Is there any way to allow the use of self signed certificates when using the http api?
I currently get this response when trying to run "vault status":
certificate signed by unknown authority
For my private organization a self signed certificate is sufficient and just as secure as
one signed by an actual authority. It would be nice to be able to interact with the vault server regardless of signing authority.
certifiedloud
All 7 comments
Hi @certifiedloud
If you do not want to add the self-signed cert to your local system, you can skip TLS verification. However, this reduces security. I would recommend installing the cert onto your system instead.
sethvargo
on 20 Jul 2015
Works for me, thanks!
certifiedloud
on 20 Jul 2015
@certifiedloud You can also use the -ca-cert flag for most CLI commands!
armon
on 21 Jul 2015
Ah! Good to know. Thanks.
certifiedloud
on 21 Jul 2015
Adding the Certificate on RHEL
update-ca-trust enable
cp /etc/vault/ssl/certs/vault.crt /etc/pki/ca-trust/source/anchors/
update-ca-trust extract
vault status
daxroc
on 23 Nov 2015
On Ubuntu 16.04
Assuming you have the certificate in your home directory:
sudo su
mkdir /usr/share/ca-certificates/vault
cp /home/ubuntu/vault-ca.crt /usr/share/ca-certificates/vault/vault-ca.crt
echo "vault/vault-ca.crt" >> /etc/ca-certificates.conf
update-ca-certificates
vault status
sprutner
on 7 Apr 2017
The above instructions (for example, @sprutner 's) should really make into the official documentation.
dfumagalli
on 15 May 2018
Related issues
maxsivanov
路
3Comments
andris9
路
3Comments
dwdraju
路
3Comments
gtmtech
路
3Comments
passwordleak
路
3Comments
Most helpful comment
The above instructions (for example, @sprutner 's) should really make into the official documentation.