Hi! I’m following the Build your own CA tutorial, and would like to issue an intermediate from the cross-signed intermediate created in step 9. However I get an error when trying to do so:
vault write -format=json pki_int/issuer/xc-example-dot-com-intermediate/sign-intermediate \
csr=@pki_intermediate_two.csr \
format=pem_bundle ttl="43800h" \
| jq -r '.data.certificate' > intermediate_two.cert.pem
Error writing data to pki_int/issuer/xc-example-dot-com-intermediate/sign-intermediate: Error making API request.
URL: PUT http://127.0.0.1:8200/v1/pki_int/issuer/xc-example-dot-com-intermediate/sign-intermediate
Code: 500. Errors:
* 1 error occurred:
* verification of parsed bundle failed: certificate 2 of certificate chain ca trust path is incorrect ("example.com Intermediate Authority"/"example.com Intermediate Authority") (7FF8A6666B32CCD3E87669EC99D60104943D8B6D/B2C40D49346490E05B2044C8B1CD88B5B76A1168)
I’ve created a bug on the Vault bug tracker as it looks like it might be a bug to me where verification of multiple trust paths is not supported. But I was wondering if anyone has done this before, or if I’m doing something wrong?
Thanks