How to pass multiple CA certificates to ssl_pem_contents ?

[hunter86bg]

I am trying to pass multiple CA certificates to ssl_pem_contents as I never know which CA will sign the vault's certificate. Yet, I receive:

FATAL: OpenSSL::PKey::RSAError: read_vault[Read secret at secret/my-app] (secret::create_secret line 38) had an error: OpenSSL::PKey::RSAError: Neither PUB key nor PRIV key: nested asn1 error

How can I make this one work?

require 'vault'
cert_content = ""
Dir.glob(['/etc/ssl/certs/*.crt','/etc/ssl/certs/*.pem','/etc/chef/trusted_certs/*']).each do |cert|
  cert_content += ::File.open(cert).read
end

Vault.configure do |config|
  config.ssl_pem_contents = cert_content
end

[hunter86bg]

So far my workaround (should work on RHEL/SLES) is:

require 'tempfile'
temp_cert_file = Tempfile.new('csv', '/etc/chef/')
Dir.glob(['/etc/ssl/certs/*.crt', '/etc/ssl/certs/*.pem', '/etc/chef/trusted_certs/*']).each do |ca_cert|
  IO.copy_stream(ca_cert, temp_cert_file)
end
ENV['SSL_CERT_FILE'] = temp_cert_file.path
require 'vault'

[jackivanov]

Vault.ssl_ca_cert = '/etc/ssl/certs/ca-certificates.crt'

ssl_ca_cert seems to be working fine with multiple certs

[hunter86bg]

@jackivanov,
in Chef you can have multiple files in a directory. Is there a way to point to a directory instead of a file ?

[jackivanov]

@hunter86bg yes, there's ssl_ca_path

vault-ruby/lib/vault/configurable.rb

Line 24 in 9ebb47e

:ssl_ca_path,