kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-06 02:15:43 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
3e8ebf85f59b8d88840989f30bdebdeebafddc19
nomad/website/content/docs/commands/tls/ca-create.mdx
Lance Haig 1541358ef3 Add the ability to customise the details of the CA (#17309) 
Co-authored-by: James Rasell <jrasell@users.noreply.github.com>
2023-07-11 08:53:09 +01:00

74 lines
2.2 KiB
Plaintext
Raw Blame History

---
layout: docs
page_title: 'Commands: tls ca create'
description: |
This command creates a Certificate Authority that can be used to create
self signed certificates to be used for Nomad TLS setup.
---
# Command: nomad tls ca create
Create is used to create a self signed Certificate Authority to be used for
Nomad TLS setup.
## Usage
```plaintext
nomad tls ca create [options]
```
## CA Create Options
- `-additional-domain=<value>`: Add name constraints for the CA. The server will
reject certificates for DNS names other than those specified in `-domain` and
`-additional-domain`. Can be used multiple times. This option can only used in
combination with `-domain` and `-name-constraint`.
- `-common-name`: Common Name of CA. Defaults to Nomad Agent CA.
- `-country`: Country of the CA. Defaults to "US".
- `-days=<int>`: Provide number of days the CA is valid for from now on,
defaults to 5 years.
- `-domain=<string>`: Domain of nomad cluster. Only used in combination with
`-name-constraint`. Defaults to `nomad`.
- `-locality`: Locality of the CA. Defaults to "San Francisco".
- `-name-constraint`: Add name constraints for the CA. Results in rejecting
certificates for other DNS than specified. If set to true, "localhost" and
`-domain` will be added to the allowed DNS. Defaults to false.
~> **Warning:** If `-name-constraint` is enabled and you intend to serve the
Nomad web UI over HTTPS its DNS must be added with `additional-domain`. It is
not possible to add that after the fact.
- `-organization`: Organization of the CA. Defaults to "HashiCorp Inc.".
- `-organizational-unit`: Organizational Unit of the CA. Defaults to "Nomad".
- `-postal-code`: Postal Code of the CA. Defaults to "94105".
- `-province`: Province of the CA. Defaults to "CA".
- `-street-address`: Street Address of the CA. Defaults to "101 Second Street".
## Example
Create CA:
```shell-session
$ nomad tls ca create
==> CA Certificate saved to: nomad-agent-ca.pem
==> CA Certificate key saved to: nomad-agent-ca-key.pem
```
Create a CA with a specified domain:
```shell-session
$ nomad tls ca create -name-constraint="true" -domain="foo.com"
==> CA Certificate saved to: foo.com-agent-ca.pem
==> CA Certificate key saved to: foo.com-agent-ca-key.pem
```
Reference in New Issue View Git Blame Copy Permalink