github.com/hernad/nomad@v1.6.112/helper/tlsutil/testdata/README.md (about)

     1  # Nomad Test Certificate
     2  
     3  Nomad has a built in command to generate certificates for setting up tls encryption.
     4  This will generate valid certificates with default settings if run without any configuration.
     5  The command `nomad tls` is used to generate the test certificates in this directory.
     6  
     7  | File                             | Description               |
     8  |----------------------------------|---------------------------|
     9  | `nomad-agent-ca.pem`             | CA certificate            |
    10  | `nomad-agent-ca-key.pem`         | CA Key                    |
    11  | `regionFoo-client-nomad.pem`     | Nomad cert for foo region |
    12  | `regionFoo-client-nomad-key.pem` | Nomad key for foo region  |
    13  | `bad-agent-ca.pem`               | CA cert for bad region    |
    14  | `bad-agent-ca-key.pem`           | CA key for bad region     |
    15  | `badRegion-client-bad.pem`       | Nomad cert for bad region |
    16  | `badRegion-client-bad-key.pem`   | Nomad key for bad region  |
    17  | `global-*.pem`                   | For global region         |
    18  | `whitespace-agent-ca.pem`        | For whitespace test       |
    19  
    20  ## Generating self-signed certs with nomad tls
    21  
    22  ```sh
    23  
    24  # Generate CA certificate and key.
    25  nomad tls ca create
    26  
    27  # Generate certificates and keys with default values.
    28  # 1. Generate server certificate with default values
    29  # 2. Generate client certificate with default values
    30  nomad tls cert create -server
    31  nomad tls cert create -client
    32  
    33  # Generate certificates and keys for region regionFoo.
    34  # 1. Generate server certificate for region regionFoo
    35  # 2. Generate client certificate for region regionFoo
    36  nomad tls cert create -server -region regionFoo
    37  nomad tls cert create -client -region regionFoo
    38  ```
    39  
    40  
    41  ## Generating additional self-signed certs for testing tls misconfiguration 
    42  
    43  These certificates are used to test incorrect tls configuration.
    44  They are valid certificates but issued from a different CA
    45  
    46  ```sh
    47  
    48  # Generate CA certificate and key.
    49  nomad tls ca create -name-constraint=true -domain bad
    50  
    51  # Generate certificates and keys for region badRegion.
    52  # 1. Generate server certificate for region badRegion
    53  # 2. Generate client certificate for region badRegion
    54  nomad tls cert create -server -region badRegion -domain=bad
    55  nomad tls cert create -client -region badRegion -domain=bad
    56  ```
    57  
    58  ## Generate CA for whitespace test
    59  
    60  You will need to edit the pem file to add some whitespace after the 
    61  -----END CERTIFICATE----- line 
    62  
    63  ```sh
    64  
    65  # Generate CA certificate and key.
    66  nomad tls ca create -name-constraint=true -domain whitespace
    67  ```