basicConstraints with CA set to TRUE does not set CA to True

gleansecret · June 17, 2021, 4:30am

Hello There, I followed the instructions here.

generating intermediate - used these params key_type=ec key_bits=256 add_basic_constraints=true
defining role - used these params key_type=ec key_bits=256 key_usage=CertSign

Requested certificate (step #4), inspected the certificate and found out that CA is not set:

X509v3 extensions:
X509v3 Key Usage: critical
Certificate Sign
X509v3 Extended Key Usage:
Server Authentication, Client Authentication
X509v3 Subject Key Identifier:
E2:49:C9:DE:6E:C1:B1:F4:7A:08:5E:A3:33:DD:FD:64:8D:BC:5D:CE
X509v3 Authority Key Identifier:
keyid:C7:CF:67:D3:3C:10:5E:A2:4C:31:AD:D1:C4:FE:66:A2:E9:12:55:A7
X509v3 Subject Alternative Name:
DNS:test.example.com

Despite passing add_basic_constraints=true, CA is not set. What am I missing here? Any help is much appreciated.

Topic		Replies	Views
Vault PKI issue Sub.Internediate/Issuer CA certificate Vault	1	1248	September 18, 2020
Basic vault PKI use case not working Vault vault	5	932	February 18, 2023
Configure PKI role to mark specified extensions as critical? Vault	1	410	October 13, 2021
Signing a signing request? Vault	2	567	May 26, 2021
Unable to build CA Chain Vault vault	0	443	April 13, 2021

basicConstraints with CA set to TRUE does not set CA to True

Related topics