Ryan Eskin

That was my next step, to generate my own. It makes it easier to securely store these in the event there's some type of critical failure, that way once fixed...

@jkirschner-hashicorp I tried generating my own certificates. The Primary datacenter in my cluster takes the root just fine, however it seems the secondaries run a verification of the certificate I...

Its almost as if the secondary datacenters are expecting an intermediate in that 'rootCert' configuration param, and it thinks I'm providing one that's self signed

I am actually setting the private key and root cert in the secondaries. I guess thinking about it, since they delegate the root responsibility to the primary, I should potentially...

That actually seems like the most logical route. I'll test shortly and report my findings. Thanks for all the help!

Interestingly, that results in the same error

More info, I used my old vault config to reset my development cluster, and the secondaries are also spitting out that error still as well

I will correct myself here. I was able to revert to my old vault config in the secondaries after hard reboots of the servers. Something must have been stuck in...

I've done this previously and it results in the same errors in the secondaries. If cross signing isn't set during this operation the API rejects it

Really sorry for the delay here @jkirschner-hashicorp , been in the weeds with the consul lambda stuff 😄 . I will test this when I'm able to circle back to...