Hi,
i’m running Vault 1.9 on my k8s cluster with PKI secrets engine and what i am trying to do is create client certificate with Extended Key Usage specified as ClientAuth.
Here is a command i am running:
vault write -tls-skip-verify pki-test/issue/role-pki-test common_name=sample-common-name ttl=43632h ext_key_usage=["ClientAuth"] ext_key_usage_oids="1.3.6.1.5.5.7.3.2"
I also tried more combination without OIDs and changes lists to strings etc. and none of the combinations works for me, when trying to do it with bare openssl i would simply run
echo extendedKeyUsage = clientAuth > extfile.cnf
openssl x509 -req -days 3650 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out client-cert.pem -extfile extfile.cnf
In Vault it is not that convenient, was there any bug that got fixed in newer minor version or do i run the command incorrectly?
