Hello,
I’m trying to following the documentation of creating a CA chain with an offline CA, but I don’t seem to understand what is actually happening when I’m supposed to create the first intermediate CA.
resource "vault_mount" "test_org_v1_ica1_v1" {
path = "test-org/v1/ica1/v1"
type = "pki"
description = "PKI engine hosting intermediate CA1 v1 for test org"
default_lease_ttl_seconds = local.default_1hr_in_sec
max_lease_ttl_seconds = local.default_3y_in_sec
}
resource "vault_pki_secret_backend_intermediate_cert_request" "test_org_v1_ica1_v1" {
depends_on = [vault_mount.test_org_v1_ica1_v1]
backend = vault_mount.test_org_v1_ica1_v1.path
type = "internal"
common_name = "Intermediate CA1 v1 "
key_type = "rsa"
key_bits = "2048"
ou = "test org"
organization = "test"
country = "US"
locality = "Bethesda"
province = "MD"
}
And namely, where exactly in vault can see the information that I’m feeding here through vault_pki_secret_backend_intermediate_cert_request? common_name, ou, organization and such?
There’s no certificate in the path:
root@vault-0:~# vault list test-org/v1/ica1/v1/certs
No value found at test-org/v1/ica1/v1/certs
Which I guess makes sense, because this is just a certificate request. So how do where the added information has been created?