search

hashicorp / vault

A tool for secrets management, encryption as a service, and privileged access management
https://www.vaultproject.io/
Other
31.09k stars 4.2k forks source link

Build your own CA tutorial misleadingly sets issuer_name on intermediate #26134

Open forsberg opened 7 months ago

forsberg commented 7 months ago

In the Build Your own CA, the step Generate intermediate CA misleadingly adds an issuer_name parameter in this call:

vault write -format=json pki_int/intermediate/generate/internal \
     common_name="example.com Intermediate Authority" \
     issuer_name="example-dot-com-intermediate" \
     | jq -r '.data.csr' > pki_intermediate.csr

This has no effect, the issuer_name can only be set after import of the signed certificate, using the pki_int/issuer/<identifier> endpoint.

Somewhat related to https://github.com/hashicorp/vault/issues/22992

heatherezell commented 7 months ago

@schavis can you take a look please? :)

meersau commented 1 month ago

Can confirm. Should be updated in the documentation to have it clear. If you reference in the role to the issuer name no error occurs. But if you try to issue a certificate the name cannot found.