luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Update pki-engine docs (#6238) 

The user needs to set a decent TTL for the intermediate cert, otherwise all certs issued will be valid only for 30 minutes max.
This commit is contained in:
Martin Lee 2019-06-03 21:45:11 +01:00 committed by Yoko
parent b0701f528d
commit 07978c08d6
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
website/source/guides/secret-mgmt/pki-engine.html.md
View File

@ -320,7 +320,7 @@ generated certificate as `intermediate.cert.pem`:
```plaintext
$ vault write -format=json pki/root/sign-intermediate csr=@pki_intermediate.csr \
format=pem_bundle \
format=pem_bundle ttl="43800h" \
| jq -r '.data.certificate' > intermediate.cert.pem
```
@ -384,7 +384,8 @@ certificate as `intermediate.cert.pem`.
$ tee payload-int-cert.json <<EOF
{
"csr": "...",
"format": "pem_bundle"
"format": "pem_bundle",
"ttl": "43800h"
}
EOF
@ -431,8 +432,8 @@ hours`**.
1. Select **Configure**.
1. Click **Configure CA**.
1. Select **intermediate** from **CA Type** drop-down list.
1. Enter **`example.com Intermediate Authority`** in the **Common Name** field,
and then click **Save**.
1. Enter **`example.com Intermediate Authority`** in the **Common Name** field.
1. Enter **`43800`** in the **TTL** field, choose **`hours`** and then click **Save**.
1. Click **Copy CSR** and save it in a file, `pki_intermediate.csr`.
1. Select **pki** from the **Secrets** tab to return to the root CA.
1. Select **Configure** and then click **Sign intermediate**.