Flummoxed by Installation TLS Certificates

john.pagano · January 7, 2022, 8:24pm

Hi,

I’m installing and configuring Vault using Consul storage. In the Prepare TLS Certificates section of the deployment guide, it says:

You must have three files to configure TLS for Vault: … /opt/vault/tls/vault-[key|cert|ca].pem

And yet, those files don’t exist upon installation. Instead, you get two files in that directory: tls.crt and tls.key. Those work to get things up and running, but there’s no CA signing file to use with them.

What is the recommended way forward? Can I use the consul keygen facility and rename the files? I could be missing something in the docs, but it’s unclear what to do.

Thanks.

aram · January 8, 2022, 1:14pm

cert = server certificate for your machine – 1/2 of which you’re thinking of
key = server key cert for your machine – 2/2 of which you’re thinking of

CA == if you’re self-signing or using a cert from a CA that isn’t in the default list you have to provide this, so that the connection can be trusted.

Topic		Replies	Views
Vault config with tls-enabled Consul as a storage backend Consul	0	317	July 17, 2020
Noob question: bootstrapping Vault. How to provide TLS certificates needed by storage backend Vault vault	3	1531	April 6, 2021
Issues with TLS configuration for Vault Vault	4	3137	August 21, 2023
End to end tls for Vault Vault	5	5607	January 17, 2020
Vault Presenting Wrong TLS Cert Vault vault	2	17	January 2, 2025

Flummoxed by Installation TLS Certificates

Related topics