Retrieve a certificate using vault_pki_generate_certificate

abdellahbrahimi · December 13, 2024, 4:19pm

I try to retrieve a certificate from Vault server.
So, my playbook look like this:

- name: Get Certificate from Vault, using Vault Module
  hosts: localhost
  tasks:
     - name: Issue cert from Vault
       community.hashi_vault.vault_pki_generate_certificate:
         common_name: "Censored-CA"
         role_name: censored-role
         engine_mount_point: "pki/censored-ca"
         url: https://vault.censored.censor
      register: data_response

    - name: Display the result
      ansible.builtin.debug:
        msg: " test {{ data_response }}"

but I got this

PLAY [Get Certificate from Vault, using Vault Module] **************************************************************************************************************************************

TASK [Gathering Facts] *********************************************************************************************************************************************************************
ok: [localhost]

TASK [Login and use the resulting Token] ***************************************************************************************************************************************************
changed: [localhost]

TASK [Issue cert from Vault] ***************************************************************************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: , on post https://vault.censored.censor/v1/pki/censored-ca/issue/role-censored
fatal: [localhost]: FAILED! => {
    "changed": false
}

MSG:

1 error occurred:
        * could not fetch the CA certificate (was one set?): unable to fetch corresponding key for issuer issuer_censored ; unable to use this issuer for signing

, on post https://vault.censored.censor/v1/pki/censored-ca/issue/role-censored

PLAY RECAP *********************************************************************************************************************************************************************************
localhost                  : ok=2    changed=1    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

Please, can you help me? I feel lost. I look at the documentation but I can’t figure out. I will be very thankful if you help me or give me guidance. Thanks in advance.

abdellahbrahimi · December 16, 2024, 10:49am

Well, I notice, that nobody response to this question.
But I did manage to find a solution that worked for me.
So the problem was that I didn’t bundle the private key inside the certificate, and also pay attention to domain name, where you should allow the domain name that you use in your machine.

I hope this help.

Topic		Replies	Views
Ansible - Using the http get method to pull data SSL Cert data Ansible Developer	3	3	July 8, 2020
Get kv secret from the vault with playbook Get Help ansible-core , ssl , hashi-vault	7	636	December 8, 2023
Module URI unable to get local issuer Ansible Project	4	5	April 23, 2023
retrive secrets from vault using github token Ansible Project	0	1	May 28, 2020
Get command error output Get Help	5	127	April 10, 2024

Retrieve a certificate using vault_pki_generate_certificate

Related topics