stvdilln/intermediate_csr.tf

## intermediate_csr.tf
# Create a CSR (Certificate Signing Request)
# Behind the scenes this creates a new private key, that has signed the
# CSR.  Later on, when we store the signed Intermediate Cert, that
# certificate must match the Private Key generated here.
# I don't see an obvious way to use these APIs to put an intermediate cert
# into vault that was generated outside of vault.
resource "vault_pki_secret_backend_intermediate_cert_request" "intermediate" {
  depends_on = [ vault_mount.pki_int ]

  backend = vault_mount.pki_int.path
  #backend = vault_mount.root.path
  type = "internal"
  # This appears to be overwritten when the CA signs this cert, I'm not sure
  # the importance of common_name here.
  common_name = "${var.server_cert_domain} Intermediate Certificate"
  format = "pem"
  private_key_format = "der"
  key_type = "rsa"
  key_bits = "4096"
}
	# Create a CSR (Certificate Signing Request)
	# Behind the scenes this creates a new private key, that has signed the
	# CSR. Later on, when we store the signed Intermediate Cert, that
	# certificate must match the Private Key generated here.
	# I don't see an obvious way to use these APIs to put an intermediate cert
	# into vault that was generated outside of vault.
	resource "vault_pki_secret_backend_intermediate_cert_request" "intermediate" {
	depends_on = [ vault_mount.pki_int ]

	backend = vault_mount.pki_int.path
	#backend = vault_mount.root.path
	type = "internal"
	# This appears to be overwritten when the CA signs this cert, I'm not sure
	# the importance of common_name here.
	common_name = "${var.server_cert_domain} Intermediate Certificate"
	format = "pem"
	private_key_format = "der"
	key_type = "rsa"
	key_bits = "4096"
	}