Created
January 31, 2020 15:18
-
-
Save stvdilln/f984aaf19beaa527d3b539565045017c to your computer and use it in GitHub Desktop.
Asking a Vault Certificate to sign a Certificate Signing Request.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Have the Root CA Sign our CSR | |
| resource "vault_pki_secret_backend_root_sign_intermediate" "intermediate" { | |
| depends_on = [ vault_pki_secret_backend_intermediate_cert_request.intermediate, vault_pki_secret_backend_config_ca.ca_config ] | |
| backend = vault_mount.root.path | |
| csr = vault_pki_secret_backend_intermediate_cert_request.intermediate.csr | |
| common_name = "${var.server_cert_domain} Intermediate Certificate" | |
| exclude_cn_from_sans = true | |
| ou = "Development" | |
| organization = "mydomain.com" | |
| # Note that I am asking for 8 years here, since the vault_mount.root has a max_lease_ttl of 5 years | |
| # this 8 year request is shortened to 5. | |
| ttl = 252288000 #8 years | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment