diff --git a/command/agent/command.go b/command/agent/command.go
index a8b773871..3b58dc77c 100644
--- a/command/agent/command.go
+++ b/command/agent/command.go
@@ -328,6 +328,10 @@ func (c *Command) IsValidConfig(config, cmdConfig *Config) bool {
 			c.Ui.Error(fmt.Sprintf("WARNING: Error when parsing TLS configuration: %v", err))
 		}
 	}
+	if !config.DevMode && (config.TLSConfig == nil ||
+		!config.TLSConfig.EnableHTTP || !config.TLSConfig.EnableRPC) {
+		c.Ui.Error("WARNING: mTLS is not configured - Nomad is not secure without mTLS!")
+	}
 
 	if config.Server.EncryptKey != "" {
 		if _, err := config.Server.EncryptBytes(); err != nil {