»Consul TLS CA Create
consul tls ca create
This command create a self signed CA to be used for Consul TLS setup.
$ consul tls ca create ==> Saved consul-ca.pem ==> Saved consul-ca-key.pem
consul tls ca create [filename-prefix] [options]
»TLS CA Create Options
-additional-name-constraint=<value>- Add name constraints for the CA. Results in rejecting certificates for other DNS than specified. Can be used multiple times. Only used in combination with
-days=<int>- Provide number of days the CA is valid for from now on, defaults to 5 years.
-domain=<string>- Domain of consul cluster. Only used in combination with
-name-constraint. Defaults to
-name-constraint- Add name constraints for the CA. Results in rejecting certificates for other DNS than specified. If turned on localhost and -domain will be added to the allowed DNS. If the UI is going to be served over HTTPS its DNS has to be added with
-additional-constraint. It is not possible to add that after the fact! Defaults to false.
cluster-id- ClusterID of the consul cluster, requires
-domainto be set as well. When used this will cause URIs to be set with spiffeid.
common-name- Common Name of CA. Defaults to Consul Agent CA.