API tools faq
paste
Guest User

Untitled

a guest
Mar 31st, 2018
124
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.08 KB | None | 0 0
raw download clone embed print report
  1. vault mount pki
  2. vault mount -path=pki1 pki
  3. vault mount -path=pki2 pki
  4. vault mount -path=pki3 pki
  5. vault mount-tune -max-lease-ttl=87600h pki
  6. vault mount-tune -max-lease-ttl=87600h pki1
  7. vault mount-tune -max-lease-ttl=87600h pki2
  8. vault mount-tune -max-lease-ttl=87600h pki3
  9. vault write pki/root/generate/internal common_name="Vault Testing Root Authority" ttl=87600h
  10.  
  11. # Intermediate Authority
  12. vault write -format=json -field=csr pki1/intermediate/generate/internal common_name="Vault Testing Intermediate Authority" > pki1.csr
  13. vault write -format=json -field=certificate pki/root/sign-intermediate csr=@pki1.csr ttl=87500h format=pem_bundle > pki1.signed
  14. vault write pki1/intermediate/set-signed certificate=@pki1.signed
  15.  
  16. # Intermediate Sub Authority
  17. vault write -format=json -field=csr pki2/intermediate/generate/internal common_name="Vault Testing Intermediate Sub Authority" > pki2.csr
  18. vault write -format=json -field=certificate pki1/root/sign-intermediate csr=@pki2.csr ttl=87400h format=pem_bundle > pki2.signed
  19. vault write pki2/intermediate/set-signed certificate=@pki2.signed
  20.  
  21. # Intermediate Sub Sub Authority
  22. vault write -format=json -field=csr pki3/intermediate/generate/internal common_name="Vault Testing Intermediate Sub Sub Authority" > pki3.csr
  23. vault write -format=json -field=certificate pki2/root/sign-intermediate csr=@pki3.csr ttl=87300h format=pem_bundle > pki3.signed
  24. vault write pki3/intermediate/set-signed certificate=@pki3.signed
  25.  
  26. # Roles
  27. vault write pki/roles/test allow_any_name=true enforce_hostnames=false max_ttl=1h
  28. vault write pki1/roles/test allow_any_name=true enforce_hostnames=false max_ttl=1h
  29. vault write pki2/roles/test allow_any_name=true enforce_hostnames=false max_ttl=1h
  30. vault write pki3/roles/test allow_any_name=true enforce_hostnames=false max_ttl=1h
  31. vault write pki1/roles/test_ec key_type=ec key_bits=256 allow_any_name=true enforce_hostnames=false max_ttl=1h
  32. vault write pki2/roles/test_ec key_type=ec key_bits=256 allow_any_name=true enforce_hostnames=false max_ttl=1h
  33. vault write pki3/roles/test_ec key_type=ec key_bits=256 allow_any_name=true enforce_hostnames=false max_ttl=1h
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!