You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Vault should stat the provided certificate file path and ensure that the file exists and is accessible to the Vault user before attempting to validate the certificate and provide a relevant error message (i.e. when the file does not exist) when it cannot do so.
Actual Behavior:
vault init -ca-cert=/path/to/nonexistent/certificate.crt
Error initializing Vault: Put https://localhost:8200/v1/sys/init: x509: certificate signed by unknown authority
This would be super helpful for avoiding extraneous certificate signed by unknown authority errors, which in turn can become a false lead for troubleshooting.
The text was updated successfully, but these errors were encountered:
I have been unable to recreate this issue. When I run vault init with a missing CA certificate, I get the following.
$ vault init -ca-cert=/path/to/nonexisting/certificate.crt
Error initializing client: Error loading CA File: open /path/to/nonexisting/certificate.crt: no such file or directory
Hmmm, I originally reported this on v0.8.3 and when I try those versions, it appears that the non-existent -ca-cert path is simply ignored:
$ vault version
Vault v0.8.3 ('6b29fb2b7f70ed538ee2b3c057335d706b6d4e36')
$ vault init -ca-cert=/path/to/nonexisting/certificate.crt
Unseal Key 1: IoEJGGcV6WJmu6WNJ8srEHvuJybhPAEPfRpgB6XTziMY
Unseal Key 2: UCSJaRKRssjIqvy86A/rOqIs67x0BFb+429wVd1GdrDR
Unseal Key 3: YL8wFzO3WZr2RfWXCx5weFoQJo27Urv+Yu81bixZrbII
Unseal Key 4: glHxpvezHWgZxp8S2g6EZJOf/Aa0V6WKov9DdfkLtVMf
Unseal Key 5: qihrNPruZ3mjoOYsmO8/dUGAKF3Lc4qAeZjY9wPXZWcC
Initial Root Token: a77974a8-49c6-278f-b62f-c2446c65e552
Vault initialized with 5 keys and a key threshold of 3. Please
securely distribute the above keys. When the vault is re-sealed,
restarted, or stopped, you must provide at least 3 of these keys
to unseal it again.
Vault does not store the master key. Without at least 3 keys,
your vault will remain permanently sealed.
which sets up the originally reported issue.
That said, I can confirm that this is fixed in v0.9.0 and I get the same error you do.
Environment:
Vault Config File:
Expected Behavior:
Vault should stat the provided certificate file path and ensure that the file exists and is accessible to the Vault user before attempting to validate the certificate and provide a relevant error message (i.e. when the file does not exist) when it cannot do so.
Actual Behavior:
Steps to Reproduce:
This would be super helpful for avoiding extraneous
certificate signed by unknown authority
errors, which in turn can become a false lead for troubleshooting.The text was updated successfully, but these errors were encountered: