Moving pki engine to another vault cluster

we need some help regarding pki migration. we have 2 different valult clusters (data is different).
we want to switch off one of the 2 vault cluster

we are currently using vault for pki certs for 2way ssl connection in an application.

  1. is there a way to move the configuration of pki engine so that existing generated certificates are not affected with the change
  2. Is there a way migrate existing pki engine to 2nd vault cluster without any data corruption

could you please help us in this regards …

I just went through this, and I had a lot of issues. Just last night someone (I think from Hashicorp) posted a full a set of steps on how to do it. Unfortunately, it was too late for me, I had to rebuild the engine and reissue the certs.

Try these out and let us know if worked.

i am still facing issue while trying to upload root certificate

$ curl \

--header "X-Vault-Token: $VAULT_TOKEN" \
--request POST \
--data "@payload.json" \
"$VAULT_ADDR"/app_dev_onprem/config/ca

{“errors”:[“private key not found in the PEM bundle”]}

dont know what i have missed

payload must contain both the key and the cert.