I’m new to Vault and trying to understand full workflow for securing server with https.
As per my understanding Vault PKI provide two functionalities
- Generate Root and Intermediate certificate by vault it self , then generate ssl certificate to use for web server
- Generate SSL certificate based on imported root certificate.
For first case, are there any production usage ? My website will be access by public and giving certificate which has root certificate as Vault seems to be problem since those outside browsers won’t recognized Vault as valid CA.
For second case i’m not much confident about the workflow. Normally without vault, what we do is, we get the certificates from CA and install them in our server. With vault are we supposed to store all the certificates in vault and use vault api to read relevant certificates configure with web server ? How is the certificate renew happens ? Is there a full tutorial for second use case ?