Hi,
I’m trying to issue a certificate to my local vcenter server for testing. When I add the certs, the system is producing an error:
Error occurred while fetching tls: Exception found (the trustAnchors parameter must be non-empty)
According to my research, this could be any number of missing information but most likely is that the keystoreType is not set in the CA.
Any help would be appreciated.
Here are the steps I followed:
vault secrets enable pki
vault secrets tune -max-lease-ttl=86400h pki
vault write -field=certficate pki/root/generate/internal common_name="example.com" ttl=86400h > CA_cert.crt
vault write pki/config/urls \
issuing_certificates="http://vault.example.com:8200/v1/pki/ca" \
crl_distribution_points="http://vault.example.com:8200/v1/pki/crl"
vault secrets enable -path=pki_int pki
vault write -format=json pki_int/intermediate/generate/internal \
common_name="example.com Intermediate Authority" \
| jq -r '.data.csr' > pki_intermediate.csr
vault write -format=json pki/root/sign-intermediate csr=@pki_intermediate.csr \
format=pem_bundle ttl="43800h" \
| jq -r '.data.certificate' > intermediate.cert.pem
vault write pki_int/intermediate/set-signed certificate=@intermediate.cert.pem
vault write pki_int/roles/example-dot-com \
allow_any_name=true \
allowed_domains="example.com" \
allow_subdomains=true \
max_ttl="720h"
vault write pki_int/issue/example-dot-com common_name="vcenter.example.com" ttl="2h"
VCenter asks for 3 items:
Machine SSL Certificate = Vault - certificate
Chain of trusted root Certificates = Vault - issuing_ca + ca_chain
Private Key = Vault - private_key