[Solved] Path for the self-signed TLS certificate generated by Vault installer

I’m trying to set up a Vault HA cluster for learning purposes (my company intends to adopt Vault, and I’m one of the guys in charge of understanding the thing), and this procedure mentions that “The installation package generates a self-signed TLS certificate”
I couldn’t find this certificate. I searched the directories returned by whereis vault and also ran find / -name '*.pem', without success.

Where is the said certificate located?

I’m running vault-1.11.1-1.x86_64 on Rocky Linux release 8.6 (Green Obsidian), installed with these instructions, replacing vault-enterprise with vault.
Ah, Rocky Linux is the “new CentOS”, grossly speaking.

Thanks a lot.

I don’t use these packages, so I’m not sure where it would be - but if it is being used by Vault, the path to the certificate files would have to be listed in the Vault configuration file - so you should be able to use that to find them.

1 Like

Thats it! My config file was overwritten by my Dockerfile, so I did a bare install and checked:

rpm -ql vault

cat /etc/vault.d/vault.hcl
listener "tcp" {
  address       = ""
  tls_cert_file = "/opt/vault/tls/tls.crt"
  tls_key_file  = "/opt/vault/tls/tls.key"
ls -l /opt/vault/tls/tls.*
-rw------- 1 vault vault 1850 Jul 28 15:02 /opt/vault/tls/tls.crt
-rw------- 1 vault vault 3272 Jul 28 15:02 /opt/vault/tls/tls.key

Thanks a lot!