Consul UI TLS trust root CA from client browser

Currently have a TLS setup with the recommended local, private CA. And using Vault to manage a Intermediate CA signed by this root CA. Consul is then issued a certificate and key from the Vault intermediate CA.
However when accessing the UI on the browser, the certificate is untrusted, even with the root CA trusted.
I think this is to do with consul not sending the intermediate CA during the SSL handshake?

Hi @Penacillin,

This sounds related to ca: Support using an external CA as the Trusted CA · Issue #11598 · hashicorp/consul · GitHub which is currently being worked on.

I recommend upvoting the issue to indicate your interest and subscribing to it so that you can receive updates on its progress. Feel free to leave comment on the issue with additional information on your use case or requirements if you do not feel they are fully reflected in the issue description.

1 Like