connect: generate intermediate at same time as root (#6272)

Generate intermediate at same time as root
Co-Authored-By: Freddy <freddygv@users.noreply.github.com>
This commit is contained in:
Todd Radel 2019-08-02 15:36:03 -04:00 committed by GitHub
parent 64b235990d
commit 96be92f3b5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -209,12 +209,21 @@ func (s *Server) initializeRootCA(provider ca.Provider, conf *structs.CAConfigur
if err != nil { if err != nil {
return fmt.Errorf("error getting root cert: %v", err) return fmt.Errorf("error getting root cert: %v", err)
} }
rootCA, err := parseCARoot(rootPEM, conf.Provider, conf.ClusterID) rootCA, err := parseCARoot(rootPEM, conf.Provider, conf.ClusterID)
if err != nil { if err != nil {
return err return err
} }
// Also create the intermediate CA, which is the one that actually signs leaf certs
interPEM, err := provider.GenerateIntermediate()
if err != nil {
return fmt.Errorf("error generating intermediate cert: %v", err)
}
_, err = connect.ParseCert(interPEM)
if err != nil {
return fmt.Errorf("error getting intermediate cert: %v", err)
}
commonConfig, err := conf.GetCommonConfig() commonConfig, err := conf.GetCommonConfig()
if err != nil { if err != nil {
return err return err