Access Nomad GUI after setting TLS


I set up TLS on Nomad by following this tutorial. It seems to be working, but when I try to access https://<ip>:<port> from a browser it returns an SSL_ERROR_BAD_CERT_ALERT error. Accessing with cURL also gives me a similar error.

So my question is, did I misconfigure my certificate when I created them with nomad tls cert create ... ?

Also, can you confirm which .pem files exactly I should convert to P12 format to give them to my browser or cURL ? I tried to convert .pem to .p12 using the following command:
sudo openssl pkcs12 -export -out cert.p12 -in global-client-nomad.pem -inkey global-client-nomad-key.pem

Then I give the certificate to cURL using:
sudo curl --cert-type P12 --cert cert.p12 https://localhost:8007 -v -L

Also I tried something like this:
sudo nomad tls cert create -cli -additional-ipaddress "172.16.x.x" -additional-ipaddress "192.168.x.x"

The communication between nodes is working and the nomad CLI is working.

Master config file:

datacenter = "MP"
data_dir = "/opt/nomad"

server {
  enabled = true
  bootstrap_expect = 1
  encrypt = "..."

client {
  enabled = false

ports {
  http = 8007

telemetry {
  collection_interval = "1s"
  disable_hostname = true
  prometheus_metrics = true
  publish_allocation_metrics = true
  publish_node_metrics = true
# Require TLS
tls {
  http = true
  rpc  = true

  ca_file   = "nomad-agent-ca.pem"
  cert_file = "global-server-nomad.pem"
  key_file  = "global-server-nomad-key.pem"

  verify_server_hostname = true
  verify_https_client    = true


1 Like