Hi,
I am following this article Generate mTLS Certificates for Nomad using Vault | Nomad | HashiCorp Developer to configure nomad with TLS integrated with Vault.
I am trying to create my own certs to my own CN, but Nomad seems to expect default CN of “server.global.nomad”
This is how I told Vault about the certificates
vault write -field=certificate pki/root/generate/internal \
common_name="home.local" ttl=87600h > CA_cert.crt
And
vault write -format=json pki_int/intermediate/generate/internal \
common_name="home.local Intermediate Authority" \
ttl="43800h" | jq -r '.data.csr' > pki_intermediate.csr
And
vault write -format=json pki/root/sign-intermediate \
csr=@pki_intermediate.csr format=pem_bundle \
ttl="43800h" | jq -r '.data.certificate' > intermediate.cert.pem
And
vault write pki_int/roles/home-cluster allowed_domains=home.local \
allow_subdomains=true max_ttl=86400s require_cn=false generate_lease=true
And this is the error in Nomad logs
Aug 21 02:25:35 home nomad[43310]: 2023-08-21T02:25:35.749+0200 [WARN] nomad.stats_fetcher: error getting server health: server=server1.global error="rpc error: failed to get conn: tls: failed to verify certificate: x509: certificate is valid for localhost, nomad.home.local, not server.global.nomad"
I may be wrong but it seems like Nomad expects the TLS certs to be under server.global.nomad
and does not accepts anything else.
Am I right? what is going on and how to fix this?