保险库WebUI证书
我刚刚构建了一个正确工作的保险库服务器,但是在WebUI上的每个连接下,我被要求验证证书:
您知道为什么我有此消息吗?可以绕过这个问题吗?
有关信息,我使用通配符证书 *.mydomain.com。
最好的问候
。
I have just built a vault server that works correctly but at each connection on the webui, I am asked to validate a certificate:
Do you know why I have this message? Is it possible to bypass this problem?
For information, I use a wildcard certificate *.mydomain.com.
Best regards,
M.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
估计默认情况下支持相互的TLS。 Vault要求您提出自己的证书以进行身份验证,并继续使用其他身份验证方法,如果没有提供客户端证书。
您可以通过设置 /a>在服务器的配置中,在
tcpstanza下(需要重新启动)。您可以找到基于知识的文章中的更多详细信息 @zam。
Vault supports mutual TLS by default. Vault asks that you present your own certificate to authenticate and continues with other authentication methods if no client certificate is provided.
You can turn it off by setting
tls_disable_client_certs = truein your server's configuration, under thetcpstanza (restart required).You can find more details in this knowledge based article by @Zam.
解决此问题涉及对TCP侦听器的config stanza进行调整。 对于TCP侦听器,保管库包括一个称为  false   and Vault将在可用时请求客户端证书。  
要禁用此行为,只需在您的保险库配置文件中更新TCP侦听器stanza即可包括以下行。
以下是在保险库配置文件中看起来的示例。
如果您想阅读更多信息,我写了知识库文章详细说明如何处理。
Fixing this issue involves making a tweak to your TCP listener's config stanza. For the TCP listener, Vault includes a parameter called tls_disable_client_certs which allows you to toggle this functionality. By default, the value of this parameter is
falseand Vault will request client certificates when available.To disable this behavior, simply update the TCP listener stanza in your Vault configuration file to include the following line.
Below is an example of how this would look in a Vault configuration file.
If you'd like to read more, I wrote a knowledge base article detailing how to handle this.
谢谢您的回答。
通过添加此行:
我不必再提交证书了。
最好的问候,
M.
Thank you for your answers.
By adding this line:
I don't have to submit a certificate anymore.
Best regards,
M.