added CA to pem bundle

This commit is contained in:
Bertrand Lanson 2023-04-18 21:50:21 +02:00
parent db8f25992f
commit 2dd7548727
3 changed files with 11 additions and 6 deletions

View File

@ -13,7 +13,6 @@ renew_vault_certificates_info:
issuer_path: pki/issue/your-issuer
common_name: vault01.example.com
ttl: 90d
include_localhost: true
include_consul_service: false
include_consul_service: true
renew_vault_certificates_consul_service_name: vault.service.consul
renew_vault_certificates_start_service: false

View File

@ -1,3 +1,7 @@
{% raw %}{{ with secret {% endraw %}"{{ renew_vault_certificates_info['issuer_path'] }}" "common_name={{ renew_vault_certificates_info['common_name'] }}" "ttl={{ renew_vault_certificates_info['ttl'] }}"{% if renew_vault_certificates_info['include_consul_service'] %} "alt_names={{ renew_vault_certificates_consul_service_name }}" "alt_names=active.{{ renew_vault_certificates_consul_service_name }}" "alt_names=standby.{{ renew_vault_certificates_consul_service_name }}"{% endif %}{% if renew_vault_certificates_info['include_localhost'] %} "alt_names=localhost" "ip_sans=127.0.0.1"{% endif %}{% raw %} }}{% endraw %}
{% raw %}{{ with secret {% endraw %}"{{ renew_vault_certificates_info['issuer_path'] }}" "common_name={{ renew_vault_certificates_info['common_name'] }}" "ttl={{ renew_vault_certificates_info['ttl'] }}" "alt_names=localhost{% if renew_vault_certificates_info['include_consul_service'] %},{{ renew_vault_certificates_consul_service_name }},active.{{ renew_vault_certificates_consul_service_name }},standby.{{ renew_vault_certificates_consul_service_name }}{% endif %}" "ip_sans=127.0.0.1"{% raw %} }}{% endraw %}
{% raw %}{{ .Data.certificate }}{% endraw %}
{% raw %}{{ .Data.issuing_ca }}{% endraw %}
{% raw %}{{ end }}{% endraw %}

View File

@ -1,3 +1,5 @@
{% raw %}{{ with secret {% endraw %}"{{ renew_vault_certificates_info['issuer_path'] }}" "common_name={{ renew_vault_certificates_info['common_name']}}" "ttl={{ renew_vault_certificates_info['ttl']}}" {% if renew_vault_certificates_info['include_localhost']%}"alt_names=localhost" "ip_sans=127.0.0.1" {% endif %}{% raw %}}}{% endraw %}
{% raw %}{{ with secret {% endraw %}"{{ renew_vault_certificates_info['issuer_path'] }}" "common_name={{ renew_vault_certificates_info['common_name'] }}" "ttl={{ renew_vault_certificates_info['ttl'] }}" "alt_names=localhost{% if renew_vault_certificates_info['include_consul_service'] %},{{ renew_vault_certificates_consul_service_name }},active.{{ renew_vault_certificates_consul_service_name }},standby.{{ renew_vault_certificates_consul_service_name }}{% endif %}" "ip_sans=127.0.0.1"{% raw %} }}{% endraw %}
{% raw %}{{ .Data.private_key }}{% endraw %}
{% raw %}{{ end }}{% endraw %}