Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- vault mount pki
- vault mount -path=pki1 pki
- vault mount -path=pki2 pki
- vault mount -path=pki3 pki
- vault mount-tune -max-lease-ttl=87600h pki
- vault mount-tune -max-lease-ttl=87600h pki1
- vault mount-tune -max-lease-ttl=87600h pki2
- vault mount-tune -max-lease-ttl=87600h pki3
- vault write pki/root/generate/internal common_name="Vault Testing Root Authority" ttl=87600h
- # Intermediate Authority
- vault write -format=json -field=csr pki1/intermediate/generate/internal common_name="Vault Testing Intermediate Authority" > pki1.csr
- vault write -format=json -field=certificate pki/root/sign-intermediate csr=@pki1.csr ttl=87500h format=pem_bundle > pki1.signed
- vault write pki1/intermediate/set-signed certificate=@pki1.signed
- # Intermediate Sub Authority
- vault write -format=json -field=csr pki2/intermediate/generate/internal common_name="Vault Testing Intermediate Sub Authority" > pki2.csr
- vault write -format=json -field=certificate pki1/root/sign-intermediate csr=@pki2.csr ttl=87400h format=pem_bundle > pki2.signed
- vault write pki2/intermediate/set-signed certificate=@pki2.signed
- # Intermediate Sub Sub Authority
- vault write -format=json -field=csr pki3/intermediate/generate/internal common_name="Vault Testing Intermediate Sub Sub Authority" > pki3.csr
- vault write -format=json -field=certificate pki2/root/sign-intermediate csr=@pki3.csr ttl=87300h format=pem_bundle > pki3.signed
- vault write pki3/intermediate/set-signed certificate=@pki3.signed
- # Roles
- vault write pki/roles/test allow_any_name=true enforce_hostnames=false max_ttl=1h
- vault write pki1/roles/test allow_any_name=true enforce_hostnames=false max_ttl=1h
- vault write pki2/roles/test allow_any_name=true enforce_hostnames=false max_ttl=1h
- vault write pki3/roles/test allow_any_name=true enforce_hostnames=false max_ttl=1h
- vault write pki1/roles/test_ec key_type=ec key_bits=256 allow_any_name=true enforce_hostnames=false max_ttl=1h
- vault write pki2/roles/test_ec key_type=ec key_bits=256 allow_any_name=true enforce_hostnames=false max_ttl=1h
- vault write pki3/roles/test_ec key_type=ec key_bits=256 allow_any_name=true enforce_hostnames=false max_ttl=1h
Add Comment
Please, Sign In to add comment