I have created a CA in Vault to handle my certificate creation. I've followed this guide here: https://learn.hashicorp.com/vault/secrets-management/sm-pki-engine
I am trying to generate a client certificate using the pki secrets engine in Vault and then logging into Vault Using the cert auth method via this command:
vault login -address=https://xxx.xxx.xxx.xxx:8200 -tls-skip-verify -method=cert -ca-cert=cacert.pem -client-cert=cert.pem -client-key=key.key name=vaultclnt
The error I'm getting:
Error authenticating: Error making API request.
URL: PUT https://xxx.xxx.xxx.xxx:8200/v1/auth/cert/login Code: 400. Errors:
- invalid certificate or no client certificate supplied
CERT INFO:
Certificate -----BEGIN CERTIFICATE----- MIIDdzCCAl+gAwIBAgIUSIb1ejlpms0Fqxm4zZaGkrwHUecwDQYJKoZIhvcNAQEL BQAwFjEUMBIGA1UEAxMLdmVyaXpvbi5jb20wHhcNMjAwNjEwMTQ1MTEzWhcNMjAw NjExMjA1MTQzWjAvMS0wKwYDVQQDEyRydmFwYXJ2bmRzdmx0Y2xudDAxLmNzZnAu dmVyaXpvbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCW2Fuk 9UADhU6esnuaP/aFdM9CtPnKgVCoWQwF7H3u6hybDxT1W3ko82pdlR0YNVSLCKTU B/tNLPhAmuRNbBW1Kdr2ukQvklAss5c5WPmtzz3iKFQOWP9vQMDvCMSl5MnPKlnx Rd9yykASxXFxRUegMPxiMiToeJmPZ1MiWchuqU984QAx6/SEERiTYisfOpkpJprM VHhjLU9PG3Uq6gxmyjBoDDJSv+TNV7dGGx29xgZR9uOn/zoYUNaVG0/I5cXXnk9x p+g+IvZQ4KMkfPMtoUgx1vyRupYquIO05pUb90Pb4t2SQGL0xDl7XYunqvWtjfd3 jEEoGNN5z/AdsS+BAgMBAAGjgaMwgaAwDgYDVR0PAQH/BAQDAgOoMB0GA1UdJQQW MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUlFD6CgESvEzYXK/uuCgp EFo2gZIwHwYDVR0jBBgwFoAULKme72CcD/zEX5a4CsIBeg28XTwwLwYDVR0RBCgw JoIkcnZhcGFydm5kc3ZsdGNsbnQwMS5jc2ZwLnZlcml6b24uY29tMA0GCSqGSIb3 DQEBCwUAA4IBAQBdRdbwTkCcZ0HqOrhpnYE5Ss+M9Q00zlRpdqWFyBAnhR4kKGDt NCxgOdeXOE1N7buXkOQY60nemUiQsYU/5cZJyofoLv9WgAC0wnKv+8KbjX6SMte1 Fmsh6xK+S0NPY6jQU1r4JfaUoHlleDeC26BWXTWF/h7kCZMFKJ/YSAvCm6lck55u hG7xlQRaH9b5T2oZr6NX2VixLDzDcHK0T6pId+lLSWHhGG6urvxVOqL0gF/e1D0q Oos2CFHSkq+RvcFvhLbGbp5BvWMvrBpP/FO8k0CiEwklMStVB+OlKfrvgkXXRFhX RNBneFRPPUn/352Ao8SRDx5/KHVKpU8n3NxL -----END CERTIFICATE-----
Issuing CA -----BEGIN CERTIFICATE----- MIIDqTCCApGgAwIBAgIUCGxptoHCke0n87cAY4FHamGo+ecwDQYJKoZIhvcNAQEL BQAwFjEUMBIGA1UEAxMLdmVyaXpvbi5jb20wHhcNMjAwNjA5MTYyNjIwWhcNMzAw NjA3MTYyNjUwWjAWMRQwEgYDVQQDEwt2ZXJpem9uLmNvbTCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBAMWs16u1gzycDqgaDYWRyeQqoQCnnvS+fJiMQ558 umfRq/03M7wZxnKbmw6qTIKjz/5wEleAhz3+ogViSdkgwashMExuognqudhpMQKL uXIUetLoa8NYQ6C2TSb1ha7+Q3qzvfQpxOp4tfMI9Zr6Jctee9D3qKkYMaQtMIz+ eGKSj9U0AkVTKVeMUASMArAwvbwOHA4dCajZUpIQN5VS996j7PGDU/kx07bIGGCI klbnx9CNXI5ZEGxy/lpeQNzsiautcTf0S4fyaxwj7m4MKd4erzK5+mpIS9IzERHf IPfAvJKvnIoB4JpcE2hrap/MjGPj+wXr+iMI9qJwsMrpJFMCAwEAAaOB7jCB6zAO BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQULKme72Cc D/zEX5a4CsIBeg28XTwwHwYDVR0jBBgwFoAUmyRowx9E0bLThf6Y0o3dhHKamOgw PAYIKwYBBQUHAQEEMDAuMCwGCCsGAQUFBzAChiBodHRwczovLzEyNy4wLjAuMTo4 MjAwL3YxL3BraS9jYTAWBgNVHREEDzANggt2ZXJpem9uLmNvbTAyBgNVHR8EKzAp MCegJaAjhiFodHRwczovLzEyNy4wLjAuMTo4MjAwL3YxL3BraS9jcmwwDQYJKoZI hvcNAQELBQADggEBAIsIycTrjSQeJCxUrjcMAzEQHN/K8ReBliStUTe/Y1MgUApx ebR8jueuq8ZwJEhTgbSJFjymQ8BHdNWLEEXNeGJj3TwsgDm21c6jG/ZA/8nFqpT7 nob+uGeDTJeCoj07bJjOKGCGxkZfPK+u6fD7v7zYNVRlYHg5bHsgTrA3PlOgdeL4 aFXwRoqtRXcnvblb5VKig9Big2wpkCldDRGzfIcKVc02JsF5X3KNKQGHrL1Fdk38 X+qWBJ0VpbbnmIwR5Rk3wI437cyy/y3eyWs7LmXgOyA6JGfh4+8rIW+Br9+Nf6n2 QUf/v5dl2jvxwNtnnM2xoM1BdbZq6p7xKiIR1rg= -----END CERTIFICATE-----
CA chain -----BEGIN CERTIFICATE----- MIIDqTCCApGgAwIBAgIUCGxptoHCke0n87cAY4FHamGo+ecwDQYJKoZIhvcNAQEL BQAwFjEUMBIGA1UEAxMLdmVyaXpvbi5jb20wHhcNMjAwNjA5MTYyNjIwWhcNMzAw NjA3MTYyNjUwWjAWMRQwEgYDVQQDEwt2ZXJpem9uLmNvbTCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBAMWs16u1gzycDqgaDYWRyeQqoQCnnvS+fJiMQ558 umfRq/03M7wZxnKbmw6qTIKjz/5wEleAhz3+ogViSdkgwashMExuognqudhpMQKL uXIUetLoa8NYQ6C2TSb1ha7+Q3qzvfQpxOp4tfMI9Zr6Jctee9D3qKkYMaQtMIz+ eGKSj9U0AkVTKVeMUASMArAwvbwOHA4dCajZUpIQN5VS996j7PGDU/kx07bIGGCI klbnx9CNXI5ZEGxy/lpeQNzsiautcTf0S4fyaxwj7m4MKd4erzK5+mpIS9IzERHf IPfAvJKvnIoB4JpcE2hrap/MjGPj+wXr+iMI9qJwsMrpJFMCAwEAAaOB7jCB6zAO BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQULKme72Cc D/zEX5a4CsIBeg28XTwwHwYDVR0jBBgwFoAUmyRowx9E0bLThf6Y0o3dhHKamOgw PAYIKwYBBQUHAQEEMDAuMCwGCCsGAQUFBzAChiBodHRwczovLzEyNy4wLjAuMTo4 MjAwL3YxL3BraS9jYTAWBgNVHREEDzANggt2ZXJpem9uLmNvbTAyBgNVHR8EKzAp MCegJaAjhiFodHRwczovLzEyNy4wLjAuMTo4MjAwL3YxL3BraS9jcmwwDQYJKoZI hvcNAQELBQADggEBAIsIycTrjSQeJCxUrjcMAzEQHN/K8ReBliStUTe/Y1MgUApx ebR8jueuq8ZwJEhTgbSJFjymQ8BHdNWLEEXNeGJj3TwsgDm21c6jG/ZA/8nFqpT7 nob+uGeDTJeCoj07bJjOKGCGxkZfPK+u6fD7v7zYNVRlYHg5bHsgTrA3PlOgdeL4 aFXwRoqtRXcnvblb5VKig9Big2wpkCldDRGzfIcKVc02JsF5X3KNKQGHrL1Fdk38 X+qWBJ0VpbbnmIwR5Rk3wI437cyy/y3eyWs7LmXgOyA6JGfh4+8rIW+Br9+Nf6n2 QUf/v5dl2jvxwNtnnM2xoM1BdbZq6p7xKiIR1rg= -----END CERTIFICATE-----
Private key -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAlthbpPVAA4VOnrJ7mj/2hXTPQrT5yoFQqFkMBex97uocmw8U 9Vt5KPNqXZUdGDVUiwik1Af7TSz4QJrkTWwVtSna9rpEL5JQLLOXOVj5rc894ihU Dlj/b0DA7wjEpeTJzypZ8UXfcspAEsVxcUVHoDD8YjIk6HiZj2dTIlnIbqlPfOEA Mev0hBEYk2IrHzqZKSaazFR4Yy1PTxt1KuoMZsowaAwyUr/kzVe3RhsdvcYGUfbj p/86GFDWlRtPyOXF155PcafoPiL2UOCjJHzzLaFIMdb8kbqWKriDtOaVG/dD2+Ld kkBi9MQ5e12Lp6r1rY33d4xBKBjTec/wHbEvgQIDAQABAoIBAH3brbNX8X4+hteA ggK0ZaL6UEgPKe+dr8eW7KIwrO5fpVh23/zLwq65UkEcvjbJoG2U27oRosrEv6lf 0ycKDJ6oeoqr5WJvyLdTbNSreT9dD/wXu/JwrUeNFq0aesETwJI6eusFaqejOoyu 8rUYoed1l87ymbrhjPaKtmGN2d8B22Lcz+w7Ug1V0vzEPE9vDJpKNfy6rd9kJTM2 1SNFOe72AVebj06M34YViyd+XhZvDFhuqu2ytHRnTbPlhOgTnfGA28bDJr1fXW70 w/ojNMPS9tCUJQKeisgDTKCMcLujGQHPUER388A5uOtGi6sFrVBPhldegumx8tKf MXu9RLECgYEAxfwqDDC2mWnk4vTs807ZgsTHIYLTzsAcxeS1hrh/c40qo9QAAl8e WMr8no8vswa/uMFuz6vvDGRQF3gx2K5V4Eiw4pK5/4ATlNeam5uJ91qMzEP83Nc7 uVmBgQuXFB+vqHlHD99Xj4Cnfq/6J8644KzJVJYuinlT3qbaUn7w5m0CgYEAwwv/ vGBmeGIZJOEPBok01Mks7JaaNTZPAuPWLGw8HvJ28X6AvRXu2czuwsqHXvNk/cuo G8q/dewqbCqU3PmI8b1Rv4OSLG/1oKzXbxg3uIn8ZM28XBAKqmSK+6iDrOZB/srJ +VyFkEZoQkOfGJO9OCrUSe7n/uIFRDRL7B5VUOUCgYA04D7emJf76xMtJhqudI2U 5jcElSs6WYaVt5pfi6DGXJpZvMHv4DV7o2LKehVUK+ZCUq7kmdezKItXaUtuwki/ KMrNCEDSowMXymlJS8YSIMXfu/ypgnY571SuAUltH3VLenBnJc/9zG9vX1JhFU28 +4idpapyYyrqGQfP5oUyFQKBgQC3AKEX7BL4zIHu+kMQzNeG9qJx8PQLDUOg4Iho 8byPBMvY1eqQfu216PP0S/Yrfo65GcZHHTn6uHUtO96kXnTA6/KxkA8sJnf+I22W zNArEzx+kBI1BtAbA27rpDa3mOs+1qIel1KyBX14/t1dP/D/rB+2prOBkCuEzNSX W/aMiQKBgA5JC0jBL9+Guq0iB2LaBKElW84CfZcQ70fnqCtfijJdY1phBBpqEyOc dtX2q6KnmcSH58SFkX3qRBEryOvUKHkkuZi/sjmH3yrqiWeuQP9WUjSp3RuaLyOI btHpD/NaI2f1VJjiPoX+bU+5q4HXKjYBTIDqURCpdA8dzoNFClvP -----END RSA PRIVATE KEY-----
Private key type rsa Serial number 48:86:f5:7a:39:69:9a:cd:05:ab:19:b8:cd:96:86:92:bc:07:51:e7
