Anything against using same CA and Certs for Nomad and Consul agents

Is there anything against using the same CA and certs for the Nomad and Consul agents on a single client?

Hi @tlankhorst,

There isn’t an issue with using the same CA, however, Nomad and Conusl agents should not use the same certificate even when they are on the same host. The Learn site has guides on setting up Nomad TLS and Consul TLS. Specifically you’ll note the common names are different and specific to each application.

Thanks,
jrasell and the Nomad team.

Dear jrasell,

Thanks for your reply. I worked around the common name issue by using Subject Alt Names. So the cert is valid for both the hostname and the Nomad role.

Sorry to be so stubborn, but is there another reason not to use the same agent cert, except for the common names?

I just feel that managing one cert is easier and if one service is compromised I assume the whole machine is compromised anyway.