Learn the HashiCorp Enterprise Stack 
»Consul TLS CA Create
Command: consul tls ca create
This command create a self signed CA to be used for Consul TLS setup.
»Example
Create CA:
$ consul tls ca create
==> Saved consul-ca.pem
==> Saved consul-ca-key.pem
»Usage
Usage: consul tls ca create [filename-prefix] [options]
»TLS CA Create Options
-additional-name-constraint=<value>- Add name constraints for the CA. Results in rejecting certificates for other DNS than specified. Can be used multiple times. Only used in combination with-name-constraint.-days=<int>- Provide number of days the CA is valid for from now on, defaults to 5 years.-domain=<string>- Domain of consul cluster. Only used in combination with-name-constraint. Defaults toconsul.-name-constraint- Add name constraints for the CA. Results in rejecting certificates for other DNS than specified. If turned on localhost and -domain will be added to the allowed DNS. If the UI is going to be served over HTTPS its DNS has to be added with-additional-constraint. It is not possible to add that after the fact! Defaults to false.