-
Notifications
You must be signed in to change notification settings - Fork 4.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cert authentication login problem #5001
Comments
Vault makes no distinction between put and post. That has nothing to do with your problem. Are you going through a proxy or load balancer? |
No proxy or load balancer. These work:
This does not:
|
Does it work with the 0.9.3 CLI? |
@jefferai I work with @aaron64 It seems that the CLI is handling errors different given different options. We finally found out that the encrypted key.pem file was the issue. However, what made us go on a merry-go-round is that the following commands return different error messages which do not relate to the actual issue. 1
Shouldn't the 2
This seems to bypss the ssl certification verification (even though 3
Environment: |
1 works for me:
For 2 and 3, note that Vault's CLI does not currently support reading encrypted PEM files. If you want to use them you'll have to log in via some other mechanism like |
@jefferai Yes, the CLI does not currently read encrypted PEM files. (Found that out eventually) However, the point here is that when an encrypted PEM IS provided, the error messages are different and not indicative, depending on which flow you are using: environment variables vs argument options. Note that your 2nd command line might return the same error (x509 error) if you were to provide an encrypted PEM file. Hence example 1 vs example 2. It might be a smoking gun for other issues. If you think this should be a separate issue, let me know. The original issue has been solved. Thank you. |
If you run command (1) with |
Does this still an issue when logging? |
Hi, Got the exact same issue. Client cert and Client key are PEM encoded and not encrypted. Still. I ensured that my TLS protected API endpoint certificate can be resolved thanks to The error message s far from being exhaustive as the client cert is effectively correctly provided through -client-cert=client.pem. Any idea for debugging is appreciated. Jeff |
Hey @identitymonk can you copy and paste some of your attempts, including the command(s) and error(s) you're getting? Please be sure to obfuscate any sensitive data, but otherwise seeing the full command and error could help here. Thanks! |
Hello - we haven't heard back in some time, so we're going to close this issue for now. If you have more information please let us know by opening a new issue, and optionally referencing this one. Thanks! |
I had the same issue and resolved by switching from an ALB to NLB in AWS. |
Describe the bug
A clear and concise description of what the bug is.
When setting up certificate authentication on vault in an enabled path, the login command errors and logs a PUT command, when everywhere else I have seen it is listed as a POST.
Here is a log form the console:
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A successful login, definitely not a PUT header
Environment:
vault status
): 0.9.3vault version
): 0.10.4Vault server configuration file(s):
Additional context
Add any other context about the problem here.
The tutorial at: https://www.vaultproject.io/docs/auth/cert.html is exactly what I was following, the curl command for the same vault command has a POST header when vault has a PUT
The text was updated successfully, but these errors were encountered: