top | item 43089241

(no title)

lazyweb | 1 year ago

I'm hosting my own internal CA using Hashicorp Vault and some ansible + CI. The root CA is valid for 20 years, intermediate CA 10 years, client certs three months.

Initial setup is a handful of commands interacting with Vault's CLI, from there, with CI in place, client certs are renewed automatically. Services are restarted / reloaded as well. Works flawlessly.

I should maybe write a (small) blog explaining how it works.

discuss

No comments yet.