Skip to content

Commit

Permalink
Add Website Content for the tls command
Browse files Browse the repository at this point in the history
  • Loading branch information
@lhaig
lhaig committed Nov 14, 2022
1 parent cc1a8bb commit b3f308d
Show file tree
Hide file tree
Showing 6 changed files with 148 additions and 87 deletions.
51 changes: 51 additions & 0 deletions website/content/docs/commands/tls/ca-create.mdx
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
---
layout: docs
page_title: 'Commands: tls ca create'
description: |
This command creates a Certificate Authority that can be used to create
self signed certificates to be used for Nomad TLS setup.
---

# Command: nomad tls ca create

Create is used to create a self signed Certificate Authority to be used for Nomad TLS setup.

## Usage

```plaintext
nomad tls ca create [options]
```

## CA Create Options

- `-additional-name-constraint=<value>` : Add name constraints for the CA.
Results in rejecting certificates for other DNS than specified. Can be used
multiple times. Only used in combination with `-name-constraint`.
- `common-name` : Common Name of CA. Defaults to Nomad Agent CA.
- `-days=<int>` : Provide number of days the CA is valid for from now on, defaults to 5 years.
- `-domain=<string>` : Domain of nomad cluster. Only used in combination with
`-name-constraint`. Defaults to `nomad`.
- `-name-constraint` : Add name constraints for the CA. Results in rejecting
certificates for other DNS than specified. If turned on localhost and -domain
will be added to the allowed DNS. If the UI is going to be served over HTTPS
its DNS has to be added with `-additional-constraint`. It is not possible to
add that after the fact! Defaults to false.


## Example

Create CA:

```shell-session
$ nomad tls ca create
==> CA Certificate saved to: nomad-agent-ca.pem
==> CA Certificate key saved to: nomad-agent-ca-key.pem
```

Create a CA with a specified domain:

```shell-session
$ nomad tls ca create -name-constraint="true" -domain="foo.com"
==> CA Certificate saved to: foo.com-agent-ca.pem
==> CA Certificate key saved to: foo.com-agent-ca-key.pem
```
41 changes: 41 additions & 0 deletions website/content/docs/commands/tls/ca-info.mdx
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
---
layout: docs
page_title: 'Commands: tls ca info'
description: |
This command displays relevant information that is contained within a
Certificate Authority certificate.
---

# Command: nomad tls ca info

Info is used to display relevant information that is contained within a profided certificate file.

## Usage

```plaintext
nomad tls ca info [file-name]
```

## Example

Display default CA:

```shell-session
$ nomad tls ca info nomad-agent-ca.pem
Serial Number 314623649437549144006237783956683542664
Issuer CN Nomad Agent CA 314623649437549144006237783956683542664
Common Name CN=Nomad Agent CA 314623649437549144006237783956683542664,O=HashiCorp Inc.,POSTALCODE=94105,STREET=101 Second Street,L=San Francisco,ST=CA,C=US
Expiry Date 2027-11-13 21:37:38 +0000 UTC
Permitted DNS Domains []
```

Display CA with a custom domain foo.com:

```shell-session
$ nomad tls ca info foo.com-agent-ca.pem
Serial Number 189027561135335847320487296530900061259
Issuer CN Nomad Agent CA 189027561135335847320487296530900061259
Common Name CN=Nomad Agent CA 189027561135335847320487296530900061259,O=HashiCorp Inc.,POSTALCODE=94105,STREET=101 Second Street,L=San Francisco,ST=CA,C=US
Expiry Date 2027-11-13 21:38:15 +0000 UTC
Permitted DNS Domains [foo.com localhost]
```
45 changes: 0 additions & 45 deletions website/content/docs/commands/tls/ca.mdx
View file

This file was deleted.

16 changes: 9 additions & 7 deletions website/content/docs/commands/tls/cert.mdx → ...content/docs/commands/tls/cert-create.mdx
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,16 @@
---
layout: docs
page_title: 'Commands: TLS Cert Create'
description: |
This command creates a Certificate that can be used for Nomad TLS setup.
---

# Nomad TLS Cert Create
# Command: nomad tls cert create

Command: `nomad tls cert create`

The `tls cert create` command is used to create certificates to be used in
for your Nomad cluster for TLS setup. You can then copy these to your server
as part fo the configurstion. This command will not automatically update the
settings in the agents.
The `tls cert create` command is used to create certificates to be used for
[TLS encryption][] for your Nomad cluster. You can then copy these to your
servers and clients. This command will not automatically update the
configuration of the agents.

## Examples

Expand Down Expand Up @@ -82,3 +82,5 @@ Usage: `nomad tls cert create [options]`
`<node>.server.<datacenter>.<domain>`.

- `-server` - Generate server certificate.

[TLS encryption]: https://learn.hashicorp.com/tutorials/nomad/security-enable-tls?in=nomad/transport-security
31 changes: 31 additions & 0 deletions website/content/docs/commands/tls/cert-info.mdx
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
---
layout: docs
page_title: 'Commands: TLS Cert Info'
description: |
This command displays relevant information that is contained within a
certificate.
---

# Command: nomad tls cert info

Info is used to display relevant information that is contained within a profided certificate file.

## Usage

```plaintext
nomad tls cert info [file-name]
```

## Examples

Display default Certificate Info:

```shell-session
$ nomad tls cert info global-cli-nomad.pem
Serial Number 307777061759235334129808343588809897525
Issuer CN Nomad Agent CA 314623649437549144006237783956683542664
Common Name CN=cli.global.nomad
Expiry Date 2023-11-14 21:40:45 +0000 UTC
DNS Names [cli.global.nomad localhost]
IP Addresses []
```
51 changes: 16 additions & 35 deletions website/content/docs/commands/tls/index.mdx
View file
Original file line number Diff line number Diff line change
@@ -1,47 +1,28 @@
---
layout: docs
page_title: 'Commands: TLS'
page_title: 'Commands: tls'
description: |
The tls command is used to help with creating a Certificate Authority
and up self signed certificates for Nomad TLS configuration.
---

# Nomad TLS
# Command: tls

Command: `nomad tls`

The `tls` command is used to help with setting up a CA and certificates for Nomad TLS.

## Basic Examples

Create a CA:

```shell-session
$ nomad tls ca create
==> Saved nomad-agent-ca.pem
==> Saved nomad-agent-ca-key.pem
```

Create a client certificate:

```shell-session
$ nomad tls cert create -client
==> Using nomad-agent-ca.pem and nomad-agent-ca-key.pem
==> Saved dc1-client-nomad.pem
==> Saved dc1-client-nomad-key.pem
```
The `tls` command is used to help with setting up a self signed CA and certificates for Nomad TLS.

## Usage

Usage: `nomad tls <subcommand> <subcommand> [options]`

Run `nomad tls <subcommand> -h` for help on that subcommand. The following
subcommands are available:

```text
Usage: nomad tls <subcommand> <subcommand> [options]
# ...
Subcommands:
ca Helpers for CAs
cert Helpers for certificates
```
- [`ca create`][cacreate] - Create Certificate Authority
- [`ca info`][cainfo] - Display information from a CA certificate
- [`cert create`][certcreate] - Create self signed certificates
- [`cert info`][certinfo] - Display information from a certificate

For more information, examples, and usage about a subcommand, click on the name
of the subcommand in the sidebar or one of the links below:
[cacreate]: /docs/commands/tls/ca-create 'Create Certificate Authority'
[cainfo]: /docs/commands/tls/ca-info 'Display information from a CA certificate'
[certcreate]: /docs/commands/tls/cert-create 'Create self signed certificates'
[certinfo]: /docs/commands/tls/cert-info 'Display information from a certificate'

0 comments on commit b3f308d

Please sign in to comment.