kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-07 02:45:42 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
26e16febad01cc7d78fac93694de5a07ca5c4267
nomad/website/content/docs/commands/tls/ca-create.mdx
Aimee Ukasick dae496e427 Docs: SEO front matter description for search: commands section (#25175) 
* Enhance front matter description for search

* acl section

* alloc section

* config section

* deployment section

* eval section

* job section

* license section

* namespace section

* node section

* node pool section

* operator section

* plugin section

* quota section

* recommendation section

* scaling section

* sentinel section

* server section

* service section

* setup section

* system section

* tls section

* var section

* volume section

* change reference to command reference

* Apply suggestions from code review

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

---------

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2025-03-19 12:02:02 -05:00

73 lines
2.3 KiB
Plaintext
Raw Blame History

---
layout: docs
page_title: 'nomad tls ca create command reference'
description: |
The `nomad tls ca create` command creates a certificate authority that you then use to create a self-signed certificate for Nomad Transport Layer Security (TLS) configuration.
---
# `nomad tls ca create` command reference
Create is used to create a self signed Certificate Authority to be used for
Nomad TLS setup.
## Usage
```plaintext
nomad tls ca create [options]
```
## Options
- `-additional-domain=<value>`: Add name constraints for the CA. The server will
reject certificates for DNS names other than those specified in `-domain` and
`-additional-domain`. Can be used multiple times. This option can only used in
combination with `-domain` and `-name-constraint`.
- `-common-name`: Common Name of CA. Defaults to Nomad Agent CA.
- `-country`: Country of the CA. Defaults to "US".
- `-days=<int>`: Provide number of days the CA is valid for from now on,
defaults to 5 years.
- `-domain=<string>`: Domain of nomad cluster. Only used in combination with
`-name-constraint`. Defaults to `nomad`.
- `-locality`: Locality of the CA. Defaults to "San Francisco".
- `-name-constraint`: Add name constraints for the CA. Results in rejecting
certificates for other DNS than specified. If set to true, "localhost" and
`-domain` will be added to the allowed DNS. Defaults to false.
~> **Warning:** If `-name-constraint` is enabled and you intend to serve the
Nomad web UI over HTTPS its DNS must be added with `additional-domain`. It is
not possible to add that after the fact.
- `-organization`: Organization of the CA. Defaults to "HashiCorp Inc.".
- `-organizational-unit`: Organizational Unit of the CA. Defaults to "Nomad".
- `-postal-code`: Postal Code of the CA. Defaults to "94105".
- `-province`: Province of the CA. Defaults to "CA".
- `-street-address`: Street Address of the CA. Defaults to "101 Second Street".
## Example
Create CA:
```shell-session
$ nomad tls ca create
==> CA Certificate saved to: nomad-agent-ca.pem
==> CA Certificate key saved to: nomad-agent-ca-key.pem
```
Create a CA with a specified domain:
```shell-session
$ nomad tls ca create -name-constraint="true" -domain="foo.com"
==> CA Certificate saved to: foo.com-agent-ca.pem
==> CA Certificate key saved to: foo.com-agent-ca-key.pem
```
Reference in New Issue View Git Blame Copy Permalink