Hi,
I set up TLS on Nomad by following this tutorial. It seems to be working, but when I try to access https://<ip>:<port> from a browser it returns an SSL_ERROR_BAD_CERT_ALERT error. Accessing with cURL also gives me a similar error.
So my question is, did I misconfigure my certificate when I created them with nomad tls cert create ... ?
Also, can you confirm which .pem files exactly I should convert to P12 format to give them to my browser or cURL ? I tried to convert .pem to .p12 using the following command:
sudo openssl pkcs12 -export -out cert.p12 -in global-client-nomad.pem -inkey global-client-nomad-key.pem
Then I give the certificate to cURL using:
sudo curl --cert-type P12 --cert cert.p12 https://localhost:8007 -v -L
Also I tried something like this:
sudo nomad tls cert create -cli -additional-ipaddress "172.16.x.x" -additional-ipaddress "192.168.x.x"
The communication between nodes is working and the nomad CLI is working.
Master config file:
datacenter = "MP"
data_dir = "/opt/nomad"
server {
enabled = true
bootstrap_expect = 1
encrypt = "..."
}
client {
enabled = false
}
ports {
http = 8007
}
telemetry {
collection_interval = "1s"
disable_hostname = true
prometheus_metrics = true
publish_allocation_metrics = true
publish_node_metrics = true
}
# Require TLS
tls {
http = true
rpc = true
ca_file = "nomad-agent-ca.pem"
cert_file = "global-server-nomad.pem"
key_file = "global-server-nomad-key.pem"
verify_server_hostname = true
verify_https_client = true
}
Thanks