Problem adding custom root cert and key for Consul Connect

Hi, I am trying to update the root cert and key. I have consul working in a kubernetes cluster.

I have the ca_config file as following:

  "Provider": "consul",
  "Config": {
    "LeafCertTTL": "72h",
    "PrivateKey": "-----BEGIN RSA PRIVATE KEY-----...",
    "RootCert": "-----BEGIN CERTIFICATE-----...",
    "IntermediateCertTTL": "8760h"
  "ForceWithoutCrossSigning": false

When I run the following command the CA is not getting updated.

kubectl exec -it consul-server-1 -- curl PUT --data @ca_config.json

I get the following error:

Warning: Couldn't read data from file "ca_config.json", this makes an empty
Warning: POST.
Bad request: Request decode failed: EOF

Hi @zara.butt,

curl is attempting to read /ca_config.json from within the Consul server pod. Based on the error you’re receiving, this file does not exist. I assume that the file actually exists locally on your machine, in which case you have two options to resolve this.

  1. Copy the file to the pod before running the curl command.
    $ kubectl cp ca_config.json consul-server-1:/home/consul/ca_config.json
    $ kubectl exec -it consul-server-1 -- curl --request PUT --data @/home/consul/ca_config.json --url $CONSUL_HTTP_ADDR/v1/connect/ca/configuration
  2. Use kubectl port-forward to expose port 8500 locally, and then execute the curl command directly from your machine.
    $ kubectl port-forward hashicorp-consul-server-1 8500
    Forwarding from -> 8500
    Forwarding from [::1]:8500 -> 8500
    In another terminal, execute the curl command.
    $ curl --request PUT --data @ca_config.json --url http://localhost:8500/v1/connect/ca/configuration

Thank you :slight_smile:
Can you also provide some information about this issue: Cannot access Consul Ingress Gateway Debug Logs. I am unable to access http logs of consul ingress gateway while federating it with another service mesh.