Bummer, I get an error back.
According to https://learn.hashicorp.com/tutorials/vault/pki-engine?in=vault/secrets-management I generated a Root CA and an Intermediate CA (Step 1-4 and Step 1-5).
Now I should have an example.com CA and it’s intermediate.
It is possible to list it:
[root@vault ~]# curl --header "X-Vault-Token: s.****************" --request LIST --cacert /opt/vault/tls/vault_ca.pem https://vault.org:8200/v1/pki_int/certs | jq
{
"request_id": "a49b5e20-84ee-d84f-bd49-ee71e0a783b1",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"keys": [
"55-04-3a-61-dd-9a-96-b5-57-48-44-86-39-84-5a-cf-01-b5-a7-1a",
"5f-d5-b4-8d-a8-2e-cd-b3-e7-e7-24-b7-7b-5e-61-52-8c-b6-c0-1e"
]
},
"wrap_info": null,
"warnings": null,
"auth": null
}
But when I try to read is it is something different:
[root@vault ~]# curl --header “X-Vault-Token: s.*******” --request GET --cacert /opt/vault/tls/vault_ca.pem https://vault.org:8200/v1/pki_int/cert/5f-d5-b4-8d-a8-2e-cd-b3-e7-e7-24-b7-7b-5e-61-52-8c-b6-c0-1e | jq .data.certificate | openssl x509 -text -noout
unable to load certificate
139621279737744:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:707:Expecting: TRUSTED CERTIFICATE
I am sure to signed the request. I am in a lost.