hashicorp vault tls: failed to verify certificate: x509: certificate signed by unknown authority
При попытке проинициализировать Vault vault operator init
падает ошибка:
Get "https://127.0.0.1:8200/v1/sys/seal-status": tls: failed to verify certificate: x509: certificate signed by unknown authority
Как генерировал само подписанный сертификат:
openssl req -x509 -sha256 -days 3653 -newkey rsa:4096 -keyout root_ca.key -out root_ca.crt
openssl genrsa -out localhost.key 4096
openssl req -new -key localhost.key -out localhost.csr
openssl x509 -req -CA root_ca.crt -CAkey root_ca.key -in localhost.csr -out localhost.crt -days 365 -CAcreateserial -extfile localhost.ext
Файл localhost.ext
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
subjectAltName=@alt_names
[alt_names]
DNS.1=localhost
IP.1=127.0.0.1
Запускаю в docker compose
name: vault
services:
vault:
image: hashicorp/vault:1.17.5
container_name: vault
ports:
- "8200:8200"
cap_add:
- IPC_LOCK
volumes:
- D:\Volume\vault\file:/vault/file
- D:\Volume\vault\config:/vault/config
- D:\Volume\vault\logs:/vault/logs
- D:\Volume\vault\certs:/vault/certs
environment:
- VAULT_ADDR=https://127.0.0.1:8200
- VAULT_CLUSTER_ADDR=https://127.0.0.1:8201
command: vault server -config=/vault/config/vault.json
Конфигурация Vault:
{
"log_file": "/vault/logs/vault.log",
"log_level": "info",
"ui": true,
"listener": [{
"tcp": {
"address": "127.0.0.1:8200",
"tls_cert_file": "/vault/certs/cert-file.pem",
"tls_key_file": "/vault/certs/key-file.pem",
"tls_client_ca_file": "/vault/certs/ca.pem"
}
}],
"cluster_addr": "https://127.0.0.1:8201",
"api_addr": "https://127.0.0.1:8200",
"disable_mlock": true,
"storage": {
"raft": {
"path": "/vault/file",
"node_id": "raft1"
}
}
}