Vault cert login failed over nginx

Hi Team,

We have setup vault on nginx reverse proxy. while trying to login using the cert method I am facing the below error. Could you please help me on this.

sampath@IN01N02529:~/cert$ vault login -method=cert -client-cert=new.crt -client-key=new.key name=local
Error authenticating: Error making API request.

URL: PUT https://vault-test.internal.ladbrokescoral.com/v1/auth/cert/login
Code: 400. Errors:

  • client certificate must be supplied

Does it work via the API?
Does it work without the proxy in place?

I can’t recall if the CLI takes files with @ in front, ie
$ vault login -method=cert -client-cert=@new.crt -client-key=@new.key name=local

Hi Mike,

It was working fine as long as we are using it directly as soon as we moved it into reverse proxy it was failing.

Also when I see the service logs the TLS is enabled but only when I am trying to login with cert authentication it is failing.

Any suggestions on this mate…

Are you terminating TLS at Nginx, or passthru SSL/TLS into the Vault nodes?

Hi Mike,

Sorry for being late… Thanks for the suggestion mate.

Yes we observed it was nginx which is terminating the certs passthrugh… We have fixed it now.