Vault Presenting Wrong TLS Cert

nothyng · January 1, 2025, 5:58pm

Hello,

New to vault here. I’m trying to utilize an internal ADCS services to import a signed cert into the vault. I was able to generate a CSR with the correct SAN etc, sign it with my CA and import it back along with the intermediate to the Vault.

I have my vault-server.hcl listeners pointing to the new cert and priv key. For some reason though, the vault opts to use the self signed tls.crt and key. I’ve reloaded the vault service but I can’t seem to get it to utilize this new cert. Any thoughts?

jonathanfrappier · January 2, 2025, 1:07am

Can you please share your Vault config, deidentified/obfuscated from any confidential info please?

nothyng · January 2, 2025, 1:41pm

Sure @jonathanfrappier.

api_add = “https://X.X.X.X”
cluster_addr = “https://X.X.X.X”
cluster_name = “X”
disable_mlock = true
ui = true

listenter “tcp” {
address = “X.X.X.X”
tls_cert_file = “/path/to/file/Cert.cer”
tls_key_file = “/path/to/file/key.pem”
tls_client_ca_file = “/path/to/file/CA.cer”
tls_disable_client_certs = “true”
}

backend “raft” {
path = “X”
node_id = “X”
}

Topic		Replies	Views
Creating the "ca.crt", "tls.crt" and "tls.key" with an Internal ADCS Vault	4	1029	November 17, 2020
Issues with TLS configuration for Vault Vault	4	3065	August 21, 2023
Vault cluster with CA signed TLS and raft Vault k8s , vault	3	928	March 31, 2022
Vault Intermediate CA - problem getting CSR signed by ADCS(certreq) Vault	0	306	July 26, 2021
Docker TLS issue Vault	3	2814	May 16, 2020

Vault Presenting Wrong TLS Cert

Related topics