Bonjour, 
Before apocalypse of Nomad 1.9 with Vault integration. I try to understand the vault token remplacement by workload identity.
So I follow this tutorial: Vault ACL with Nomad Workload Identities | Nomad | HashiCorp Developer
I deployed a dev hashistack with TLS and ACL and future old vault token in configuration.
I can create with auth method vault auth enable -path 'jwt-nomad' 'jwt'
But for next step, I’m stuck.
vault write auth/jwt-nomad/config '@vault-auth-method-jwt-nomad.json':
Error writing data to auth/jwt-nomad/config: Error making API request.
URL: PUT https://127.0.0.1:8200/v1/auth/jwt-nomad/config
Code: 400. Errors:
* error checking jwks URL
Because, my stack is already with TLS, I tried this changes:
{
"jwks_url": "https://127.0.0.1:4646/.well-known/jwks.json",
"jwks_ca_pem": "/etc/ssl/hashistack/hashistack-ca.pem",
"jwt_supported_algs": ["RS256", "EdDSA"],
"default_role": "nomad-workloads"
}
I added https to jwk_urls and added jwks_ca_pem
But, new error:
Error writing data to auth/jwt-nomad/config: Error making API request.
URL: PUT https://127.0.0.1:8200/v1/auth/jwt-nomad/config
Code: 400. Errors:
* error checking jwks_ca_pem
I don’t understand, I tried with differents certs form Vault, Nomad instead of jwt_ca_pem. But… Same error.
When I tried: curl https://127.0.0.1:4646/.well-known/jwks.json --cacert /etc/ssl/hashistack/hashistack-ca.pem
It works:
{"keys":[{"use":"sig","kty":"RSA","kid":"78fc6cea-e858-b17c-0f85-49cc752c9c80","alg":"RS256","n":"ybJyDkfWd9vvW0lSRP7T_XAjCqh6LMAsclkm0Yb-1KbjMsXHj2QTcweaC4RnypqDXGQLKRdDA9ZyKZAQ94UcSXKlsZaR9Xjjrz4NDb4nFdv_41Pnp-r0cbVzuc1yiGMP_UlNhFzSaMQlDb_g-l1C166Vd8KcgcG2BqnpTywwJf2pmejJeXjMbuRtdb9Udlx32YWlgf1r2YPqUjqsk1coZ4u4z1oZ5N-SQBHlGut7c59iwDlPoJP1BhjVc_HB2SAbMRdVwSl_0qBCVKIIwMTGu0DDn2b2MvqJI2tN4XxRS381jZqgzU0-VWhGhzAK7gV5ad6xLYoneZShydiBMWYEFw","e":"AQAB"}]}
What is the solution?
Thanks, Have great days/holidays! 
