I am setting up a new production Vault cluster in Azure using VMs. The setup consists of a 5 node consul cluster for the storage backend and a 3 node Vault cluster.
In terms of TLS, I have set up self signed certificates for the Vault nodes and configured them to use HTTPS.
To have end to end tls, do I need to configure consul to use tls and distribute certificates to the consul clients on the Vault server?
What’s the best practice here and does anyone have any guides I can follow? I followed the consul guide for enabling RPC encryption but it messes up Vault as consul complains that the cert is signed by an unknown authority. Its making me wonder if I need to do this to have full end to end tls