Closed sfortuna closed 5 years ago
@sfortuna did you execute vault secrets enable
and, if so, did you specify -path=venafi-pki
when you did? https://www.vaultproject.io/docs/commands/secrets/enable.html
Yes, I was able to complete steps 1-10 in the quickstart guide. The error occurs when running this command in step 11: vault write venafi-pki/sign/tpp-backend csr=@myserver.csr
Hi @sfortuna on what platform you're running venafi-pki? Could you share vault logs?
RHEL
2019-07-26T12:50:11.028-0400 [TRACE] secrets.venafi-pki-backend.venafi-pki-backend_28bddf70.venafi-pki-backend: handle existence check: transport=gRPC path=sign/tpp-backend status=started 2019-07-26T12:50:11.029-0400 [TRACE] secrets.venafi-pki-backend.venafi-pki-backend_28bddf70.venafi-pki-backend: handle existence check: transport=gRPC path=sign/tpp-backend status=finished err="unsupported path" took=906.75µs 2019-07-26T12:50:11.029-0400 [TRACE] secrets.venafi-pki-backend.venafi-pki-backend_28bddf70.venafi-pki-backend: handle request: transport=gRPC path=sign/tpp-backend status=started 2019-07-26T12:50:11.030-0400 [TRACE] secrets.venafi-pki-backend.venafi-pki-backend_28bddf70.venafi-pki-backend: handle request: transport=gRPC path=sign/tpp-backend status=finished err="unsupported path" took=993.667µs
@sfortuna would you please send the full sequence of commands you executed for steps 1-10 and your vault config file to opensource@venafi.com so we can attempt to reproduce the issue in our lab? Please redact any sensitive information and also confirm that you are using Vault version 0.12 with version 0.5.1 of the vault-pki-backend-venafi plugin.
We are using vault v 1.1.1 and venafi 0.4.1
Here are the commands with personal information removed:
[ dn ] CN = test-csr-32313131.vfidev.com
[ req_ext ] subjectAltName = @alt_names
[ alt_names ] DNS.1 = alt1-test-csr-32313131.vfidev.com DNS.2 = alt2-test-csr-32313131.vfidev.com
EOF openssl req -new -config csr.conf -keyout myserver.key -out myserver.csr -passin pass:somepassword -passout pass:anotherpassword
Thank you @sfortuna We first added support for signing CSRs in version 0.4.2 of our plugin so that's most likely the source of your problem. Any version higher than the one you are using should work but we recommend the latest (0.5.1).
@tr1ck3r Thanks, we've updated to version 0.5.1 but are still experiencing the same issue. We are still able complete steps 1-10 in the guide but not 11
Hello this was an issue with our CA configuration. Thanks
Error writing data to venafi-pki/sign/tpp-backend: Error making API request.
Code: 404. Errors: