vaultapi client fails with x509: certificate signed by unknown authority
1,994 views
Skip to first unread message
paul.car...@gmail.com
Feb 3, 2017, 6:34:56 AM2/3/17
to Vault
I've started vault using docker image and can communicate with it using curl but my go program that tries to use the vaultapi client fails
Anyone know what I'm doing wrong, my go program is
package main
import (
"fmt"
"log"
vaultapi "github.com/hashicorp/vault/api"
)
func VaultClient() *vaultapi.Client {
config := vaultapi.DefaultConfig()
client, err := vaultapi.NewClient(config)
if err != nil {
log.Fatal(err)
}
return client
}
func vault() {
client := VaultClient()
status, err := client.Sys().InitStatus()
if err != nil {
log.Fatal(err)
}
fmt.Print(status)
}
func main() {
vault()
}
I ran the following commands
$ docker stop vault
vault
$ docker rm vault
vault
$
$ docker run -d -p 8200:8200 -v /etc/vault:/etc/vault -v /opt/vault:/opt/vault -v /usr/share/ca-certificates/extra:/etc/ssl/certs:ro -e VAULT_CACERT=appliance-ca.crt -e VAULT_CAPATH=/etc/ssl/certs --name vault vault server -config /etc/vault/vault.config -log-level=trace
7a0c6ef3433a365b29abfaf3abb5aa7a1cf987f64cc1c222da94eafe7e077572
$ sleep 1
$ docker logs --details vault
Couldn't start vault with IPC_LOCK. Disabling IPC_LOCK, please use --privileged or --cap-add IPC_LOCK
==> Vault server configuration:
Backend: file
Cgo: disabled
Listener 1: tcp (addr: "0.0.0.0:8200", cluster address: "", tls: "enabled")
Log Level: trace
Mlock: supported: true, enabled: false
Version: Vault v0.6.4
Version Sha: f4adc7fa960ed8e828f94bc6785bcdbae8d1b263
==> Vault server started! Log data will stream in below:
2017/02/03 11:23:51.738658 [TRACE] physical/cache: creating LRU cache: size=32768
2017/02/03 11:23:51.739509 [TRACE] cluster listener addresses synthesized: cluster_addresses=[0.0.0.0:8201]
$
$ export pki_backend=appliance
$ export ip=192.168.16.101
$ export endpoint=https://$ip:8200
$ export VAULT_ADDR=$endpoint
$ export VAULT_CACERT=/home/pcarlton/src/github.hpe.com/ncs-dev-env/certs/appliance-ca.crt
$ export no_proxy="--noproxy $ip"
$ export ca="--cacert $VAULT_CACERT"
$
$ curl --cacert certs/appliance-ca.crt -s $no_proxy -d '{"secret_shares": 5, "secret_threshold": 3}' -X PUT $endpoint/v1/sys/init | python -m json.tool
{
"keys": [
"45924d9bd1143699b2df79cb9fbe2f1e9c96d08a9b1a5f4fda1eed9cf95268d601",
"9dcae250f4a573ee7acfac0047fa19501d6cfd02872eef65158e5c914182a0d402",
"a0dfd5046ce859a6ed2655d3ebdd27ff32e9a6116e2a8a558caf90c6666b993d03",
"e39aa43646392e25281fe18a07ebcace194e4a76739ef7b808a70e829224927a04",
"de8f9362de74046dbff61859abccf46136cb11659a9a92889186c2d5b5cdab9305"
],
"keys_base64": [
"RZJNm9EUNpmy33nLn74vHpyW0IqbGl9P2h7tnPlSaNYB",
"ncriUPSlc+56z6wAR/oZUB1s/QKHLu9lFY5ckUGCoNQC",
"oN/VBGzoWabtJlXT690n/zLpphFuKopVjK+QxmZrmT0D",
"45qkNkY5LiUoH+GKB+vKzhlOSnZznve4CKcOgpIkknoE",
"3o+TYt50BG2/9hhZq8z0YTbLEWWampKIkYbC1bXNq5MF"
],
"root_token": "6753c606-6b5a-a53c-96d9-34860f9fb244"
}
$ env | grep VAULT
VAULT_CLIENT_CERT=
VAULT_ADDR=https://192.168.16.101:8200
VAULT_CLIENT_KEY=
VAULT_CACERT=/home/pcarlton/src/github.hpe.com/ncs-dev-env/certs/appliance-ca.crt
VAULT_TOKEN=31f7df27-b02c-1a0f-6e59-973333e6837c
$ go run cert-mgr/cert-mgr.go
Get https://192.168.16.101:8200/v1/sys/init: x509: certificate signed by unknown authority
exit status 1
Thanks
paul.car...@gmail.com
Feb 3, 2017, 8:23:37 AM2/3/17
to Vault
Ah, think I spotted it, I passed in a config so, from my reading of client.go it did not read environmental variables
Jeff Mitchell
Feb 3, 2017, 8:54:51 AM2/3/17
to vault...@googlegroups.com
Hi Paul,
That sounds correct; specified configs override env vars, which are read earlier in the process.
Best,
Jeff
On Feb 3, 2017 8:23 AM, <paul.car...@gmail.com> wrote:
Ah, think I spotted it, I passed in a config so, from my reading of client.go it did not read environmental variables
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/57396d05-9510-4d09-8ea6-b013fc4bf86f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
paul.car...@gmail.com
Feb 7, 2017, 12:33:57 PM2/7/17
to Vault
Jeff
I get further with the verbatim approach now
ERROR: 2017/02/07 17:24:26 cert-mgr.go:301: Error making API request.
URL: PUT https://192.168.16.101:8200/v1/appliance/sign-verbatim/certs
Code: 400. Errors:
* the common_name field is required, or must be provided in a CSR with "use_csr_common_name" set to true
However my csr does have a CN...
curl $curl_opts -s $endpoint/v1/$pki_backend/roles/certs | python -m json.tool
{
"auth": null,
"data": {
"allow_any_name": true,
"allow_bare_domains": false,
"allow_base_domain": false,
"allow_ip_sans": true,
"allow_localhost": true,
"allow_subdomains": false,
"allow_token_displayname": false,
"allowed_domains": "",
"client_flag": true,
"code_signing_flag": false,
"email_protection_flag": false,
"enforce_hostnames": true,
"key_bits": 4096,
"key_type": "rsa",
"key_usage": "DigitalSignature,KeyAgreement,KeyEncipherment",
"max_ttl": "8760h0m0s",
"server_flag": false,
"ttl": "876h0m0s",
"use_csr_common_name": true
},
"lease_duration": 0,
"lease_id": "",
"renewable": false,
"request_id": "49b8f2b0-0403-9679-4298-d3996472c85c",
"warnings": null,
"wrap_info": null
}
pcarlton@ncs-dev1:~/src/github.hpe.com/ncs-dev-env$ openssl req -text -in /tmp/csr
Certificate Request:
Data:
Version: 0 (0x0)
Subject: O=HPE, OU=SDCG, OU=NCS, OU=dev-env, CN=test
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:da:40:2b:e1:15:c2:f3:ab:bd:02:b9:e3:4c:38:
a7:06:95:31:9a:ba:80:cf:9e:92:7e:65:eb:a7:6e:
06:c7:23:7f:05:ae:5b:ee:a3:e6:00:81:d2:ca:81:
96:4b:f1:16:48:3e:3d:84:4f:6a:de:b8:86:21:a7:
ba:b7:0c:b5:e8:3c:ff:3c:74:64:b6:04:da:a1:0d:
c7:7c:f4:7f:1a:f1:de:fa:67:1f:9e:93:d8:0e:83:
8a:1f:69:a1:50:fb:46:0b:e3:37:33:bb:c7:28:3f:
f7:ab:25:14:9f:19:e5:c3:1c:0b:e4:ac:30:e2:fe:
9f:9b:cb:30:af:91:12:be:48:35:9a:5f:a8:ac:f0:
58:1c:36:18:09:df:4b:da:f3:05:d3:2a:b5:ec:d1:
1f:6f:53:99:93:62:e3:13:d7:14:55:cd:2f:18:59:
ab:94:87:15:92:21:b7:46:ac:8f:6d:5d:5b:bb:7d:
a7:b9:5b:a5:64:53:21:cd:b5:27:af:3e:59:36:e7:
93:11:1a:5d:a6:a0:92:a3:91:af:4d:3a:b4:c7:d0:
68:30:8c:ae:34:76:0c:93:85:8a:ff:a8:5b:d2:fb:
6d:56:57:c1:4d:24:98:07:98:6a:4f:ff:01:51:b2:
6b:30:53:40:ae:8e:4f:cb:f7:63:d1:13:ee:44:a6:
14:be:9f:77:8e:80:67:3e:49:15:81:bf:b2:56:b8:
34:6d:6e:36:0e:d6:55:ff:4f:6b:db:9d:3a:50:b9:
77:a4:03:88:56:3c:7e:d9:52:c4:6c:13:29:f8:ae:
0a:d6:98:cb:2b:8d:59:13:da:3d:8c:c0:9b:07:f0:
a5:e2:83:e1:b4:0d:2f:89:80:91:0c:71:b8:1e:86:
54:8a:2c:c8:f4:dc:81:cd:b0:5a:28:19:fe:f5:c7:
d8:f1:2e:62:01:53:71:e9:ad:89:5d:5e:4b:4d:08:
d8:57:d6:5a:53:41:ad:2a:51:65:2f:3d:49:95:d4:
77:31:6c:75:43:e4:17:21:36:3c:46:20:38:09:d5:
d8:dc:18:80:23:5b:01:30:da:6d:66:8a:61:e1:0b:
f8:1f:a1:0e:78:c8:5b:64:65:26:52:4b:54:86:ec:
f0:c8:6a:17:51:16:84:52:72:af:a8:60:91:0b:54:
5f:7b:61:2f:67:b6:cc:b3:4d:7d:3e:a2:1b:17:6d:
d1:14:46:11:00:8e:b0:70:2f:5c:4a:fa:d6:57:b3:
fa:a2:e7:26:87:b2:d0:34:90:4a:01:2f:4d:22:af:
4d:c6:ff:a5:86:6f:02:94:62:9a:4e:a4:61:80:80:
90:20:a4:ae:87:cc:97:35:c7:c5:54:08:89:39:f8:
46:a8:6d
Exponent: 65537 (0x10001)
Attributes:
a0:00
Signature Algorithm: sha256WithRSAEncryption
a1:b8:0e:3f:c8:0e:07:32:e0:81:86:57:b7:f3:4c:cb:7e:a3:
a9:41:6e:ae:17:43:1b:1c:e0:04:b0:c4:33:1a:eb:e8:b0:3b:
6e:ee:f6:41:0b:1a:42:b2:89:4c:c3:a1:58:c1:8b:28:d7:7a:
ea:8d:52:02:1f:75:32:44:e0:c6:23:f5:e0:61:9f:f3:09:fa:
98:bf:31:0a:84:5b:c2:d5:43:ce:9f:94:de:4b:e8:46:ab:b1:
6d:29:17:c9:5e:56:bf:41:72:59:1a:33:af:5b:3f:ee:7a:eb:
7b:7b:2f:d9:fb:55:4e:c8:90:dc:8f:1e:40:74:77:a0:69:47:
0e:b3:df:11:73:9c:7c:aa:65:a8:89:24:3d:43:b7:a3:44:22:
ff:c5:f3:e8:08:75:4f:0d:42:0d:e0:fb:a5:7b:e0:72:f5:2e:
cb:59:32:19:59:9e:72:57:22:5b:f0:97:13:64:ca:8b:ff:8b:
ee:6f:ab:ed:e8:f8:22:b0:53:62:bb:1a:ad:13:72:1b:2a:5e:
5b:30:51:72:40:e0:2a:bb:d5:c7:dd:8f:f4:8b:e6:fa:67:be:
2e:01:78:d9:74:b0:e1:b9:9e:4d:cc:3c:4c:2c:56:b9:59:00:
8a:d2:44:70:bc:08:31:80:ef:3d:ac:f0:a6:3f:ed:1e:b4:ce:
74:04:2c:f8:80:3a:34:a8:57:51:c6:a3:76:e0:b3:bd:47:c8:
f0:5a:4b:b6:4e:66:58:fa:14:e3:4e:71:26:79:ac:df:7d:35:
35:e1:61:fd:a4:68:8e:61:15:46:5c:fa:2c:3e:88:48:61:c8:
9f:73:2a:ae:72:c3:4a:f8:d8:69:63:18:fb:76:68:90:7f:4a:
27:6c:5b:73:1f:f8:4b:41:4b:91:d4:42:d9:66:17:24:f1:e1:
1f:84:18:66:f3:f5:4d:36:f9:69:f3:65:eb:dd:ed:df:d7:e8:
83:e0:08:c1:de:63:53:1d:be:2f:9f:c3:9f:17:9e:e5:50:a5:
8b:38:68:8a:8c:98:87:e6:27:2b:09:cf:47:8f:1c:5d:9d:1d:
ed:9a:fb:8c:bc:b3:cf:15:46:dc:c2:af:21:47:f9:d8:cc:44:
e9:a5:55:03:3a:45:c8:eb:c6:b9:fb:5b:64:2f:8a:27:09:22:
d4:ef:6b:8b:e3:23:ac:27:8c:cc:e0:0c:fc:cc:01:9f:71:a7:
7b:d8:60:55:42:ab:1a:e6:4d:5f:c7:bf:61:cd:d0:d9:70:9e:
8b:02:1b:12:14:5d:18:24:6a:fc:77:88:38:9d:96:a8:5c:60:
08:c0:b3:30:9e:58:5e:49:dd:83:1c:21:2d:1b:ea:26:a7:f6:
cd:c1:9c:6e:69:a3:5c:af
-----BEGIN CERTIFICATE REQUEST-----
MIIEjTCCAnUCAQAwSDEMMAoGA1UEChMDSFBFMSkwCwYDVQQLEwRTRENHMAoGA1UE
CxMDTkNTMA4GA1UECxMHZGV2LWVudjENMAsGA1UEAxMEdGVzdDCCAiIwDQYJKoZI
hvcNAQEBBQADggIPADCCAgoCggIBANpAK+EVwvOrvQK540w4pwaVMZq6gM+ekn5l
66duBscjfwWuW+6j5gCB0sqBlkvxFkg+PYRPat64hiGnurcMteg8/zx0ZLYE2qEN
x3z0fxrx3vpnH56T2A6Dih9poVD7RgvjNzO7xyg/96slFJ8Z5cMcC+SsMOL+n5vL
MK+REr5INZpfqKzwWBw2GAnfS9rzBdMqtezRH29TmZNi4xPXFFXNLxhZq5SHFZIh
t0asj21dW7t9p7lbpWRTIc21J68+WTbnkxEaXaagkqORr006tMfQaDCMrjR2DJOF
iv+oW9L7bVZXwU0kmAeYak//AVGyazBTQK6OT8v3Y9ET7kSmFL6fd46AZz5JFYG/
sla4NG1uNg7WVf9Pa9udOlC5d6QDiFY8ftlSxGwTKfiuCtaYyyuNWRPaPYzAmwfw
peKD4bQNL4mAkQxxuB6GVIosyPTcgc2wWigZ/vXH2PEuYgFTcemtiV1eS00I2FfW
WlNBrSpRZS89SZXUdzFsdUPkFyE2PEYgOAnV2NwYgCNbATDabWaKYeEL+B+hDnjI
W2RlJlJLVIbs8MhqF1EWhFJyr6hgkQtUX3thL2e2zLNNfT6iGxdt0RRGEQCOsHAv
XEr61lez+qLnJoey0DSQSgEvTSKvTcb/pYZvApRimk6kYYCAkCCkrofMlzXHxVQI
iTn4RqhtAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAobgOP8gOBzLggYZXt/NM
y36jqUFurhdDGxzgBLDEMxrr6LA7bu72QQsaQrKJTMOhWMGLKNd66o1SAh91MkTg
xiP14GGf8wn6mL8xCoRbwtVDzp+U3kvoRquxbSkXyV5Wv0FyWRozr1s/7nrre3sv
2ftVTsiQ3I8eQHR3oGlHDrPfEXOcfKplqIkkPUO3o0Qi/8Xz6Ah1Tw1CDeD7pXvg
cvUuy1kyGVmeclciW/CXE2TKi/+L7m+r7ej4IrBTYrsarRNyGypeWzBRckDgKrvV
x92P9Ivm+me+LgF42XSw4bmeTcw8TCxWuVkAitJEcLwIMYDvPazwpj/tHrTOdAQs
+IA6NKhXUcajduCzvUfI8FpLtk5mWPoU405xJnms3301NeFh/aRojmEVRlz6LD6I
SGHIn3MqrnLDSvjYaWMY+3ZokH9KJ2xbcx/4S0FLkdRC2WYXJPHhH4QYZvP1TTb5
afNl693t39fog+AIwd5jUx2+L5/Dnxee5VClizhoioyYh+YnKwnPR48cXZ0d7Zr7
jLyzzxVG3MKvIUf52MxE6aVVAzpFyOvGuftbZC+KJwki1O9ri+MjrCeMzOAM/MwB
n3Gne9hgVUKrGuZNX8e/Yc3Q2XCeiwIbEhRdGCRq/HeIOJ2WqFxgCMCzMJ5YXknd
gxwhLRvqJqf2zcGcbmmjXK8=
-----END CERTIFICATE REQUEST-----
Will try the cli commands for the server_flag issues to see if it works that way, thanks
I get further with the verbatim approach now
ERROR: 2017/02/07 17:24:26 cert-mgr.go:301: Error making API request.
URL: PUT https://192.168.16.101:8200/v1/appliance/sign-verbatim/certs
Code: 400. Errors:
* the common_name field is required, or must be provided in a CSR with "use_csr_common_name" set to true
However my csr does have a CN...
curl $curl_opts -s $endpoint/v1/$pki_backend/roles/certs | python -m json.tool
{
"auth": null,
"data": {
"allow_any_name": true,
"allow_bare_domains": false,
"allow_base_domain": false,
"allow_ip_sans": true,
"allow_localhost": true,
"allow_subdomains": false,
"allow_token_displayname": false,
"allowed_domains": "",
"client_flag": true,
"code_signing_flag": false,
"email_protection_flag": false,
"enforce_hostnames": true,
"key_bits": 4096,
"key_type": "rsa",
"key_usage": "DigitalSignature,KeyAgreement,KeyEncipherment",
"max_ttl": "8760h0m0s",
"server_flag": false,
"ttl": "876h0m0s",
"use_csr_common_name": true
},
"lease_duration": 0,
"lease_id": "",
"renewable": false,
"request_id": "49b8f2b0-0403-9679-4298-d3996472c85c",
"warnings": null,
"wrap_info": null
}
pcarlton@ncs-dev1:~/src/github.hpe.com/ncs-dev-env$ openssl req -text -in /tmp/csr
Certificate Request:
Data:
Version: 0 (0x0)
Subject: O=HPE, OU=SDCG, OU=NCS, OU=dev-env, CN=test
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:da:40:2b:e1:15:c2:f3:ab:bd:02:b9:e3:4c:38:
a7:06:95:31:9a:ba:80:cf:9e:92:7e:65:eb:a7:6e:
06:c7:23:7f:05:ae:5b:ee:a3:e6:00:81:d2:ca:81:
96:4b:f1:16:48:3e:3d:84:4f:6a:de:b8:86:21:a7:
ba:b7:0c:b5:e8:3c:ff:3c:74:64:b6:04:da:a1:0d:
c7:7c:f4:7f:1a:f1:de:fa:67:1f:9e:93:d8:0e:83:
8a:1f:69:a1:50:fb:46:0b:e3:37:33:bb:c7:28:3f:
f7:ab:25:14:9f:19:e5:c3:1c:0b:e4:ac:30:e2:fe:
9f:9b:cb:30:af:91:12:be:48:35:9a:5f:a8:ac:f0:
58:1c:36:18:09:df:4b:da:f3:05:d3:2a:b5:ec:d1:
1f:6f:53:99:93:62:e3:13:d7:14:55:cd:2f:18:59:
ab:94:87:15:92:21:b7:46:ac:8f:6d:5d:5b:bb:7d:
a7:b9:5b:a5:64:53:21:cd:b5:27:af:3e:59:36:e7:
93:11:1a:5d:a6:a0:92:a3:91:af:4d:3a:b4:c7:d0:
68:30:8c:ae:34:76:0c:93:85:8a:ff:a8:5b:d2:fb:
6d:56:57:c1:4d:24:98:07:98:6a:4f:ff:01:51:b2:
6b:30:53:40:ae:8e:4f:cb:f7:63:d1:13:ee:44:a6:
14:be:9f:77:8e:80:67:3e:49:15:81:bf:b2:56:b8:
34:6d:6e:36:0e:d6:55:ff:4f:6b:db:9d:3a:50:b9:
77:a4:03:88:56:3c:7e:d9:52:c4:6c:13:29:f8:ae:
0a:d6:98:cb:2b:8d:59:13:da:3d:8c:c0:9b:07:f0:
a5:e2:83:e1:b4:0d:2f:89:80:91:0c:71:b8:1e:86:
54:8a:2c:c8:f4:dc:81:cd:b0:5a:28:19:fe:f5:c7:
d8:f1:2e:62:01:53:71:e9:ad:89:5d:5e:4b:4d:08:
d8:57:d6:5a:53:41:ad:2a:51:65:2f:3d:49:95:d4:
77:31:6c:75:43:e4:17:21:36:3c:46:20:38:09:d5:
d8:dc:18:80:23:5b:01:30:da:6d:66:8a:61:e1:0b:
f8:1f:a1:0e:78:c8:5b:64:65:26:52:4b:54:86:ec:
f0:c8:6a:17:51:16:84:52:72:af:a8:60:91:0b:54:
5f:7b:61:2f:67:b6:cc:b3:4d:7d:3e:a2:1b:17:6d:
d1:14:46:11:00:8e:b0:70:2f:5c:4a:fa:d6:57:b3:
fa:a2:e7:26:87:b2:d0:34:90:4a:01:2f:4d:22:af:
4d:c6:ff:a5:86:6f:02:94:62:9a:4e:a4:61:80:80:
90:20:a4:ae:87:cc:97:35:c7:c5:54:08:89:39:f8:
46:a8:6d
Exponent: 65537 (0x10001)
Attributes:
a0:00
Signature Algorithm: sha256WithRSAEncryption
a1:b8:0e:3f:c8:0e:07:32:e0:81:86:57:b7:f3:4c:cb:7e:a3:
a9:41:6e:ae:17:43:1b:1c:e0:04:b0:c4:33:1a:eb:e8:b0:3b:
6e:ee:f6:41:0b:1a:42:b2:89:4c:c3:a1:58:c1:8b:28:d7:7a:
ea:8d:52:02:1f:75:32:44:e0:c6:23:f5:e0:61:9f:f3:09:fa:
98:bf:31:0a:84:5b:c2:d5:43:ce:9f:94:de:4b:e8:46:ab:b1:
6d:29:17:c9:5e:56:bf:41:72:59:1a:33:af:5b:3f:ee:7a:eb:
7b:7b:2f:d9:fb:55:4e:c8:90:dc:8f:1e:40:74:77:a0:69:47:
0e:b3:df:11:73:9c:7c:aa:65:a8:89:24:3d:43:b7:a3:44:22:
ff:c5:f3:e8:08:75:4f:0d:42:0d:e0:fb:a5:7b:e0:72:f5:2e:
cb:59:32:19:59:9e:72:57:22:5b:f0:97:13:64:ca:8b:ff:8b:
ee:6f:ab:ed:e8:f8:22:b0:53:62:bb:1a:ad:13:72:1b:2a:5e:
5b:30:51:72:40:e0:2a:bb:d5:c7:dd:8f:f4:8b:e6:fa:67:be:
2e:01:78:d9:74:b0:e1:b9:9e:4d:cc:3c:4c:2c:56:b9:59:00:
8a:d2:44:70:bc:08:31:80:ef:3d:ac:f0:a6:3f:ed:1e:b4:ce:
74:04:2c:f8:80:3a:34:a8:57:51:c6:a3:76:e0:b3:bd:47:c8:
f0:5a:4b:b6:4e:66:58:fa:14:e3:4e:71:26:79:ac:df:7d:35:
35:e1:61:fd:a4:68:8e:61:15:46:5c:fa:2c:3e:88:48:61:c8:
9f:73:2a:ae:72:c3:4a:f8:d8:69:63:18:fb:76:68:90:7f:4a:
27:6c:5b:73:1f:f8:4b:41:4b:91:d4:42:d9:66:17:24:f1:e1:
1f:84:18:66:f3:f5:4d:36:f9:69:f3:65:eb:dd:ed:df:d7:e8:
83:e0:08:c1:de:63:53:1d:be:2f:9f:c3:9f:17:9e:e5:50:a5:
8b:38:68:8a:8c:98:87:e6:27:2b:09:cf:47:8f:1c:5d:9d:1d:
ed:9a:fb:8c:bc:b3:cf:15:46:dc:c2:af:21:47:f9:d8:cc:44:
e9:a5:55:03:3a:45:c8:eb:c6:b9:fb:5b:64:2f:8a:27:09:22:
d4:ef:6b:8b:e3:23:ac:27:8c:cc:e0:0c:fc:cc:01:9f:71:a7:
7b:d8:60:55:42:ab:1a:e6:4d:5f:c7:bf:61:cd:d0:d9:70:9e:
8b:02:1b:12:14:5d:18:24:6a:fc:77:88:38:9d:96:a8:5c:60:
08:c0:b3:30:9e:58:5e:49:dd:83:1c:21:2d:1b:ea:26:a7:f6:
cd:c1:9c:6e:69:a3:5c:af
-----BEGIN CERTIFICATE REQUEST-----
MIIEjTCCAnUCAQAwSDEMMAoGA1UEChMDSFBFMSkwCwYDVQQLEwRTRENHMAoGA1UE
CxMDTkNTMA4GA1UECxMHZGV2LWVudjENMAsGA1UEAxMEdGVzdDCCAiIwDQYJKoZI
hvcNAQEBBQADggIPADCCAgoCggIBANpAK+EVwvOrvQK540w4pwaVMZq6gM+ekn5l
66duBscjfwWuW+6j5gCB0sqBlkvxFkg+PYRPat64hiGnurcMteg8/zx0ZLYE2qEN
x3z0fxrx3vpnH56T2A6Dih9poVD7RgvjNzO7xyg/96slFJ8Z5cMcC+SsMOL+n5vL
MK+REr5INZpfqKzwWBw2GAnfS9rzBdMqtezRH29TmZNi4xPXFFXNLxhZq5SHFZIh
t0asj21dW7t9p7lbpWRTIc21J68+WTbnkxEaXaagkqORr006tMfQaDCMrjR2DJOF
iv+oW9L7bVZXwU0kmAeYak//AVGyazBTQK6OT8v3Y9ET7kSmFL6fd46AZz5JFYG/
sla4NG1uNg7WVf9Pa9udOlC5d6QDiFY8ftlSxGwTKfiuCtaYyyuNWRPaPYzAmwfw
peKD4bQNL4mAkQxxuB6GVIosyPTcgc2wWigZ/vXH2PEuYgFTcemtiV1eS00I2FfW
WlNBrSpRZS89SZXUdzFsdUPkFyE2PEYgOAnV2NwYgCNbATDabWaKYeEL+B+hDnjI
W2RlJlJLVIbs8MhqF1EWhFJyr6hgkQtUX3thL2e2zLNNfT6iGxdt0RRGEQCOsHAv
XEr61lez+qLnJoey0DSQSgEvTSKvTcb/pYZvApRimk6kYYCAkCCkrofMlzXHxVQI
iTn4RqhtAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAobgOP8gOBzLggYZXt/NM
y36jqUFurhdDGxzgBLDEMxrr6LA7bu72QQsaQrKJTMOhWMGLKNd66o1SAh91MkTg
xiP14GGf8wn6mL8xCoRbwtVDzp+U3kvoRquxbSkXyV5Wv0FyWRozr1s/7nrre3sv
2ftVTsiQ3I8eQHR3oGlHDrPfEXOcfKplqIkkPUO3o0Qi/8Xz6Ah1Tw1CDeD7pXvg
cvUuy1kyGVmeclciW/CXE2TKi/+L7m+r7ej4IrBTYrsarRNyGypeWzBRckDgKrvV
x92P9Ivm+me+LgF42XSw4bmeTcw8TCxWuVkAitJEcLwIMYDvPazwpj/tHrTOdAQs
+IA6NKhXUcajduCzvUfI8FpLtk5mWPoU405xJnms3301NeFh/aRojmEVRlz6LD6I
SGHIn3MqrnLDSvjYaWMY+3ZokH9KJ2xbcx/4S0FLkdRC2WYXJPHhH4QYZvP1TTb5
afNl693t39fog+AIwd5jUx2+L5/Dnxee5VClizhoioyYh+YnKwnPR48cXZ0d7Zr7
jLyzzxVG3MKvIUf52MxE6aVVAzpFyOvGuftbZC+KJwki1O9ri+MjrCeMzOAM/MwB
n3Gne9hgVUKrGuZNX8e/Yc3Q2XCeiwIbEhRdGCRq/HeIOJ2WqFxgCMCzMJ5YXknd
gxwhLRvqJqf2zcGcbmmjXK8=
-----END CERTIFICATE REQUEST-----
Will try the cli commands for the server_flag issues to see if it works that way, thanks
Jeff Mitchell
Feb 8, 2017, 4:57:48 PM2/8/17
to vault...@googlegroups.com
"* the common_name field is required, or must be provided in a CSR with "use_csr_common_name" set to true
However my csr does have a CN..."
However my csr does have a CN..."
This should work properly in 0.6.5, which was released yesterday.
Best,
Jeff
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/76c5c741-afdd-4c0a-b1fa-241b13720cb2%40googlegroups.com.
Carlton, Paul
Feb 9, 2017, 6:04:44 AM2/9/17
to vault...@googlegroups.com
Jeff
Thanks, that did the trick!
Paul Carlton
Software Engineer
Email: paul.c...@hpe.com
HPE Hybrid IT Software Stack Engineering |
T: +44 1173162189 |
M: +44 7768 994283
BUK03:T242 | Hewlett-Packard
Enterprise | Long Down Avenue | Bristol | BS34 8QZ | UK
Registered Office: Cain Road, Bracknell, Berkshire, RG12 1HN | Registered No: 00690597 England | VAT Number: GB 314 1496 79
Registered Office: Cain Road, Bracknell, Berkshire, RG12 1HN | Registered No: 00690597 England | VAT Number: GB 314 1496 79
This e-mail may contain confidential and/or legally privileged material for the
sole use of the intended recipient. If you are not the intended recipient (or authorized to receive for the recipient) please contact the sender by reply e-mail and delete all copies of this message. If you are receiving this message internally within the
Hewlett Packard group of companies, you should consider the contents .“CONFIDENTIAL.”
From: vault...@googlegroups.com <vault...@googlegroups.com> on behalf of Jeff Mitchell <je...@hashicorp.com>
Sent: 08 February 2017 21:57:26
To: vault...@googlegroups.com
Subject: Re: [vault] Re: vaultapi client fails with x509: certificate signed by unknown authority
Sent: 08 February 2017 21:57:26
To: vault...@googlegroups.com
Subject: Re: [vault] Re: vaultapi client fails with x509: certificate signed by unknown authority
You received this message because you are subscribed to a topic in the Google Groups "Vault" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/vault-tool/8xGUDGO8ntw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to vault-tool+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/CAORe8GGC4s2jfb7EO9yRLTGeb16KKc2ZpF7UkW8XLEEcSt6h_Q%40mail.gmail.com.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/vault-tool/8xGUDGO8ntw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to vault-tool+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/CAORe8GGC4s2jfb7EO9yRLTGeb16KKc2ZpF7UkW8XLEEcSt6h_Q%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages