Use vault were pki management is very convenient, previous tests were conducted certificates issued by the root certificate, this time using the middle ca be issued
so there will be even a certificate
Use docker-compose test run
Preparing the Environment
- docker-compose documents
version: "3"
services:
vault:
image: vault
environment:
- "VAULT_DEV_ROOT_TOKEN_ID=myroot"
ports:
- "8200:8200"
Start vault environment
- start up
docker-compose up -d
- Visit
http: // localhost: 8200 using tokenidmyroot
Generating an intermediate ca
- Add pki secret engine
- Configuring root ca
effect
- Configuring crl && issue api address
- Add middle ca secret
Ca is a separate intermediate pki secret, but is associated with the root ca configure
- Generating an intermediate ca
Similarly also need to configure crl and issus of api address
Generated certificate request file, you need to be signed root ca
- Ca intermediate signature (using root ca)
- Ca ca intermediate configuration intermediate signature
- View certificate even
be downloaded directly generated top
- Ca create intermediate role for certificate issuance
- A certificate request generating
effect
Explanation
以上生成的root ca 需要添加到系统可信根证书中,不然还是会有提示不可信,以上只是一个简单的试用,实际上vault 的功能还是
很强大的。
参考资料
https://www.vaultproject.io/docs/secrets/pki/index.html
https://github.com/rongfengliang/vault-pki-docker-compose