github.com/anth0d/nomad@v0.0.0-20221214183521-ae3a0a2cad06/website/content/docs/commands/tls/cert-create.mdx

github.com/anth0d/nomad@v0.0.0-20221214183521-ae3a0a2cad06/website/content/docs/commands/tls/cert-create.mdx (about)

     1  ---
     2  layout: docs
     3  page_title: 'Commands: TLS Cert Create'
     4  description: |
     5    This command creates a Certificate that can be used for Nomad TLS setup.
     6  ---
     7  
     8  # Command: nomad tls cert create
     9  
    10  The `tls cert create` command is used to create certificates to be used for
    11  [TLS encryption][] for your Nomad cluster. You can then copy these to your
    12  servers and clients. This command will not automatically update the
    13  configuration of the agents.
    14  
    15  ## Usage
    16  
    17  Usage: `nomad tls cert create [options]`
    18  
    19  #### Command Options
    20  
    21  - `-additional-dnsname=<string>`: Provide an additional dnsname for Subject
    22    Alternative Names. `localhost` is always included. This flag may be provided
    23    multiple times.
    24  
    25  - `-additional-ipaddress=<string>`: Provide an additional ipaddress for Subject
    26    Alternative Names. `127.0.0.1` is always included. This flag may be provided
    27    multiple times.
    28  
    29  - `-ca=<string>`: Provide path to the ca. Defaults to `#DOMAIN#-agent-ca.pem`.
    30  
    31  - `-cli`: Generate cli certificate.
    32  
    33  - `-client`: Generate client certificate.
    34  
    35  - `-days=<int>`: Provide number of days the certificate is valid for from now
    36    on. Defaults to 1 year.
    37  
    38  - `-dc=<string>`: Provide the datacenter. Matters only for `-server`
    39    certificates. Defaults to `dc1`.
    40  
    41  - `-domain=<string>`: Provide the domain. Matters only for `-server`
    42    certificates.
    43  
    44  - `-key=<string>`: Provide path to the key. Defaults to
    45    `#DOMAIN#-agent-ca-key.pem`.
    46  
    47  - `-node=<string>`: When generating a server cert and this server is set an
    48    additional DNS name is included of the form
    49    `<node>.server.<datacenter>.<domain>`.
    50  
    51  - `-server`: Generate server certificate.
    52  
    53  ## Examples
    54  
    55  Create a certificate for servers:
    56  
    57  ```shell-session
    58  $ nomad tls cert create -server
    59  ==> WARNING: Server Certificates grants authority to become a
    60      server and access all state in the cluster including root keys
    61      and all ACL tokens. Do not distribute them to production hosts
    62      that are not server nodes. Store them as securely as CA keys.
    63  ==> Using CA file nomad-agent-ca.pem and CA key nomad-agent-ca-key.pem
    64  ==> Server Certificate saved to global-server-nomad.pem
    65  ==> Server Certificate key saved to global-server-nomad-key.pem
    66  ```
    67  
    68  Create a certificate for clients:
    69  
    70  ```shell-session
    71  $ nomad tls cert create -client
    72  ==> Using CA file nomad-agent-ca.pem and CA key nomad-agent-ca-key.pem
    73  ==> Client Certificate saved to global-client-nomad.pem
    74  ==> Client Certificate key saved to global-client-nomad-key.pem
    75  ```
    76  
    77  Create a certificate for the CLI:
    78  
    79  ```shell-session
    80  $ nomad tls cert create -cli
    81  ==> Using CA file nomad-agent-ca.pem and CA key nomad-agent-ca-key.pem
    82  ==> Cli Certificate saved to global-cli-nomad.pem
    83  ==> Cli Certificate key saved to global-cli-nomad-key.pem
    84  ```
    85  
    86  [TLS encryption]: https://learn.hashicorp.com/tutorials/nomad/security-enable-tls?in=nomad/transport-security