Multi-tenant Vault PKI with custom root PEM bundles

In the previous article1, I have investigated modern PKI software alternatives. One of the options on the list was HashiCorp Vault. The natural next step is to set up a Vault PKI. This article documents setting up an imaginary multi-tenant Vault PKI with custom PEM bundles generated with OpenSSL. The steps the following: create a root CA with OpenSSL create intermediate CAs for imaginary clients with OpenSSL using HashiCorp Vault in development mode: import custom bundle with root and intermediate certificates configure Vault roles issue a certificate The method for generating the root and intermediate CAs comes from OpenSSL Certificate Authority guide written by Jamie Nguyen2.
Read more