I have problems getting a proof of concept up and running.
My client is a Spring Vault with the same certificate in the key-store as the server is konfigured with (this is at least my intention) When I try to connect client to server I get a TLS handshake error. So I need some guidance.
Her is the output from the console after starting the server:
C:\vault>vault server -config=config.hcl
WARNING! mlock is not supported on this system! An mlockall(2)-like syscall to
prevent memory from being swapped to disk is not supported on this system. For
better security, only run Vault on systems where this call is supported. If
you are running Vault in a Docker container, provide the IPC_LOCK cap to the
container.
==> Vault server configuration:
Api Address: https://127.0.0.1:8200
Cgo: disabled
Cluster Address: https://127.0.0.1:8201
Go Version: go1.19.3
Listener 1: tcp (addr: “127.0.0.1:8200”, cluster address: “127.0.0.1:8201”, max_request_duration: “1m30s”, max_request_size: “33554432”, tls: “enabled”)
Log Level: info
Mlock: supported: false, enabled: false
Recovery Mode: false
Storage: file
Version: Vault v1.12.2, built 2022-11-23T12:53:46Z
Version Sha: 415e1fe3118eebd5df6cb60d13defdc01aa17b03
==> Vault server started! Log data will stream in below:
2023-01-16T10:55:37.942+0100 [INFO] proxy environment: http_proxy=“” https_proxy=“” no_proxy=“”
2023-01-16T10:55:37.944+0100 [INFO] core: Initializing version history cache for core
2023-01-16T10:56:32.774+0100 [INFO] http: TLS handshake error from 127.0.0.1:51746: remote error: tls: unknown certificate
2023-01-16T10:56:32.791+0100 [INFO] http: TLS handshake error from 127.0.0.1:51747: remote error: tls: unknown certificate
Here is my hcl:
storage “file” {
path = “./vault-data”
}
listener “tcp” {
address = “127.0.0.1:8200”
tls_key_file = “C:/vault/cert2/vault-ssl.key”
tls_cert_file = “C:/vault/cert2/vault-ssl.crt”
}
api_addr = “https://127.0.0.1:8200”
My client says when reading secret:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target