Vault PKI Integration

Overview

DOMUS PKI uses HashiCorp Vault for certificate issuance:

DOMUS-ROOT-CA (Vault - offline)
└── DOMUS-ISSUING-CA (Vault pki_int)
    ├── Server certificates
    └── Client certificates

Topics

ISE Requirements

  • Trust DOMUS CA chain for client auth

  • Have valid server certificate for EAP

  • Certificate revocation checking (OCSP/CRL)

Related

  • Vault PKI Cert Issuance (infra-ops)

  • Vault PKI Verification (infra-ops)