Using Step CA to Revoke Acme certs : failed to verify certificate: x509 #2504
Description
Hi ,
First of all , thanks for the great job !
My Setup :
Step CA installed with Helm chart on Kubernetes.
Db : postgres
Version : 0.29.0
I have Setup an Acme Server with this url : https://acme-server.mydomain.local/
The cert is a cert generated with the intermediate CA.
I used cert manager to generate a cert for an url "https://myurl.mydomain.local"
Ok.
Now , I want to revoke that certificate. So I'm using the CLI.
Inside the container running my CA :
step ca revoke --reason "Cert compromised" --reasonCode "key compromise" 188119706389441743186708622321
Here is the result :
client GET https://acme-server.mydomain.local/provisioners?limit=100 failed: tls: failed to verify certificate: x509: certificate signed by unknown authority
The container does not trust the CA configured in it.
What I did , is mount a custom file in /etc/ssl/cert.pem with that intermediate trusted.
I can curl the url , but still step CA does not trust the ca :/
step-certificates-helm-0:~$ curl https://acme-server.mydomain.local/provisioners?limit
{"provisioners":[{"type":"acme","name":"myprovisionner","options":{"x509":{},"ssh":{}}}],"nextCursor":""}
step-certificates-helm-0:~$ step ca revoke --reason "Cert compromised" --reasonCode "key compromise" 188119706389441743186708622321
client GET https://acme-server.mydomain.local/provisioners?limit=100 failed: tls: failed to verify certificate: x509: certificate signed by unknown authority
So , First , it it the right approach to Revoke my Certificate ?
If not , what should I do ? If yes , how can I make step ca trust my CA ?
Thanks a lot