I have created a PKI secrets engine which has a valid intermediate CA. I also have two SSH secret engines, one for clients and one for hosts. Now I want to create two certificates with the PKI engine for the SSH engines. Unfortunately I’m having trouble determining what the PKI roles should look like. I currently have this:
{
"allow_localhost": false,
"client_flag": false,
"key_usage": [
"DigitalSignature",
"KeyAgreement"
],
"max_ttl": "43800h",
"server_flag": true,
"ttl": "8760h"
}
Is there any documentation anywhere that explains how to create a certificate for the SSH engine and which settings must be applied to the certificate?