Command: nomad tls ca create
Create is used to create a self signed Certificate Authority to be used for Nomad TLS setup.
nomad tls ca create [options]
-additional-domain=<value>: Add name constraints for the CA. The server will reject certificates for DNS names other than those specified in
-additional-domain. Can be used multiple times. This option can only used in combination with
-common-name: Common Name of CA. Defaults to Nomad Agent CA.
-country: Country of the CA. Defaults to "US".
-days=<int>: Provide number of days the CA is valid for from now on, defaults to 5 years.
-domain=<string>: Domain of nomad cluster. Only used in combination with
-name-constraint. Defaults to
-locality: Locality of the CA. Defaults to "San Francisco".
-name-constraint: Add name constraints for the CA. Results in rejecting certificates for other DNS than specified. If set to true, "localhost" and
-domainwill be added to the allowed DNS. Defaults to false.
-name-constraint is enabled and you intend to serve the
Nomad web UI over HTTPS its DNS must be added with
additional-domain. It is
not possible to add that after the fact.
-organization: Organization of the CA. Defaults to "HashiCorp Inc.".
-organizational-unit: Organizational Unit of the CA. Defaults to "Nomad".
-postal-code: Postal Code of the CA. Defaults to "94105".
-province: Province of the CA. Defaults to "CA".
-street-address: Street Address of the CA. Defaults to "101 Second Street".
$ nomad tls ca create ==> CA Certificate saved to: nomad-agent-ca.pem ==> CA Certificate key saved to: nomad-agent-ca-key.pem
Create a CA with a specified domain:
$ nomad tls ca create -name-constraint="true" -domain="foo.com" ==> CA Certificate saved to: foo.com-agent-ca.pem ==> CA Certificate key saved to: foo.com-agent-ca-key.pem