After I enabled “tls_require_and_verify_client_cert” at listener config, now the “vault status xxx” always shows me error:
Error checking seal status: Get https://127.0.0.1:8200/v1/sys/seal-status: remote error: tls: bad certificate
I am using various combination for command, such as:
vault status -ca-cert=/tmp/CA_of_server -client-cert=/tmp/cert.pem -client-key=/tmp/key.pem
where /tmp/CA_of_server is the CA of server, client-cert and client-key is the vault status command uses. Any suggestion for what is my problem and how to debug?