What is the value returned with vault read keyfactor/cert/<serial number>
fredwlau opened this issue · 1 comments
The example is showing what looks to be a PEM Base64 encoded certificate but when I try
vault read keyfactor/cert/<serial number>
in our dev environment and then try to read the certificate with openssl it is not valid.
It's also different than the response payload from
vault write keyfactor/issue/<role>
which responds with the leaf, issuing, and private key entries separately.
Upon further inspection it looks like the returned response from
vault read keyfactor/cert/<serial number>
is a Base64 encoded PEM Base64 certificate which means it was originally a well formatted PEM certificate with header and footer and then it was Base64 encoded again and then an additional header and footer were appended to it.
Stripping the header and footer from the vault response and then running
cat stripped.pem | base64 -d | openssl x509 -text
provides a correct parsing. Is this intentional to Base 64 encode an already PEM encoded certificate?