Hi,
I have a query in my mind.
Suppose I am using pkiCert template for fetching certificate using vault agent . Currently, the certs are in this format
Id.crt → ID certificate
Ca.crt → CA certificate
private.key. → Private key
bundle.pem. → Bundle of above certificates
This is how the template looks like
{{ with pkiCert “endpoint” “common_name=$HOSTNAME” “ttl=7776000” “format=pem” $altnames }}
{{ .Cert }}
{{ .CA }}
{{ .Key }}
{{ .Cert writeToFile “Id.crt” “root” “root” “0670” }}
{{ .CA writeToFile “CA.crt” “root” “root” “0670” }}
{{ .Key writeToFile “private.key” “root” “root” “0670” }}
{{ end }}
My question is, if the CA certificate at vault server expires or gets rotated, will the vault agent know that the Certificate of CA has expired and try to fetch the new CA and Id certificate ? I searched the documentation but could not find any answer. Any response is highly appreciated.
Thanks