mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-18 12:37:02 +02:00
0637f5e316
* PKI: Change sign-intermediate to truncate notAfter by default - The PKI sign-intermediate API allowed an end-user to request a TTL value that would extend beyond the signing issuer's notAfter. This would generate an invalid CA chain when properly validated. - We are now changing the default behavior to truncate the returned certificate to the signing issuer's notAfter. - End-users can get the old behavior by configuring the signing issuer's leaf_not_after_behavior field to permit, and call sign-intermediary with the new argument enforce_leaf_not_after_behavior to true. The new argument could also be used to enforce an error instead of truncating behavior if the signing issuer's leaf_not_after_behavior is set to err. * Add cl * Add cl and upgrade note * Apply suggestions from code review Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> --------- Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> |
||
|---|---|---|
| .. | ||
| databases | ||
| identity | ||
| key-management | ||
| kv | ||
| ad.mdx | ||
| alicloud.mdx | ||
| aws.mdx | ||
| azure.mdx | ||
| cassandra.mdx | ||
| consul.mdx | ||
| cubbyhole.mdx | ||
| gcp.mdx | ||
| gcpkms.mdx | ||
| index.mdx | ||
| kmip.mdx | ||
| kubernetes.mdx | ||
| ldap.mdx | ||
| mongodbatlas.mdx | ||
| nomad.mdx | ||
| pki.mdx | ||
| rabbitmq.mdx | ||
| ssh.mdx | ||
| terraform.mdx | ||
| totp.mdx | ||
| transform.mdx | ||
| transit.mdx | ||