZ
SDffOkgRxe8XegnzUTbL7PPs1FhoBBj1BGsNRCBXL8CuOJZIDVLtmc7P8usTem+A
dezx9HxlS+uu5mG/mA4ztYAjbsUjoJnSwCCCXHXE6p8CAwEAAaOBjzCBjDAOBgNV
HQ8BAf8EBAMCA6gwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1Ud
DgQWBBTbmeduCjENuwPrvAfPlY/zftQzqTAfBgNVHSMEGDAWgBTvFWrQL0I1qwlm
T3uUwYS8F3ivfjAbBgNVHREEFDASghB0ZXN0LmV4YW1wbGUuY29tMA0GCSqGSIb3
DQEBCwUAA4IBAQBPOxCKT96gHOVZrQ3Np/ShKqjAnNAMF2FVPGZNqoa722+PBtVX
l6GWkNWABBdKeOTWkC3caYXGzaGQutTiVFgYoiidP8f54/RCYp0aWbMb0odo8fhY
b+9rJhG0+POmnZxIsWhNSgdy+sEXW4pA+IKInGZr8eyPQf0xAv/+Hqq1daXHbqYK
6H3ewSc9QKY74Rsh6b423+jYyOQlFA5UZ/5TPc2y5j0Y2ckQVx30E/eaclCqzqxg
6uQcj9i0yN6CiW9nHTwYiXHiqu6J2WIJwEIPEgMESHYSSFJXTahFqA5+qA0JRvUl
K27f3hAjeDXQl91jWSD9h3LGd/2x6DYkHjBv
-----END CERTIFICATE-----
subject=/CN=test.example.com
issuer=/CN=int
---
No client certificate CA names sent
---
SSL handshake has read 3119 bytes and written 443 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: DFD493C524E6CA9AFA21ACEECBB614A3A2258E8C5ADF73DDDABBBC29D5FD63AA
Session-ID-ctx:
Master-Key: CD0A15BE4EE87600232AA7536AE425439EDD793673933B8D6C1649AAF376B44981335A130729FFA95320CFBF7A2C936F
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket:
0000 - 52 75 a4 ed 39 96 a8 cd-f7 ea 86 9e 25 5a 98 67 Ru..9.......%Z.g
0010 - 67 4a 66 a2 ae cc 54 64-6a 2d 52 13 15 82 9a 24 gJf...Tdj-R....$
0020 - 71 03 d8 7a c2 b8 b3 a9-ff ac 68 4b 4f fc 2d 94 q..z......hKO.-.
0030 - fb 04 15 f2 7c 64 a1 7e-2b 5f aa 3f 3d 6c 52 1f ....|d.~+_.?=lR.
0040 - 5b cc c2 b4 17 45 5d 21-6c db 19 2f 66 78 6e 81 [....E]!l../fxn.
0050 - 0b 1f d6 00 ac 64 81 c8-d4 82 bb 83 8b a9 ec b7 .....d..........
0060 - 09 5f e2 e5 4a 55 73 8f-59 66 75 3f eb cb 5a bd ._..JUs.Yfu?..Z.
0070 - 7e ac 4d ca a9 80 24 d2- ~.M...$.
Start Time: 1451406510
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
---
read:errno=10093
C:\Users\issacg\vlt-test>\openssl\bin\openssl.exe s_client -connect test.example.com:8201 -CAfile ca.crt
Loading 'screen' into random state - done
CONNECTED(000001EC)
depth=1 CN = int
verify error:num=26:unsupported certificate purpose
verify return:0
---
Certificate chain
0 s:/CN=test.example.com
i:/CN=int
1 s:/CN=int
i:/CN=ca
2 s:/CN=ca
i:/CN=ca
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDRzCCAi+gAwIBAgIUUXTaz3lNvScDF9WTCpeZHQvj/uowDQYJKoZIhvcNAQEL
BQAwDjEMMAoGA1UEAxMDaW50MB4XDTE1MTIyOTE2MjE1MVoXDTE1MTIzMDE0MjE1
MVowGzEZMBcGA1UEAxMQdGVzdC5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBALpuUcYqi17c6UQNmtgJd4dX3xS5Ulja+SJgjMd73LpA
/zoWCIOCKK9XyyWObxM7MRpkwTfn7v0NUDGTv46PKODhOKhb85VJBZAhf1a9Daa/
mqUM7qdI1HbZATHtxd95h2bKMngmwcOekDa3Hv1NXwq2jS6SASkFdo/BEV+NQmHV
Xel0Ivlhr/2hGdTLfJ/IWbOcTiYKnQEcW7Rz0Uw11Mo+la9GVPzGmfGGKKISbKQZ
SDffOkgRxe8XegnzUTbL7PPs1FhoBBj1BGsNRCBXL8CuOJZIDVLtmc7P8usTem+A
dezx9HxlS+uu5mG/mA4ztYAjbsUjoJnSwCCCXHXE6p8CAwEAAaOBjzCBjDAOBgNV
HQ8BAf8EBAMCA6gwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1Ud
DgQWBBTbmeduCjENuwPrvAfPlY/zftQzqTAfBgNVHSMEGDAWgBTvFWrQL0I1qwlm
T3uUwYS8F3ivfjAbBgNVHREEFDASghB0ZXN0LmV4YW1wbGUuY29tMA0GCSqGSIb3
DQEBCwUAA4IBAQBPOxCKT96gHOVZrQ3Np/ShKqjAnNAMF2FVPGZNqoa722+PBtVX
l6GWkNWABBdKeOTWkC3caYXGzaGQutTiVFgYoiidP8f54/RCYp0aWbMb0odo8fhY
b+9rJhG0+POmnZxIsWhNSgdy+sEXW4pA+IKInGZr8eyPQf0xAv/+Hqq1daXHbqYK
6H3ewSc9QKY74Rsh6b423+jYyOQlFA5UZ/5TPc2y5j0Y2ckQVx30E/eaclCqzqxg
6uQcj9i0yN6CiW9nHTwYiXHiqu6J2WIJwEIPEgMESHYSSFJXTahFqA5+qA0JRvUl
K27f3hAjeDXQl91jWSD9h3LGd/2x6DYkHjBv
-----END CERTIFICATE-----
subject=/CN=test.example.com
issuer=/CN=int
---
No client certificate CA names sent
---
SSL handshake has read 3119 bytes and written 443 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 7BA9E5C5CD890267423CD0715AC8B8348E84006B3162AA402BBF08CD902C5CC5
Session-ID-ctx:
Master-Key: C62C12D42134FDEF9E1038A0DDE37A4A7D60A0300A464A79D8455C9AC79252A4C578F14B0A5C57054871C289FE2DD4FA
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket:
0000 - 52 75 a4 ed 39 96 a8 cd-f7 ea 86 9e 25 5a 98 67 Ru..9.......%Z.g
0010 - 5f 64 f4 81 86 54 88 93-88 23 49 4f 1f 28 22 61 _d...T...#IO.("a
0020 - 99 f1 fa 19 ea 7f a8 1a-b0 f5 e7 c5 75 a1 7f 32 ............u..2
0030 - 43 38 5e fc 52 e1 a1 89-34 e7 05 23 14 b4 6e dc C8^.R...4..#..n.
0040 - 6d 6c 10 a3 ac b9 27 03-50 20 66 ef ec 74 34 86 ml....'.P f..t4.
0050 - 0a 8c b0 97 08 0b cb 0b-e1 c2 8e b7 80 db aa 3c ...............<
0060 - 3e 69 7d ec 32 89 9d 2a-43 06 f3 ce 4e 53 86 82 >i}.2..*C...NS..
0070 - 48 9f 3a d0 b9 90 68 e3- H.:...h.
Start Time: 1451406519
Timeout : 300 (sec)
Verify return code: 26 (unsupported certificate purpose)
---
read:errno=10093
C:\Users\issacg\vlt-test>\openssl\bin\openssl.exe x509 -noout -purpose -in int.ca
Certificate purposes:
SSL client : No
SSL client CA : No
SSL server : No
SSL server CA : No
Netscape SSL server : No
Netscape SSL server CA : No
S/MIME signing : No
S/MIME signing CA : No
S/MIME encryption : No
S/MIME encryption CA : No
CRL signing : Yes
CRL signing CA : Yes
Any Purpose : Yes
Any Purpose CA : Yes
OCSP helper : Yes
OCSP helper CA : Yes
Time Stamp signing : No
Time Stamp signing CA : Yes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment