Hello,
I’m running Vault 1.12 in dev mode on Amazon EC2 instance. I have configured the realm and client for vault in Keycloak with valid callback urls. Enabled OIDC in Vault UI and configured OIDC with valid OIDC discovery URL, OIDC client ID ,and OIDC client secret.
In the Vault CLI I’ve run these commands:
vault write auth/oidc/config
oidc_discovery_url=“<My_Discovery_URL>”
oidc_client_id=“<My_OIDC_Client_ID>”
oidc_client_secret=“<My_OIDC_Client_Secret>”
oidc_discovery_ca_pem=“”
I get this error:
- error checking oidc discovery URL: error creating provider with given values: Get https://<My_Keycloak_URL>: x509: certificate signed by unknown authority"
For oidc_discovery_ca_pem, do I paste the contents of the pem file in quotes, or am I supposed to point to where the file is located on the Vault server. If pointing to the pem file itself, what does that syntax look like or is there an expected default location?