Display certificate details in the Web UI #4724
Comments
|
I would recommend implementing a view as here: https://silvrback.s3.amazonaws.com/uploads/66cc69df-eb09-4821-adbe-2570bfb7536e/Screen%20Shot%202014-07-10%20at%2016.08.04_large.png Use case:
|
|
Just the subject, issuer, validity and SANs would already be very helpful |
|
Our use case for this is client certificates. We used Vault as the issuing CA for an IKEv2 VPN deployment, so one client cert per VPN user. Currently, we generate them via python's hvac library and essentially output a csv that maps the user's email to the certificate serial number so that it is easy to find the right cert for revocation later on. Obviously it would be preferable if at least the subject line was available from within the vault GUI! |
|
Agreed. For me, subject in the list of certs is much more useful than serial number. Also, the state of the cert (expired, revoked, etc), is very useful. |
|
+1 |
|
Browsing around in the code, the UI code that selects which attributes are shows appears to be in vault/ui/app/adapters/pki-certificate.js Lines 24 to 38 in 0223f59 I don't have the time at hand now to do something about it but it's already a pointer |
|
1 similar comment
|
|
These are the universal passwords of WhatsApp Messenger |
|
|
Just the subject, issuer, validity and SANs would already be very helpful |
|
These are the universal passwords of WhatsApp Messenger |
|
Looks like resolved in 1.9? https://www.vaultproject.io/docs/release-notes/1.9.0#pki-certificate-metadata |
|
Interestingly, it does — but only after you create a new cert. As in, I just updated my dev tier to 1.9.0, and didn't see any of the additional information about my existing certs listed in the interface. I then created a new cert, and after creating it, I could see the new information in the interface, for the new cert and for all the existing certs. |
|
@delfuego do you have more information on that? Configuration, etc? Is that something you can reproduce? The parsing in the UI is from what's returned from the API, so it should be something that works with both old and new certs. |
|
@hsimon-hashicorp I unfortunately don't — I upgraded my dev tier already, and don't have another tier immediately ready to be upgraded that I could further test this on. It's truly weird, though, I agree! |
hsimon-hashicorp
added
the
community-sentiment
|
This seems resolved since 1.9.x - @jwarnier have you retested this since raising this issue and do you agree that it can now be closed? |
|
Hi,
There's confusion between:
1) Being able to see details on a certificate by clicking the serial number
in the overview (at
/ui/vault/secrets/pki_int/show/cert/29:80:69:3a:92:aa:aa:13:c1:dd:90:f9:24:15:51:15:98:55:f8:6c,
for example in engine pki_int).
2) Having things like the Common name and expiration date of each
certificate in the overview screen
(at /ui/vault/secrets/pki_int/list?tab=certs for example, for engine
pki_int)
I confirm 1) is implemented but 2) is not, as of Vault 1.11.3.
Hope this helps.
Cheers
Joris
…On Mon, Sep 12, 2022 at 11:43 PM aphorise ***@***.***> wrote:
This seems resolved since 1.9.x - @jwarnier <https://github.com/jwarnier>
have you retested this since raising this issue and do you agree that it
can now be closed?
—
Reply to this email directly, view it on GitHub
<#4724 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AATHBKOIMSLLUZAXJ3VR7B3V56PZFANCNFSM4FEAK2UQ>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
|
May be related to PR: #17236 - that includes additional certificate details in the Secrets / PKI overview listing. |
|
Hi there! Thank you all for this request! 😄 Here to confirm that parsing certificate data was added to the UI in 1.9 PR here and more certificate details are surfaced in the PKI beta UI released in 1.13 #18737 (see PR for screenshots) Because there can be millions of certificates, we’re unable to show any certificate details in the |
Is your feature request related to a problem? Please describe.
It would be great if Vault UI displayed the details of a certificate, such as the output of "openssl x509 -in file.pem -noout -text", instead of just showing it in PEM format.
Example URL where it happens:
https://localhost:8200/ui/vault/secrets/user-pki/show/cert/63-a8-57-b2-40-69-72-61-df-7c-c9-2f-e8-da-4a-5f-3b-d8-1b-f5
Describe the solution you'd like
Ideally, I'd like the details of the certificate to show on an alternate page (with a link between both), let's say, for e.g.:
https://localhost:8200/ui/vault/secrets/user-pki/show/cert**-details**/63-a8-57-b2-40-69-72-61-df-7c-c9-2f-e8-da-4a-5f-3b-d8-1b-f5
Describe alternatives you've considered
Alternatively, it could show this on the same page, but I fear it would easily become unreadable on any screen.
Explain any additional use-cases
My issue here was mainly to determine the issue and expiry dates of certificates, so was forced to dump the PEM and read it with openssl. This could be avoided with more details in the Web UI.
The text was updated successfully, but these errors were encountered: