Vault https Cert

Currently using vault latest version 1.11. We have a https address for it but the cert is going to expire.
I cant find where to locate the current cert on the machine or how to replace it with a new cert for a different CA .

Find the running process with ‘-c ’ That file will tell you where the SSL cert is located for each listener block.

1 Like

thanks! any insight how I would replace the cert with a new one from a different CA

Just replace the cert and key files with a PEM format from that CA. Restart Vault. That’s it.

If you’re using a self-signed or a non-common CA you may need to import that CA’s root into your client system and trust it otherwise you’ll get a popup saying that your browser can’t verify the cert.

sorry for keeping this going. but is there commands to do this or a specific directory to do this in. im running in linux.

No there is no single command that I can give you that’ll do it. Each system and distribution have their own defaults and each installer is free to install wherever they want and is their standard. You have to have some knowledge and ability in the setup of the environment to do this, it isn’t a basic change.

1 Like