Where I've been testing is in deployment of a production environment. While doing the deployment iterations, I'm using a vault-generated root-ca but when the environment is handed over to the customer, they will provide a root-ca for vault.
In both scenarios, the certificates generated by vault will not have Signed Certificate Timestamps so either way, the sct check would fail.
Where I've been testing is in deployment of a production environment. While doing the deployment iterations, I'm using a vault-generated root-ca but when the environment is handed over to the customer, they will provide a root-ca for vault.
In both scenarios, the certificates generated by vault will not have Signed Certificate Timestamps so either way, the sct check would fail.