Using Vault PKI to manage signer CAs


I may have a bit different requirement, as I do not need actual Certificates, but I need an intermediate CA to create signer CAs and manage those, from which the actual certificates will be created.

Somehow I am not sure if this is a valid use-case with vault as it seems to only be able to create end-certificates, not further CA or am I reading something wrong?


Vault can certainly sign CSRs for intermediate CAs:


awesome, thanks for helping! :slight_smile: I was a bit wondering as it was mentioning so hard to keep things simple, but that makes sense no :slight_smile: