Я создал ЦС в Vault для создания моего сертификата. Я следил за этим руководством здесь: https://learn.hashicorp.com/vault/secrets-management/sm-pki-engine
Я пытаюсь сгенерировать сертификат клиента с помощью механизма секретов pki в Vault, а затем войти в Vault с помощью метода проверки подлинности сертификата с помощью этой команды:
вход в хранилище -address =https://xxx.xxx.xxx.xxx:8200 -tls-skip-verify -method = cert -ca-cert = cacert.pem -client-cert = cert.pem -client-key = key.key name = vaultclnt
Я получаю ошибку:
Ошибка аутентификации: ошибка при запросе API.
URL: PUT https://xxx.xxx.xxx.xxx:8200/v1/auth/cert/login Код: 400. Ошибки:
CERT INFO:
Сертификат ----- BEGIN CERTIFICATE ----- MIIDdzCCAl + gAwIBAgIUSIb1ejlpms0Fqxm4zZaGkrwHUecwDQYJKoZIhvcNAQEL BQAwFjEUMBIGA1UEAxMLdmVyaXpvbi5jb20wHhcNMjAwNjEwMTQ1MTEzWhcNMjAw NjExMjA1MTQzWjAvMS0wKwYDVQQDEyRydmFwYXJ2bmRzdmx0Y2xudDAxLmNzZnAu dmVyaXpvbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCW2Fuk 9UADhU6esnuaP / aFdM9CtPnKgVCoWQwF7H3u6hybDxT1W3ko82pdlR0YNVSLCKTU Б / tNLPhAmuRNbBW1Kdr2ukQvklAss5c5WPmtzz3iKFQOWP9vQMDvCMSl5MnPKlnx Rd9yykASxXFxRUegMPxiMiToeJmPZ1MiWchuqU984QAx6 / SEERiTYisfOpkpJprM VHhjLU9PG3Uq6gxmyjBoDDJSv + TNV7dGGx29xgZR9uOn / zoYUNaVG0 / I5cXXnk9x р + д + IvZQ4KMkfPMtoUgx1vyRupYquIO05pUb90Pb4t2SQGL0xDl7XYunqvWtjfd3 jEEoGNN5z / ADSS + BAgMBAAGjgaMwgaAwDgYDVR0PAQH / BAQDAgOoMB0GA1UdJQQW MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUlFD6CgESvEzYXK / uuCgp EFo2gZIwHwYDVR0jBBgwFoAULKme72CcD / zEX5a4CsIBeg28XTwwLwYDVR0RBCgw JoIkcnZhcGFydm5kc3ZsdGNsbnQwMS5jc2ZwLnZlcml6b24uY29tMA0GCSqGSIb3 DQEBCwUAA4IBAQBdRdbwTkCcZ0HqOrhpnYE5Ss + M9Q00zlRpdqWFyBAnhR4kKGDt NCxgOdeXOE1N7buXkOQY60nemUiQsYU / 5cZJyofoLv9WgAC0wn Kv + 8KbjX6SMte1 Fmsh6xK + S0NPY6jQU1r4JfaUoHlleDeC26BWXTWF / h7kCZMFKJ / YSAvCm6lck55u hG7xlQRaH9b5T2oZr6NX2VixLDzDcHK0T6pId + lLSWHhGG6urvxVOqL0gF / e1D0q Oos2CFHSkq + RvcFvhLbGbp5BvWMvrBpP / FO8k0CiEwklMStVB + OlKfrvgkXXRFhX RNBneFRPPUn / 352Ao8SRDx5 / KHVKpU8n3NxL ----- END CERTIFICATE -----
Выдача CA ----- BEGIN CERTIFICATE ----- MIIDqTCCApGgAwIBAgIUCGxptoHCke0n87cAY4FHamGo + ecwDQYJKoZIhvcNAQEL BQAwFjEUMBIGA1UEAxMLdmVyaXpvbi5jb20wHhcNMjAwNjA5MTYyNjIwWhcNMzAw NjA3MTYyNjUwWjAWMRQwEgYDVQQDEwt2ZXJpem9uLmNvbTCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBAMWs16u1gzycDqgaDYWRyeQqoQCnnvS + fJiMQ558 umfRq / 03M7wZxnKbmw6qTIKjz / 5wEleAhz3 + ogViSdkgwashMExuognqudhpMQKL uXIUetLoa8NYQ6C2TSb1ha7 + Q3qzvfQpxOp4tfMI9Zr6Jctee9D3qKkYMaQtMIz + eGKSj9U0AkVTKVeMUASMArAwvbwOHA4dCajZUpIQN5VS996j7PGDU / kx07bIGGCI klbnx9CNXI5ZEGxy / lpeQNzsiautcTf0S4fyaxwj7m4MKd4erzK5 + mpIS9IzERHf IPfAvJKvnIoB4JpcE2hrap / MjGPj + WXR + iMI9qJwsMrpJFMCAwEAAaOB7jCB6zAO BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH / BAUwAwEB / zAdBgNVHQ4EFgQULKme72Cc Д / zEX5a4CsIBeg28XTwwHwYDVR0jBBgwFoAUmyRowx9E0bLThf6Y0o3dhHKamOgw PAYIKwYBBQUHAQEEMDAuMCwGCCsGAQUFBzAChiBodHRwczovLzEyNy4wLjAuMTo4 MjAwL3YxL3BraS9jYTAWBgNVHREEDzANggt2ZXJpem9uLmNvbTAyBgNVHR8EKzAp MCegJaAjhiFodHRwczovLzEyNy4wLjAuMTo4MjAwL3YxL3BraS9jcmwwDQYJKoZI hvcNAQELBQADggEBAIsIycTrjSQeJCxUrjcMAzEQHN / K8ReBliS Tute / Y1MgUApx ebR8jueuq8ZwJEhTgbSJFjymQ8BHdNWLEEXNeGJj3TwsgDm21c6jG / З / 8nFqpT7 шишка + uGeDTJeCoj07bJjOKGCGxkZfPK + u6fD7v7zYNVRlYHg5bHsgTrA3PlOgdeL4 aFXwRoqtRXcnvblb5VKig9Big2wpkCldDRGzfIcKVc02JsF5X3KNKQGHrL1Fdk38 Х + qWBJ0VpbbnmIwR5Rk3wI437cyy / y3eyWs7LmXgOyA6JGfh4 + 8rIW + br9 + Nf6n2 Quf / v5dl2jvxwNtnnM2xoM1BdbZq6p7xKiIR1rg = ----- END CERTIFICATE -----
CA цепь ----- BEGIN CERTIFICATE ----- MIIDqTCCApGgAwIBAgIUCGxptoHCke0n87cAY4FHamGo + ecwDQYJKoZIhvcNAQEL BQAwFjEUMBIGA1UEAxMLdmVyaXpvbi5jb20wHhcNMjAwNjA5MTYyNjIwWhcNMzAw NjA3MTYyNjUwWjAWMRQwEgYDVQQDEwt2ZXJpem9uLmNvbTCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBAMWs16u1gzycDqgaDYWRyeQqoQCnnvS + fJiMQ558 umfRq / 03M7wZxnKbmw6qTIKjz / 5wEleAhz3 + ogViSdkgwashMExuognqudhpMQKL uXIUetLoa8NYQ6C2TSb1ha7 + Q3qzvfQpxOp4tfMI9Zr6Jctee9D3qKkYMaQtMIz + eGKSj9U0AkVTKVeMUASMArAwvbwOHA4dCajZUpIQN5VS996j7PGDU / kx07bIGGCI klbnx9CNXI5ZEGxy / lpeQNzsiautcTf0S4fyaxwj7m4MKd4erzK5 + mpIS9IzERHf IPfAvJKvnIoB4JpcE2hrap / MjGPj + WXR + iMI9qJwsMrpJFMCAwEAAaOB7jCB6zAO BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH / BAUwAwEB / zAdBgNVHQ4EFgQULKme72Cc Д / zEX5a4CsIBeg28XTwwHwYDVR0jBBgwFoAUmyRowx9E0bLThf6Y0o3dhHKamOgw PAYIKwYBBQUHAQEEMDAuMCwGCCsGAQUFBzAChiBodHRwczovLzEyNy4wLjAuMTo4 MjAwL3YxL3BraS9jYTAWBgNVHREEDzANggt2ZXJpem9uLmNvbTAyBgNVHR8EKzAp MCegJaAjhiFodHRwczovLzEyNy4wLjAuMTo4MjAwL3YxL3BraS9jcmwwDQYJKoZI hvcNAQELBQADggEBAIsIycTrjSQeJCxUrjcMAzEQHN / K8ReBliStU Те / Y1MgUApx ebR8jueuq8ZwJEhTgbSJFjymQ8BHdNWLEEXNeGJj3TwsgDm21c6jG / З / 8nFqpT7 шишка + uGeDTJeCoj07bJjOKGCGxkZfPK + u6fD7v7zYNVRlYHg5bHsgTrA3PlOgdeL4 aFXwRoqtRXcnvblb5VKig9Big2wpkCldDRGzfIcKVc02JsF5X3KNKQGHrL1Fdk38 Х + qWBJ0VpbbnmIwR5Rk3wI437cyy / y3eyWs7LmXgOyA6JGfh4 + 8rIW + br9 + Nf6n2 Quf / v5dl2jvxwNtnnM2xoM1BdbZq6p7xKiIR1rg = ----- END CERTIFICATE -----
Секретный ключ ----- НАЧАТЬ RSA PRIVATE KEY ----- MIIEowIBAAKCAQEAlthbpPVAA4VOnrJ7mj / 2hXTPQrT5yoFQqFkMBex97uocmw8U 9Vt5KPNqXZUdGDVUiwik1Af7TSz4QJrkTWwVtSna9rpEL5JQLLOXOVj5rc894ihU DLJ / b0DA7wjEpeTJzypZ8UXfcspAEsVxcUVHoDD8YjIk6HiZj2dTIlnIbqlPfOEA Mev0hBEYk2IrHzqZKSaazFR4Yy1PTxt1KuoMZsowaAwyUr / kzVe3RhsdvcYGUfbj р / 86GFDWlRtPyOXF155PcafoPiL2UOCjJHzzLaFIMdb8kbqWKriDtOaVG / dD2 + Ld kkBi9MQ5e12Lp6r1rY33d4xBKBjTec / wHbEvgQIDAQABAoIBAH3brbNX8X4 + hteA ggK0ZaL6UEgPKe + dr8eW7KIwrO5fpVh23 / zLwq65UkEcvjbJoG2U27oRosrEv6lf 0ycKDJ6oeoqr5WJvyLdTbNSreT9dD / wXu / JwrUeNFq0aesETwJI6eusFaqejOoyu 8rUYoed1l87ymbrhjPaKtmGN2d8B22Lcz + w7Ug1V0vzEPE9vDJpKNfy6rd9kJTM2 1SNFOe72AVebj06M34YViyd + XhZvDFhuqu2ytHRnTbPlhOgTnfGA28bDJr1fXW70 ж / ojNMPS9tCUJQKeisgDTKCMcLujGQHPUER388A5uOtGi6sFrVBPhldegumx8tKf MXu9RLECgYEAxfwqDDC2mWnk4vTs807ZgsTHIYLTzsAcxeS1hrh / c40qo9QAAl8e WMr8no8vswa / uMFuz6vvDGRQF3gx2K5V4Eiw4pK5 / 4ATlNeam5uJ91qMzEP83Nc7 uVmBgQuXFB + vqHlHD99Xj4Cnfq / 6J8644KzJVJYuinlT3qbaUn7w5m0CgYEAwwv / vGBmeGIZJOEPBok01Mks7JaaNTZPAuPWLGw8HvJ28X6AvR Xu2czuwsqHXvNk / CuO G8q / dewqbCqU3PmI8b1Rv4OSLG / 1oKzXbxg3uIn8ZM28XBAKqmSK + 6iDrOZB / SRJ + VyFkEZoQkOfGJO9OCrUSe7n / uIFRDRL7B5VUOUCgYA04D7emJf76xMtJhqudI2U 5jcElSs6WYaVt5pfi6DGXJpZvMHv4DV7o2LKehVUK + ZCUq7kmdezKItXaUtuwki / KMrNCEDSowMXymlJS8YSIMXfu / ypgnY571SuAUltH3VLenBnJc / 9zG9vX1JhFU28 + 4idpapyYyrqGQfP5oUyFQKBgQC3AKEX7BL4zIHu + kMQzNeG9qJx8PQLDUOg4Iho 8byPBMvY1eqQfu216PP0S / Yrfo65GcZHHTn6uHUtO96kXnTA6 / KxkA8sJnf + I22W zNArEzx + kBI1BtAbA27rpDa3mOs + 1qIel1KyBX14 / t1dP / Д / гв + 2prOBkCuEzNSX Вт / aMiQKBgA5JC0jBL9 + Guq0iB2LaBKElW84CfZcQ70fnqCtfijJdY1phBBpqEyOc dtX2q6KnmcSH58SFkX3qRBEryOvUKHkkuZi / sjmH3yrqiWeuQP9WUjSp3RuaLyOI btHpD / NaI2f1VJjiPoX + Bu + 5q4HXKjYBTIDqURCpdA8dzoNFClvP ----- END RSA PRIVATE KEY -----
Тип закрытого ключа rsa Серийный номер 48: 86: f5: 7a: 39: 69: 9a: cd: 05: ab: 19: b8: cd: 96: 86: 92: bc: 07: 51: e7