11 lines
763 B
Plaintext
11 lines
763 B
Plaintext
|
## PKI Certificate Generation Forwarding Regression
|
||
|
|
||
|
A bug introduced in Vault 1.8 causes certificate generation requests to the PKI secrets engine made on a performance
|
||
|
secondary node to be forwarded to the cluster's primary node. The resulting certificates are stored on the primary node,
|
||
|
and thus visible to list and read certificate requests only on the primary node rather than the secondary node as
|
||
|
intended. Furthermore, if a certificate is subsequently revoked on a performance secondary node, the secondary's
|
||
|
certificate revocation list is updated, rather than the primary's where the certificate is stored. This bug is fixed
|
||
|
in Vault 1.8.8 and 1.9.3.
|
||
|
Certificates issued after the fix are correctly stored locally to the performance secondary.
|
||
|
|