Hi Jeroen, thank you for answering my question. I have a follow up question (this is more of a Consul question but I am hoping you can help):
When setting up Vault with Consul Service Mesh, there are two parameters I have to set on the Consul side: RootPKIPath and IntermediatePKIPath.
From the description of these parameters, it seems like Consul needs a CA Root cert and its private key to create intermediate certs.
Since my Intermediate Cert will be signed by a 3rd party Root CA, and I don’t have their private key, I am not clear how Consul will create Intermediate Certs.
What should I set RootPKIPath to if I have 3rd party signed Intermediate Cert. ?