Document when the vault pki role required setting `require_cn=false` #955

wallrj · 2022-04-28T15:28:10Z

I fixed this by setting require_cn=false in my vault pki role [also i recently updated to vault v1.10.0]:

vault write pki_int/roles/dc \
    allowed_domains=dc \
    allow_subdomains=true \
    require_cn=false \
    max_ttl=72h

Originally posted by @Nold360 in cert-manager/cert-manager#4965 (comment)

The text was updated successfully, but these errors were encountered:

abvijaykumar · 2022-11-01T04:03:24Z

Hi I am getting the following error

"Vault failed to sign certificate: failed to sign certificate by vault: Error making API request. URL: POST http://vault.default:8200/v1/pki/sign/mysite-dot-com Code: 400. Errors: * subject alternate name mysite.com not allowed by this role"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Document when the vault pki role required setting `require_cn=false` #955

Document when the vault pki role required setting `require_cn=false` #955

wallrj commented Apr 28, 2022

abvijaykumar commented Nov 1, 2022

Document when the vault pki role required setting require_cn=false #955

Document when the vault pki role required setting require_cn=false #955

Comments

wallrj commented Apr 28, 2022

abvijaykumar commented Nov 1, 2022

Document when the vault pki role required setting `require_cn=false` #955

Document when the vault pki role required setting `require_cn=false` #955