Hi, I would like set up Vault to generate TLS certificates for Consul Service Mesh (for sidecar-to-sidecar encryption). All generated certificates must be signed by our 3rd party intermediate certificate.
Is this set up possible ? Any tutorial documentation ? Thank you.
Hi,
You can setup with Consul Connect with Vault: https://www.consul.io/docs/connect/ca/vault
In Vault, you can use an intermediate CA that is signed by a third party:
Hope this helps…
Hi Jeroen, thank you for answering my question. I have a follow up question (this is more of a Consul question but I am hoping you can help):
When setting up Vault with Consul Service Mesh, there are two parameters I have to set on the Consul side: RootPKIPath and IntermediatePKIPath.
From the description of these parameters, it seems like Consul needs a CA Root cert and its private key to create intermediate certs.
Since my Intermediate Cert will be signed by a 3rd party Root CA, and I don’t have their private key, I am not clear how Consul will create Intermediate Certs.
What should I set RootPKIPath to if I have 3rd party signed Intermediate Cert. ?