Failed to sign CSR

leitang · August 7, 2019, 5:29pm

Based on the log entry “failed to sign CSR: no certificate chain in the CSR response”, the CSR response does not contain a certificate chain. The failure may be caused by the following reasons:

The CSR may not reach the Vault server, e.g., the Vault endpoint is not properly configured.
The CSR reached the Vault server but the Vault server did not return a valid CSR response.

I suggest you add/turn on the logs on the client and Vault server to check what is the request sent from the client, whether the Vault server receives the request, and what is the response from the Vault server. Meanwhile, you can also use the Vault command line tool to directly sign a CSR at your Vault server and check whether the response contains a certificate chain.

Topic		Replies	Views
Instructions for configuring Vault for CA integration Security	4	1963	July 10, 2019
Istio: Unable to set up mutual TLS origination with an egress gateway, custom certificates Networking	7	5478	August 16, 2022
Defect of the Istio Docs V1.8 Docs	0	556	December 31, 2020
Plugging in existing CA Certificates in istio 1.7 Security	3	2791	February 1, 2021
Error with TLS cert mounting?	0	742	February 28, 2022

Failed to sign CSR

Related topics