I use ubuntu 22.04 for server, and install Vault with zip file on this server, and I want setup production mode, so I make crt file by this command
openssl req -out tls.crt -new -keyout tls.key -newkey rsa:4096 -nodes -sha256 -x509 -subj "/O=HashiCorp/CN=Vault" -addext "subjectAltName =IP:127.0.0.1,IP:192.168.90.76,DNS:vault.bank-id.local" -days 3650
and this my config.hcl
ui = true
mlock = true
disable_mlock = true
storage "file" {
path = "/home/mostafa/vault/data"
}
HTTP listener
listener "tcp" {
address = "127.0.0.1:8202"
tls_disable = "false"
}
HTTPS listener
listener "tcp" {
address = "0.0.0.0:8200"
tls_disable = "false"
tls_cert_file = "/home/mostafa/vault/tls/tls.crt"
tls_key_file = "/home/mostafa/vault/tls/tls.key"
}
cluster_addr="http://127.0.0.1:8201"
api_addr="http://127.0.0.1:8200"
but when I run this command
sudo vault status
I see this error
Error checking seal status: Get "https://127.0.0.1:8200/v1/sys/seal-status": x509: certificate signed by unknown authority
where I make mistake?