Introduction
This article has been created to assist customers Cert issue to resolve the x509: certificate signed by unknown authority. If the issue is connecting to Vault from a client, we'll need to either have a CA certificate available to the client.
To have a CA certificate available to the client Certification needs to be added to the system or it can be supplied via `-ca-cert/-ca-path` or related environmental variables.
We can apply these two ways:
- Use either the environment variable VAULT_CACERT or the vault CLI flag `-ca-cert=`with a value that is the full path to the PEM encoded CA certificate file
- Use either the environment variable VAULT_CAPATH, or the vault CLI flag `-ca-path=` with a value that is the full path to a directory containing certificates including that of the relevant CA
If we like to disable checking for testing purposes we can use tls_skip_verify
Disable verification of TLS certificates. Using this option is highly discouraged.