Is there more explanation about the PKI Intermediate Cert generation and signing?
I have a root CA outside of Vault that I will be using to sign an Intermediate certificate. I will then inject the signed intermediate certificate into my PKI setup. I’m having trouble understanding the certificate generation process.
Is there a “best-practice” method of generating an intermediate certificate that can be signed, and imported into any vault server or do I have to generate a new intermediate for each vault server in my environment.
For example, if I generate an intermediate certificate on vault_server_01, and then sign that certificate with my Root CA, will I be able to import the signed intermediate certificate into vault_server_02?
The essence of my query is to find out if we can have a set of signed intermediate certificates that we can just upload into a PKI setup, without generating a new certificate each time.