Issuing CA not included in bundle #2102
Comments
|
The documentation corresponds to the latest released version. This behavior is different in 0.6.2 and should be what you want. |
|
@jefferai Sorry, my bad, there was a typo in the description, corrected it. 0.6.2 does not include issuing CA in |
|
Looks like it's related to #1694 (comment) |
chrishoffman
added a commit
to chrishoffman/vault
that referenced
this issue
Nov 24, 2016
* upstream/master: Add version sha to server startup output Change current version number changelog++ Don't say mlock is supported on OSX when it isn't. (hashicorp#2120) Change command examples for First Secrets hashicorp#2116 (hashicorp#2117) changelog++ cli: fix bug with 'vault read -field=...' when the field value contains a printf formatting verb (hashicorp#2109) Update docs to fix hashicorp#2102 Updating changelog http: increase request limit from 8MB to 32MB http: limit maximum request size Update libraries doc for Haskell community library (hashicorp#2101) Don't exclude 0 from the set of valid polynomials in Shamir. This leads to a potential (although extremely trivial) amount of information leakage. Bump proto files after update changelog++ check for failure on that mysql query (hashicorp#2105) Bump deps Document bug causing certain LDAP settings to be forgotten on upgrade to 0.6.1+. Set number of pester retries to zero by default and make seal command… (hashicorp#2093)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm using
/pki/issueendpoint to generate private key and certificate, withformatparameter set topem_bundle. Thecertificatefield contains only the generated credentials if vault version 0.6.2 is used. Vault 0.6.1 includes also issuing CA certificate, as the documentation states.Steps to reproduce:
The response from last command
{ "request_id": "8aa8ed04-9b27-931c-c0d7-458bcf5f3f87", "lease_id": "pkis/test/issue/server/ffa5853b-74dc-b85c-2b67-06fa235a0421", "renewable": false, "lease_duration": 2764799, "data": { "certificate": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIPsIu+t3cyX0Tg7HfIjsQdRmidoKW1jBD4C3poilcmAeoAoGCCqGSM49\nAwEHoUQDQgAE+7pvZMBZkd4D0fyDxmanb5AppjHQ9/4dKNwUayYE5FcLKHyWKuQC\nhIPNnJom6pAZKYBnioCy7KXp292QYumaLw==\n-----END EC PRIVATE KEY-----\n-----BEGIN CERTIFICATE-----\nMIIB8zCCAZigAwIBAgIUBwUz3LAVL8kda+mVhNO4RbT594IwCgYIKoZIzj0EAwIw\nDzENMAsGA1UEAxMEdGVzdDAeFw0xNjExMTYxNDM0NTVaFw0xNjEyMTgxNDM1MjVa\nMCAxHjAcBgNVBAMTFXRlc3QuZGV2Lm15ZG9tYWluLmNvbTBZMBMGByqGSM49AgEG\nCCqGSM49AwEHA0IABPu6b2TAWZHeA9H8g8Zmp2+QKaYx0Pf+HSjcFGsmBORXCyh8\nlirkAoSDzZyaJuqQGSmAZ4qAsuyl6dvdkGLpmi+jgcAwgb0wDgYDVR0PAQH/BAQD\nAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBQzmvaiNpSVpfMqIdLu\njO40ci08ezAfBgNVHSMEGDAWgBQlFBoqeriE/DyebhweYekoGyaEHTBWBgNVHREE\nTzBNghV0ZXN0LmRldi5teWRvbWFpbi5jb22CGXR3by50ZXN0LmRldi5teWRvbWFp\nbi5jb22CGW9uZS50ZXN0LmRldi5teWRvbWFpbi5jb20wCgYIKoZIzj0EAwIDSQAw\nRgIhAL2N1cgCUEIZFRa6S5Dv29vVXaPHVkC6oSoChOVLaiZmAiEAnmdG0bMazfrO\n/dQX2shbBUbEe8yHimZ7vdlSrvtweTw=\n-----END CERTIFICATE-----", "issuing_ca": "-----BEGIN CERTIFICATE-----\nMIIBczCCARmgAwIBAgIUcbadN6woc9JzVH6970bZHw3PGwswCgYIKoZIzj0EAwIw\nDzENMAsGA1UEAxMEdGVzdDAeFw0xNjExMTYxNDMwMTRaFw0yNjExMTQxNDMwNDRa\nMA8xDTALBgNVBAMTBHRlc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQWl+Zm\nrDHKg6oOyCw2ajPkNxe2YNA2zkxsL7Sfda6U0BmFwM9g38gevxjYVcCiBB/kNh9y\n4/ceoWP9FrDUK9voo1MwUTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB\n/zAdBgNVHQ4EFgQUJRQaKnq4hPw8nm4cHmHpKBsmhB0wDwYDVR0RBAgwBoIEdGVz\ndDAKBggqhkjOPQQDAgNIADBFAiB84nrLT83rwlr1uQD2mosuMLkOlYmcmdV1Sahg\n4rx4xAIhAO3M5mnSYFmUJJ39E0rLPBd35ijPBVvyebWVSoAZ4hcf\n-----END CERTIFICATE-----", "private_key": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIPsIu+t3cyX0Tg7HfIjsQdRmidoKW1jBD4C3poilcmAeoAoGCCqGSM49\nAwEHoUQDQgAE+7pvZMBZkd4D0fyDxmanb5AppjHQ9/4dKNwUayYE5FcLKHyWKuQC\nhIPNnJom6pAZKYBnioCy7KXp292QYumaLw==\n-----END EC PRIVATE KEY-----", "private_key_type": "ec", "serial_number": "07:05:33:dc:b0:15:2f:c9:1d:6b:e9:95:84:d3:b8:45:b4:f9:f7:82" }, "wrap_info": null, "warnings": null, "auth": null }The text was updated successfully, but these errors were encountered: