vault ca be using an intermediate certificate management

Use vault were pki management is very convenient, previous tests were conducted certificates issued by the root certificate, this time using the middle ca be issued
so there will be even a certificate

Use docker-compose test run

Preparing the Environment

• docker-compose documents

 

version: "3"

services:

  vault:

    image: vault

    environment: 

    - "VAULT_DEV_ROOT_TOKEN_ID=myroot"

    ports: 

    - "8200:8200"

 

Start vault environment

• start up

docker-compose up -d

• Visit
  http: // localhost: 8200 using tokenidmyroot
  

   

Generating an intermediate ca

• Add pki secret engine
  

   

• Configuring root ca
  

   

  
  effect
  

   

• Configuring crl && issue api address
  

   

• Add middle ca secret

  Ca is a separate intermediate pki secret, but is associated with the root ca configure

 

• Generating an intermediate ca
  

   

  
  Similarly also need to configure crl and issus of api address

Generated certificate request file, you need to be signed root ca

 

• Ca intermediate signature (using root ca)
  

   

  
  

   

• Ca ca intermediate configuration intermediate signature
  

   

  
  

   

• View certificate even
  be downloaded directly generated top
  

   

• Ca create intermediate role for certificate issuance
  

   

• A certificate request generating
  

   

  
  effect
  

   

Explanation

以上生成的root ca 需要添加到系统可信根证书中，不然还是会有提示不可信，以上只是一个简单的试用，实际上vault 的功能还是
很强大的。

参考资料

https://www.vaultproject.io/docs/secrets/pki/index.html
https://github.com/rongfengliang/vault-pki-docker-compose