Unable to store certificate locally

Bogdan Bocse

unread,

Dec 19, 2016, 9:57:03 AM12/19/16

to Vault

I am running Vault under Windows 7 with the following configs.

backend "file" {

path = "vault-poc-data"

}

listener "tcp" {

tls_disable = 1

}

After initialization and unsealing, I create the PKI backend named pki-test-01

I want to create a self-signed CA certificate for this backend so I POST to:

/pki-test-01/root/generate/internal

POST BODY:

{"common_name": "vault.poc.example.com"}

I get the error:

1 error occurred: * Unable to store certificate locally

There seems to be no restriction on file system, vault process successfully creates other files in "vault-poc-data".

What am I doing wrong?

Vishal Nayak

unread,

Dec 19, 2016, 10:50:28 AM12/19/16

to vault...@googlegroups.com

Hi Bogdan,

Nothing seems wrong to me. Is this reproducible every time? Which
version of Vault is this? Just so we don't miss anything, can you post
the list of commands you used?

The error log you are seeing was not appending the actual error to the
error message. I have added it to the master branch just now.

Regards,
Vishal

> --
> This mailing list is governed under the HashiCorp Community Guidelines -
> https://www.hashicorp.com/community-guidelines.html. Behavior in violation
> of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/vault/issues
> IRC: #vault-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups
> "Vault" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to vault-tool+...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/vault-tool/c52d1a9f-4cb5-4735-bcd3-a93ee9d191de%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

--
vn

Bogdan Bocse

unread,

Dec 19, 2016, 11:00:44 AM12/19/16

to Vault

The version:

Vault v0.6.3 ('27aff4397f6fe6cf741fbc967adf863347c0beaf+CHANGES')

I call the commands via the API:

PUT   /sys/init

PUT  /sys/unseal

POST  /sys/mounts/pki-test-01

POST /pki-test-01/root/generate/internal

The payload of the final post:

{"common_name":"vault.poc.example.com"}

Is the master branch built automatically in the downloadable binaries?

What steps do I need to take to built it?

Vishal Nayak

unread,

Dec 19, 2016, 1:13:43 PM12/19/16

to vault...@googlegroups.com

Hi Bogdan,

We were able to reproduce this issue and are working on it. We'll let
you know when we have an update.

Regards,
Vishal

> https://groups.google.com/d/msgid/vault-tool/f5784d48-086a-4b2b-b02a-59ca21f678ac%40googlegroups.com.

Bogdan Bocse

unread,

Dec 20, 2016, 3:14:43 AM12/20/16

to Vault

Thank you, Vishal.

Do you have a timeline estimate?

In the meanwhile, can you suggest a workaround?

Jeff Mitchell

unread,

Dec 20, 2016, 7:34:25 AM12/20/16

to vault...@googlegroups.com

Hi Bogdan,

The only workaround for this issue right now is to not run Vault on Windows.

Best,

Jeff

To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/1a7050a9-2400-432d-89d1-7c35fe5b0d28%40googlegroups.com.