CA_with_Hashicorp_Vault

Root CA

Enable pki vault secrets enable -path=pki pki

Set max certificate validation time vault secrets tune -max-lease-ttl=87600h pki

Generate Root CA and save it to a file vault write -field=certificate pki/root/generate/internal common_name="Taeschnix CA2" ttl=87600h > CA2_cert.crt

Intermediate

vault secrets enable -path=pki_int pki

vault secrets tune -max-lease-ttl=43800h pki_int

vault write -format=json pki_int/intermediate/generate/internal common_name="fritz.box" | jq -r '.data.csr' > pki_intermediate.csr

vault write -format=json pki/root/sign-intermediate csr=@pki_intermediate.csr format=pem_bundle ttl="43800h" | jq -r '.data.certificate' > intermediate.crt

vault write pki_int/intermediate/set-signed certificate=@intermediate.crt

create Role

vault write pki_int/roles/fritz-box allowed_domains="fritz.box" allow_subdomains=true max_ttl="5927h"

vault write pki_int/issue/fritz-box common_name="*.fritz.box" ttl="5928h"