How to tell Nomad to use concrete .cer file for download artifact from different server?

Hi, community.

I want to ask you, how we can tell Nomad to use the appropriate cer file for downloading a zip file from a different server. I tried what is written in the documentation, but it gives me this error:

Failed Artifact Download failed to download artifact “url”: Get “url”: x509: certificate signed by unknown authority

when allocation trying to run.

We imported the .cer files in the OS(RHEL) on the servers and the clients and then when trying to reach and download the file with curl on them everything works well, but when we put the link in the nomad artifact → source we have this error above.

At this point, we are using only Nomad.

Any suggestions are welcome.


1 Like

Hi @nbglink :wave:

Nomad uses a library called go-getter to download artifacts, and it seems like support for this was added a few months ago:

Would you mind opening a feature request for Nomad to add support for this?

Thank you.

1 Like

I’m not sure I see how this is a solution. If I understand it, the proposal here is to expose the flag in go-getter that sets the InsecureSkipVerify flag on the tls context, the one commented “not recommended” and “for testing only”:

	// Insecure controls whether a client verifies the server's
	// certificate chain and host name. If Insecure is true, crypto/tls
	// accepts any certificate presented by the server and any host name in that
	// certificate. In this mode, TLS is susceptible to machine-in-the-middle
	// attacks unless custom verification is used. This should be used only for
	// testing or in combination with VerifyConnection or VerifyPeerCertificate.
	// This is identical to tls.Config.InsecureSkipVerify.

What the OP was asking for, or at least, what I’m wanting in the same circumstance is to be able to actually provide a certificate to use when making the TLS connection so that the HTTPS is verified.

1 Like