Loading helm/vault-job/vault-intermediate-cert.yaml +16 −2 Original line number Diff line number Diff line Loading @@ -24,7 +24,7 @@ data: # to execute the next commands in vault # otherwise, if use the vault as dev's mode. Just # type the token's dev. export VAULT_TOKEN="hvs.uep34a8lgUyMd0YzaNHWv72O" export VAULT_TOKEN=read-vault cat > ca_intermediate.crt << EOF -----BEGIN CERTIFICATE----- Loading Loading @@ -79,6 +79,20 @@ data: # Import the existing intermediate CA certificate vault write pki_int/intermediate/set-signed certificate=@$CA_INTER_FILE_PATH # Create Vault role ISSUER=$(vault list pki_int/issuers |tail -n 1) vault write pki_int/root/replace default=$ISSUER vault write -format=json pki_int/intermediate/generate/internal \ common_name="capif Intermediate Authority" \ issuer_name="capif-intermediate" \ | jq -r '.data.csr' > pki_intermediate.csr vault write pki_int/roles/my-ca use_csr_common_name=false require_cn=false allowed_domains="*" allow_any_name=true allow_bare_domains=true allow_glob_domains=true allow_subdomains=true max_ttl=4300h ttl=4300h issuer_ref="$(vault read -field=default pki_int/config/issuers)" vault kv put pki_int/keys key=@$SERVER_KEY vault write -format=json pki_int/sign/my-ca format=pem_bundle ttl="43000h" csr=@$SERVER_CERT_FILE_PATH cat > cert_chain.crt << EOF $(cat "$SERVER_CERT_FILE_PATH") $(cat "$CA_INTER_FILE_PATH") Loading Loading
helm/vault-job/vault-intermediate-cert.yaml +16 −2 Original line number Diff line number Diff line Loading @@ -24,7 +24,7 @@ data: # to execute the next commands in vault # otherwise, if use the vault as dev's mode. Just # type the token's dev. export VAULT_TOKEN="hvs.uep34a8lgUyMd0YzaNHWv72O" export VAULT_TOKEN=read-vault cat > ca_intermediate.crt << EOF -----BEGIN CERTIFICATE----- Loading Loading @@ -79,6 +79,20 @@ data: # Import the existing intermediate CA certificate vault write pki_int/intermediate/set-signed certificate=@$CA_INTER_FILE_PATH # Create Vault role ISSUER=$(vault list pki_int/issuers |tail -n 1) vault write pki_int/root/replace default=$ISSUER vault write -format=json pki_int/intermediate/generate/internal \ common_name="capif Intermediate Authority" \ issuer_name="capif-intermediate" \ | jq -r '.data.csr' > pki_intermediate.csr vault write pki_int/roles/my-ca use_csr_common_name=false require_cn=false allowed_domains="*" allow_any_name=true allow_bare_domains=true allow_glob_domains=true allow_subdomains=true max_ttl=4300h ttl=4300h issuer_ref="$(vault read -field=default pki_int/config/issuers)" vault kv put pki_int/keys key=@$SERVER_KEY vault write -format=json pki_int/sign/my-ca format=pem_bundle ttl="43000h" csr=@$SERVER_CERT_FILE_PATH cat > cert_chain.crt << EOF $(cat "$SERVER_CERT_FILE_PATH") $(cat "$CA_INTER_FILE_PATH") Loading
