33a9218115
* Include full chain in /cert/ca_chain response This allows callers to get the full chain (including issuing certificates) from a call to /cert/ca_chain. Previously, most endpoints (including during issuance) do not include the root authority, requiring an explicit call to /cert/ca to fetch. This allows full chains to be constructed without without needing multiple calls to the API. Resolves: #13489 Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add test case for full CA issuance We test three main scenarios: 1. A root-only CA's `/cert/ca_chain`'s `.data.ca_chain` field should contain only the root, 2. An intermediate CA (with root provide) should contain both the root and the intermediate. 3. An external (e.g., `/config/ca`-provided) CA with both root and intermediate should contain both certs. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add documentation for new ca_chain field Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add changelog entry Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add note about where to find the entire chain Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
4 lines
121 B
Plaintext
4 lines
121 B
Plaintext
```release-note:improvement
|
|
secrets/pki: Return complete chain (in `ca_chain` field) on calls to `pki/cert/ca_chain`
|
|
```
|