Comments (10)
@sfortuna did you execute vault secrets enable
and, if so, did you specify -path=venafi-pki
when you did? https://www.vaultproject.io/docs/commands/secrets/enable.html
from vault-pki-backend-venafi.
Yes, I was able to complete steps 1-10 in the quickstart guide. The error occurs when running this command in step 11:
vault write venafi-pki/sign/tpp-backend [email protected]
https://github.com/Venafi/vault-pki-backend-venafi
from vault-pki-backend-venafi.
Hi @sfortuna on what platform you're running venafi-pki? Could you share vault logs?
from vault-pki-backend-venafi.
RHEL
2019-07-26T12:50:11.028-0400 [TRACE] secrets.venafi-pki-backend.venafi-pki-backend_28bddf70.venafi-pki-backend: handle existence check: transport=gRPC path=sign/tpp-backend status=started
2019-07-26T12:50:11.029-0400 [TRACE] secrets.venafi-pki-backend.venafi-pki-backend_28bddf70.venafi-pki-backend: handle existence check: transport=gRPC path=sign/tpp-backend status=finished err="unsupported path" took=906.75µs
2019-07-26T12:50:11.029-0400 [TRACE] secrets.venafi-pki-backend.venafi-pki-backend_28bddf70.venafi-pki-backend: handle request: transport=gRPC path=sign/tpp-backend status=started
2019-07-26T12:50:11.030-0400 [TRACE] secrets.venafi-pki-backend.venafi-pki-backend_28bddf70.venafi-pki-backend: handle request: transport=gRPC path=sign/tpp-backend status=finished err="unsupported path" took=993.667µs
from vault-pki-backend-venafi.
@sfortuna would you please send the full sequence of commands you executed for steps 1-10 and your vault config file to [email protected] so we can attempt to reproduce the issue in our lab? Please redact any sensitive information and also confirm that you are using Vault version 0.12 with version 0.5.1 of the vault-pki-backend-venafi plugin.
from vault-pki-backend-venafi.
We are using vault v 1.1.1 and venafi 0.4.1
from vault-pki-backend-venafi.
Here are the commands with personal information removed:
- Unzip venafi-pki-backend_0.4.1+385_linux86.zip
- mv venafi-pki-backend /path/to/vault/vault_plugins
- vi vault_server_config.json
- export VAULT_ADDR=https://{fqdn}:8200
- SHA256=$(shasum -a 256 /path/to/vault/vault_plugins/venafi-pki-backend| cut -d' ' -f1)
- vault write sys/plugins/catalog/secret/venafi-pki-backend sha_256="${SHA256}" command="venafi-pki-backend"
- vault secrets enable -path=venafi-pki -plugin-name=venafi-pki-backend plugin
- vault write venafi-pki/roles/tpp-backend
tpp_url="https://tpp.venafi.example:443/vedsdk"
tpp_user="admin"
tpp_password="password"
zone="DevOps\Vault Backend"
trust_bundle_file="/opt/venafi/bundle.pem"
generate_lease=true store_by_cn=true store_pkey=true store_by_serial=true ttl=1h max_ttl=1h
allowed_domains=example.com
allow_subdomains=true - vault write venafi-pki/issue/tpp-backend common_name="test.example.com"
cat < csr.conf
[req]
default_bits = 4096
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = dn
[ dn ]
CN = test-csr-32313131.vfidev.com
[ req_ext ]
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = alt1-test-csr-32313131.vfidev.com
DNS.2 = alt2-test-csr-32313131.vfidev.com
EOF
openssl req -new -config csr.conf -keyout myserver.key -out myserver.csr -passin pass:somepassword -passout pass:anotherpassword
10. vault write venafi-pki/sign/tpp-backend [email protected]
from vault-pki-backend-venafi.
Thank you @sfortuna We first added support for signing CSRs in version 0.4.2 of our plugin so that's most likely the source of your problem. Any version higher than the one you are using should work but we recommend the latest (0.5.1).
from vault-pki-backend-venafi.
@tr1ck3r Thanks, we've updated to version 0.5.1 but are still experiencing the same issue. We are still able complete steps 1-10 in the guide but not 11
from vault-pki-backend-venafi.
Hello this was an issue with our CA configuration. Thanks
from vault-pki-backend-venafi.
Related Issues (20)
- Venafi role is missing allow_glob_domains feature HOT 3
- code:500. Error (Internal Error) HOT 4
- Venafi + Vault Health Checks
- Update go-plugin & Vault SDK to latest versions in order to support autoMTLS HOT 3
- golang version used for each release HOT 2
- Unable to obtain Certificate from MS ADCS with Validity < 24h
- Venafi PKI role allowed_domains parameter not being enforced HOT 1
- Vault Plugin is taking ~60 seconds to start, this seems to lock Vault until startup is complete HOT 5
- Adding support for Venafi CustomFields
- 100h” TTL term is giving an error ("error":"1 error occurred:\n\t* permission denied\n\n"}) HOT 1
- Streamline initialization of Secrets Engine with TPP by requiring Refresh Token only
- Chain in response to certificate requests differs from the native Vault PKI secrets engine HOT 1
- Error handling when trust_bundle_file is not specified HOT 8
- CA_Chain Property added to GET request
- Certificate TTL and Private Key Storage Question HOT 1
- Error writing data to Venafi secret venafi-pki/venafi/tpp: Error making API request. HOT 3
- Using store_by=cn setting of the PKI roles returns invalid cert bundles HOT 5
- Need explanation of error messages HOT 1
- Mismatched Keys on Certificate in Vault HOT 4
- service_generated_cert stores the private key in vault as encrypted HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vault-pki-backend-venafi.