Skip to content

Instantly share code, notes, and snippets.

@therandomsecurityguy
Created June 22, 2017 15:08
Show Gist options
  • Save therandomsecurityguy/b6e538f085f24e79f649ecb5632fedbe to your computer and use it in GitHub Desktop.
Save therandomsecurityguy/b6e538f085f24e79f649ecb5632fedbe to your computer and use it in GitHub Desktop.

Vault PKI Root and Intermediate Certificates

Root Certificate

vault mount -path=pki-root pki

vault mount-tune -max-lease-ttl=87600h pki-root

# This will write a json file to the filesystem.
vault write -format=json pki-root/root/generate/exported \
  common_name=example.com \
  ttl=87600h \
	> root-exported.json

# Extract the key and ca
cat root-exported.json | jq -r '.data.certificate,.data.private_key' > intermediate.pem

Intermediate Certificate

vault mount -path=pki-services pki

vault mount-tune -max-lease-ttl=87600h pki-services

cat intermediate.pem | vault write pki-services/config/ca pem_bundle=-

vault write pki-services/roles/services \
  allow_bare_domains=true \
  allowed_domains="example.com" \
  allow_subdomains="true" \
  max_ttl="72h"

vault write pki-services/issue/services \
  common_name=www.example.com

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment