Vault: Error fetching ca certificate

Created on 11 Jan 2016 · 3Comments · Source: hashicorp/vault

I want to get CA certificate from the vault but get an error in response to API call.

$ vault read rootpki/ca/pem
Error reading rootpki/ca/pem: invalid character '-' in numeric literal

Environment

$ vault version
Vault v0.4.0
$ cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)
$ uname -a
Linux localhost.localdomain 3.10.0-229.14.1.el7.x86_64 #1 SMP Tue Sep 15 15:05:51 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

Source

lexsys27

Most helpful comment

Hi @lexsys27

As noted in the documentation for that endpoint:

Retrieves the CA certificate in raw DER-encoded form. This is a bare endpoint that does not return a standard Vault data structure.

You want to be using rootpki/cert/ca.

jefferai on 11 Jan 2016

🎉3

All 3 comments

Hi @lexsys27

As noted in the documentation for that endpoint:

Retrieves the CA certificate in raw DER-encoded form. This is a bare endpoint that does not return a standard Vault data structure.

You want to be using rootpki/cert/ca.

jefferai on 11 Jan 2016

🎉3

If /pem is added to the endpoint, the CA certificate is returned in PEM format.

Doesn't this change format to pem?

lexsys27 on 13 Jan 2016

PEM is still not a format parseable by the Vault CLI. If using the Vault CLI you must use the endpoint I indicated.

jefferai on 13 Jan 2016

Was this page helpful?

0 / 5 - 0 ratings

Related issues

Kerberos: matching key not found in keytab

pbolle · 3Comments

Getting Errors running go get github.com/hashicorp/vault/api

weisinc · 3Comments

mysql secrets- is too long for user name (should be no longer than 16)

dwdraju · 3Comments

Feature request: Amazon CloudWatch logs audit backend

mfischer-zd · 3Comments

Unable to create client certificate with "Firstname Lastname" as CN

frntn · 3Comments