Vault pki role allow_subdomains=false


What is the usage of allow_subdomains=false
in role vault write pki/roles/cud allowed_domains=cud.local allow_subdomains=false

as I cannot generate certificate for a host in this domain

vault write pki/issue/cud
Error writing data to pki/issue/cud: Error making API request.

URL: PUT http://localhost:8200/v1/pki/issue/cud
Code: 400. Errors:

* common name not allowed by this role

That works with allow_subdomains=true but I would like prevent creation of

Any help appreciated,

You need to allow_bare_domains in that case.

vault write pki_int/roles/cud \ \
    allow_subdomains=false \
    allow_bare_domains=true max_ttl=72h
1 Like

Thanks! I finally used allow_bare_domains and one role for each issue I need.

1 Like