-
Notifications
You must be signed in to change notification settings - Fork 375
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HVAC authentication fail with self-signed certificate but works with vault API/CLI #618
Comments
You may need to point the underlying requests module to a CA bundle that includes the issuer certificate for your self-signed certificate. Perhaps you could try reading through https://hvac.readthedocs.io/en/stable/advanced_usage.html#making-use-of-private-ca and letting us know if that helps navigate the issue or if it doesn't we can explore the issue further and perhaps clarifiy this section of the documentation. |
This might be solved with pr #691 . I added some extra logging around this with documentation that to authenticate with a non-standard CA you need to provide that CA as the verify kwarg. It also allows setting/changing the certs outside of a single statement client creation and login (which was the only way to use certificate auth previously) client = hvac.Client(. details including the certs and ca ).auth_tls() where as now you can create the client and then auth client =hvac.Client |
Unable to authenticate vault with HVAC when TLS enabled with self-signed certificate
Started Vault service with TLS enabled
where the
self-signed.crt
andself-signed.key
is self signed certificate-key pair generated through opensslVault CLI/API works with self-signed certificate
Able to perform unseal, status check, read, write secrets to kv-v2 engine (CLI/API) with ca-cert flag
HVAC authenticate fails with self-signed certificate
Using hvac 0.10.5 version and python 2.7. Tried the below three combinations (with verify flag only, cert flag only and both verify and cert flags). All of them resulted in the same SSL CERTIFICATE_VERIFY_FAILED Exception
The text was updated successfully, but these errors were encountered: