d39ffc9e25
Specifying the `allowed_organiztaional_units` parameter to a cert auth
backend role will require client certificates to contain at least one of
a list of one or more "organizational units" (OU).
Example use cases:
Certificates are issued to entities in an organization arrangement by
organizational unit (OU). The OU may be a department, team, or any other logical
grouping of resources with similar roles. The entities within the OU
should be granted the same policies.
```
$ vault write auth/cert/certs/ou-engineering \
certificate=@ca.pem \
policies=engineering \
allowed_organiztaional_units=engineering
$ vault write auth/cert/certs/ou-engineering \
certificate=@ca.pem \
policies=engineering \
allowed_organiztaional_units=engineering,support
```
|
||
|---|---|---|
| .. | ||
| keys | ||
| root | ||
| cacert.pem | ||
| cacert2crl | ||
| cakey.pem | ||
| generate.txt | ||
| issuedcertcrl | ||
| noclientauthcert.pem | ||
| testcacert1.pem | ||
| testcacert2.pem | ||
| testcakey1.pem | ||
| testcakey2.pem | ||
| testissuedcert4.pem | ||
| testissuedkey4.pem | ||