hashicorp vault tls: failed to verify certificate: x509: certificate signed by unknown authority

При попытке проинициализировать Vault vault operator init падает ошибка:

Get "https://127.0.0.1:8200/v1/sys/seal-status": tls: failed to verify certificate: x509: certificate signed by unknown authority

Как генерировал само подписанный сертификат:

openssl req -x509 -sha256 -days 3653 -newkey rsa:4096 -keyout root_ca.key -out root_ca.crt

openssl genrsa -out localhost.key 4096

openssl req -new -key localhost.key -out localhost.csr

openssl x509 -req -CA root_ca.crt  -CAkey root_ca.key  -in localhost.csr  -out localhost.crt -days 365 -CAcreateserial -extfile localhost.ext

Файл localhost.ext

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
subjectAltName=@alt_names
[alt_names]
DNS.1=localhost
IP.1=127.0.0.1

Запускаю в docker compose

name: vault

services:
  vault:
    image: hashicorp/vault:1.17.5
    container_name: vault
    ports:
      - "8200:8200"
    cap_add:
      - IPC_LOCK
    volumes:
      - D:\Volume\vault\file:/vault/file
      - D:\Volume\vault\config:/vault/config
      - D:\Volume\vault\logs:/vault/logs
      - D:\Volume\vault\certs:/vault/certs
    environment:
      - VAULT_ADDR=https://127.0.0.1:8200
      - VAULT_CLUSTER_ADDR=https://127.0.0.1:8201
    command: vault server -config=/vault/config/vault.json

Конфигурация Vault:

{
  "log_file": "/vault/logs/vault.log",
  "log_level": "info",
  "ui": true,
  "listener": [{
    "tcp": {
      "address": "127.0.0.1:8200",
      "tls_cert_file": "/vault/certs/cert-file.pem",
      "tls_key_file": "/vault/certs/key-file.pem",
      "tls_client_ca_file": "/vault/certs/ca.pem"
    }
  }],
  "cluster_addr": "https://127.0.0.1:8201",
  "api_addr": "https://127.0.0.1:8200",
  "disable_mlock": true,
  "storage": {
    "raft": {
      "path": "/vault/file",
      "node_id": "raft1"
    }
  }
}

Ответы (0 шт):