Created
January 31, 2020 15:16
-
-
Save stvdilln/1ed81660da55d2e25ffafb04ca0708e0 to your computer and use it in GitHub Desktop.
Create a Certificate Signing Request in Terraform
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Create a CSR (Certificate Signing Request) | |
# Behind the scenes this creates a new private key, that has signed the | |
# CSR. Later on, when we store the signed Intermediate Cert, that | |
# certificate must match the Private Key generated here. | |
# I don't see an obvious way to use these APIs to put an intermediate cert | |
# into vault that was generated outside of vault. | |
resource "vault_pki_secret_backend_intermediate_cert_request" "intermediate" { | |
depends_on = [ vault_mount.pki_int ] | |
backend = vault_mount.pki_int.path | |
#backend = vault_mount.root.path | |
type = "internal" | |
# This appears to be overwritten when the CA signs this cert, I'm not sure | |
# the importance of common_name here. | |
common_name = "${var.server_cert_domain} Intermediate Certificate" | |
format = "pem" | |
private_key_format = "der" | |
key_type = "rsa" | |
key_bits = "4096" | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment