From 2f4680680fb2109e73e13c91f96832a5632781bf Mon Sep 17 00:00:00 2001 From: James Rasell Date: Mon, 20 Mar 2023 16:06:15 +0000 Subject: [PATCH] dev: remove use of cfssl and use Nomad CLI for TLS certs. (#16145) --- dev/tls_cluster/README.md | 6 +++++- dev/tls_cluster/certs/cfssl.json | 13 ------------- dev/tls_cluster/certs/cli-key.pem | 5 ----- dev/tls_cluster/certs/cli.csr | 6 ------ dev/tls_cluster/certs/cli.pem | 12 ------------ dev/tls_cluster/certs/client-key.pem | 5 ----- dev/tls_cluster/certs/client.csr | 6 ------ dev/tls_cluster/certs/client.pem | 13 ------------- dev/tls_cluster/certs/foo-cli-nomad-key.pem | 5 +++++ dev/tls_cluster/certs/foo-cli-nomad.pem | 16 ++++++++++++++++ dev/tls_cluster/certs/foo-client-nomad-key.pem | 5 +++++ dev/tls_cluster/certs/foo-client-nomad.pem | 16 ++++++++++++++++ dev/tls_cluster/certs/foo-server-nomad-key.pem | 5 +++++ dev/tls_cluster/certs/foo-server-nomad.pem | 16 ++++++++++++++++ dev/tls_cluster/certs/nomad-agent-ca-key.pem | 5 +++++ dev/tls_cluster/certs/nomad-agent-ca.pem | 18 ++++++++++++++++++ dev/tls_cluster/certs/nomad-ca-key.pem | 5 ----- dev/tls_cluster/certs/nomad-ca.csr | 9 --------- dev/tls_cluster/certs/nomad-ca.pem | 13 ------------- dev/tls_cluster/certs/server-key.pem | 5 ----- dev/tls_cluster/certs/server.csr | 6 ------ dev/tls_cluster/certs/server.pem | 13 ------------- dev/tls_cluster/client1.hcl | 6 +++--- dev/tls_cluster/client2.hcl | 6 +++--- dev/tls_cluster/server.hcl | 6 +++--- 25 files changed, 100 insertions(+), 121 deletions(-) delete mode 100644 dev/tls_cluster/certs/cfssl.json delete mode 100644 dev/tls_cluster/certs/cli-key.pem delete mode 100644 dev/tls_cluster/certs/cli.csr delete mode 100644 dev/tls_cluster/certs/cli.pem delete mode 100644 dev/tls_cluster/certs/client-key.pem delete mode 100644 dev/tls_cluster/certs/client.csr delete mode 100644 dev/tls_cluster/certs/client.pem create mode 100644 dev/tls_cluster/certs/foo-cli-nomad-key.pem create mode 100644 dev/tls_cluster/certs/foo-cli-nomad.pem create mode 100644 dev/tls_cluster/certs/foo-client-nomad-key.pem create mode 100644 dev/tls_cluster/certs/foo-client-nomad.pem create mode 100644 dev/tls_cluster/certs/foo-server-nomad-key.pem create mode 100644 dev/tls_cluster/certs/foo-server-nomad.pem create mode 100644 dev/tls_cluster/certs/nomad-agent-ca-key.pem create mode 100644 dev/tls_cluster/certs/nomad-agent-ca.pem delete mode 100644 dev/tls_cluster/certs/nomad-ca-key.pem delete mode 100644 dev/tls_cluster/certs/nomad-ca.csr delete mode 100644 dev/tls_cluster/certs/nomad-ca.pem delete mode 100644 dev/tls_cluster/certs/server-key.pem delete mode 100644 dev/tls_cluster/certs/server.csr delete mode 100644 dev/tls_cluster/certs/server.pem diff --git a/dev/tls_cluster/README.md b/dev/tls_cluster/README.md index 1b572939b..3a706ed43 100644 --- a/dev/tls_cluster/README.md +++ b/dev/tls_cluster/README.md @@ -1 +1,5 @@ -Simply run the Nomad Server and Clients from this directory and the created cluster will be using TLS. +Simply run the Nomad Server and Clients from this directory and the created +cluster will be using TLS. + +### Certificate Generation +The TLS certificates and CA are generated using the `nomad tls` subcommands. diff --git a/dev/tls_cluster/certs/cfssl.json b/dev/tls_cluster/certs/cfssl.json deleted file mode 100644 index 6e438c9b9..000000000 --- a/dev/tls_cluster/certs/cfssl.json +++ /dev/null @@ -1,13 +0,0 @@ -{ - "signing": { - "default": { - "expiry": "87600h", - "usages": [ - "signing", - "key encipherment", - "server auth", - "client auth" - ] - } - } -} diff --git a/dev/tls_cluster/certs/cli-key.pem b/dev/tls_cluster/certs/cli-key.pem deleted file mode 100644 index a33b90991..000000000 --- a/dev/tls_cluster/certs/cli-key.pem +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN EC PRIVATE KEY----- -MHcCAQEEILf7p/j1fRxbYKNMic2SDg8gtxKshjT9n53v79RL6YswoAoGCCqGSM49 -AwEHoUQDQgAEk5UATh31iXNMatpNooVoBqNJI7skvN7iXqhBP9v6ysACnhAbLphi -PaZja5dqVIGpdX48B/lqvdz7bcgEHD3BTw== ------END EC PRIVATE KEY----- diff --git a/dev/tls_cluster/certs/cli.csr b/dev/tls_cluster/certs/cli.csr deleted file mode 100644 index 6519162d2..000000000 --- a/dev/tls_cluster/certs/cli.csr +++ /dev/null @@ -1,6 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIG7MGICAQAwADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJOVAE4d9YlzTGra -TaKFaAajSSO7JLze4l6oQT/b+srAAp4QGy6YYj2mY2uXalSBqXV+PAf5ar3c+23I -BBw9wU+gADAKBggqhkjOPQQDAgNJADBGAiEAjxZKImvamyiwlM71T5afwYrkXSKm -Qgu2mOBVBMmLG1gCIQD74Uu+PlDuRFA+WLiRgpy/3WJWd6C2KAqTs7PLGx4cGw== ------END CERTIFICATE REQUEST----- diff --git a/dev/tls_cluster/certs/cli.pem b/dev/tls_cluster/certs/cli.pem deleted file mode 100644 index 911608a87..000000000 --- a/dev/tls_cluster/certs/cli.pem +++ /dev/null @@ -1,12 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIByDCCAW+gAwIBAgIUHLtX9ysumbw3LCkxkKEzEH219p4wCgYIKoZIzj0EAwIw -SDELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDVNhbiBGcmFuY2lzY28xCzAJBgNVBAcT -AkNBMRQwEgYDVQQDEwtleGFtcGxlLm5ldDAeFw0xNzA4MjkxODU1MDBaFw0xODA4 -MjkxODU1MDBaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASTlQBOHfWJc0xq -2k2ihWgGo0kjuyS83uJeqEE/2/rKwAKeEBsumGI9pmNrl2pUgal1fjwH+Wq93Ptt -yAQcPcFPo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG -CCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFJK+IEBba+s+v3rV/bFn -tZsnvduWMB8GA1UdIwQYMBaAFH66XbZ49lhFbnq7yQMJQgj5HAq3MAoGCCqGSM49 -BAMCA0cAMEQCIDe1yWG5ulggBbp0Qu+oZqARua9fK6lvcY8Ke0In7BcsAiB6QKi7 -ScbOUk5rusXY3PlFBu8IKm6b/cA/sftohFewLA== ------END CERTIFICATE----- diff --git a/dev/tls_cluster/certs/client-key.pem b/dev/tls_cluster/certs/client-key.pem deleted file mode 100644 index 245cd617d..000000000 --- a/dev/tls_cluster/certs/client-key.pem +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN EC PRIVATE KEY----- -MHcCAQEEILtFfW7tRp9eDQvQbZV9k8PwHyOh7RnnsKGuZs32VVNhoAoGCCqGSM49 -AwEHoUQDQgAEj/NNTMe1CfzurUFgnc1tNLUvfzcRJy4bE827jLbvct3DIXtYOv8S -HOG+qdFhOyK1yqzb6Jv67jQ0nia5C6J3pQ== ------END EC PRIVATE KEY----- diff --git a/dev/tls_cluster/certs/client.csr b/dev/tls_cluster/certs/client.csr deleted file mode 100644 index 0cb4ccfcd..000000000 --- a/dev/tls_cluster/certs/client.csr +++ /dev/null @@ -1,6 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIG6MGICAQAwADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABI/zTUzHtQn87q1B -YJ3NbTS1L383EScuGxPNu4y273LdwyF7WDr/EhzhvqnRYTsitcqs2+ib+u40NJ4m -uQuid6WgADAKBggqhkjOPQQDAgNIADBFAiEA7G6tB30lrg46m+xOx/3CWahUmzKg -tY0L8HH4I+URPvkCIHUHwmuQZAhkXyzSpUdaHBi/45c4MsUzt38JE1864Y1D ------END CERTIFICATE REQUEST----- diff --git a/dev/tls_cluster/certs/client.pem b/dev/tls_cluster/certs/client.pem deleted file mode 100644 index cbe8d5854..000000000 --- a/dev/tls_cluster/certs/client.pem +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIB+TCCAZ+gAwIBAgIUGKlylRp2EYUnnMoRzkDLE8e/y4cwCgYIKoZIzj0EAwIw -SDELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDVNhbiBGcmFuY2lzY28xCzAJBgNVBAcT -AkNBMRQwEgYDVQQDEwtleGFtcGxlLm5ldDAeFw0xNzA4MjkxODU1MDBaFw0yNzA4 -MjcxODU1MDBaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASP801Mx7UJ/O6t -QWCdzW00tS9/NxEnLhsTzbuMtu9y3cMhe1g6/xIc4b6p0WE7IrXKrNvom/ruNDSe -JrkLonelo4GuMIGrMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD -AQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUKwkGHIIODtdTmpOL -EKwqBao7jq8wHwYDVR0jBBgwFoAUfrpdtnj2WEVuervJAwlCCPkcCrcwLAYDVR0R -BCUwI4IQY2xpZW50LmZvby5ub21hZIIJbG9jYWxob3N0hwR/AAABMAoGCCqGSM49 -BAMCA0gAMEUCIQCCHEeAyi6CCeK2eDMo40wgSUwz7tVjaSmZ/jj/lq2FwwIgeNK3 -d9b/cOpGCX1vVyRD9qkIO6eM228YGBqwUQLlQoY= ------END CERTIFICATE----- diff --git a/dev/tls_cluster/certs/foo-cli-nomad-key.pem b/dev/tls_cluster/certs/foo-cli-nomad-key.pem new file mode 100644 index 000000000..4a2a42ea3 --- /dev/null +++ b/dev/tls_cluster/certs/foo-cli-nomad-key.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIHGAcGoe8PnglGzeYEYsmlDIGHe2C2J+srNrdNthZyU+oAoGCCqGSM49 +AwEHoUQDQgAEbYWATwzycIhU97oDPZv4COfAejWL7GaufaZ2qacHV4xdBQVtny84 +KxLPNo+lInNMlHj16ojkt72+PcO6USSn2w== +-----END EC PRIVATE KEY----- diff --git a/dev/tls_cluster/certs/foo-cli-nomad.pem b/dev/tls_cluster/certs/foo-cli-nomad.pem new file mode 100644 index 000000000..cd3ad27b0 --- /dev/null +++ b/dev/tls_cluster/certs/foo-cli-nomad.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICbjCCAhSgAwIBAgIRAOvVUjAwJkYxb/ANpw/Xy6kwCgYIKoZIzj0EAwIwgbcx +CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj +bzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw +FQYDVQQKEw5IYXNoaUNvcnAgSW5jLjE+MDwGA1UEAxM1Tm9tYWQgQWdlbnQgQ0Eg +ODI2MDkxNjY3NzA3ODUzNzI5NTUxMTc1Mjk5NTUwOTk4Nzk4NTQwHhcNMjMwMjEz +MDk0MzQwWhcNMjQwMjEzMDk0MzQwWjAYMRYwFAYDVQQDEw1jbGkuZm9vLm5vbWFk +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEbYWATwzycIhU97oDPZv4COfAejWL +7GaufaZ2qacHV4xdBQVtny84KxLPNo+lInNMlHj16ojkt72+PcO6USSn26OBnjCB +mzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADApBgNVHQ4EIgQgyzOAi1r2 +TR2WKbmBqCMZAMIIURiz7JZAwl+tXtuxKG8wKwYDVR0jBCQwIoAgJt7MGCV1pkZL +mLAvx5NOLsM2WvKnCIqtkk8W8u+Ug4EwIwYDVR0RBBwwGoINY2xpLmZvby5ub21h +ZIIJbG9jYWxob3N0MAoGCCqGSM49BAMCA0gAMEUCIQDqb1OcWZwdXZ+Jl1G/caSf +lLNmk6aTp+X/qBDt6Mw6zwIgBR8lwR8mppMU0aIKezKDuLyKx0ED2TWf5A6uxU18 +t0k= +-----END CERTIFICATE----- diff --git a/dev/tls_cluster/certs/foo-client-nomad-key.pem b/dev/tls_cluster/certs/foo-client-nomad-key.pem new file mode 100644 index 000000000..00152dffe --- /dev/null +++ b/dev/tls_cluster/certs/foo-client-nomad-key.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIGG5neP+Z+CPTHGle6MHDeLzKz1h3LpDufWyOi4uJ1SioAoGCCqGSM49 +AwEHoUQDQgAE7NzfNOCytBb9PVC1rkotTiSL09EVrt6KLG2BZRLPhJil9b/JGPsB +tP5eIVKW4wKLljO1OvTRvwNyupZZkhIovg== +-----END EC PRIVATE KEY----- diff --git a/dev/tls_cluster/certs/foo-client-nomad.pem b/dev/tls_cluster/certs/foo-client-nomad.pem new file mode 100644 index 000000000..87ee61ed9 --- /dev/null +++ b/dev/tls_cluster/certs/foo-client-nomad.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICmDCCAj6gAwIBAgIQdAsC8e5Z6xfm6MxAnqvsmDAKBggqhkjOPQQDAjCBtzEL +MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv +MRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV +BgNVBAoTDkhhc2hpQ29ycCBJbmMuMT4wPAYDVQQDEzVOb21hZCBBZ2VudCBDQSA4 +MjYwOTE2Njc3MDc4NTM3Mjk1NTExNzUyOTk1NTA5OTg3OTg1NDAeFw0yMzAyMTMw +OTQzNTFaFw0yNDAyMTMwOTQzNTFaMBsxGTAXBgNVBAMTEGNsaWVudC5mb28ubm9t +YWQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATs3N804LK0Fv09ULWuSi1OJIvT +0RWu3oosbYFlEs+EmKX1v8kY+wG0/l4hUpbjAouWM7U69NG/A3K6llmSEii+o4HG +MIHDMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUH +AwEwDAYDVR0TAQH/BAIwADApBgNVHQ4EIgQgAUc9ZPq2IoNkE/CoaExqIDn6rjnw +QokHmxV9HFlKJsIwKwYDVR0jBCQwIoAgJt7MGCV1pkZLmLAvx5NOLsM2WvKnCIqt +kk8W8u+Ug4EwLAYDVR0RBCUwI4IQY2xpZW50LmZvby5ub21hZIIJbG9jYWxob3N0 +hwR/AAABMAoGCCqGSM49BAMCA0gAMEUCIA1yK8irAMnm+FW0wHMTH4JwBzOwyKaL ++ZbvUn0RI+W7AiEAir7nn9Is6bIAywtf5GjsfWJbkQz2rBv0GrblzQcB3dA= +-----END CERTIFICATE----- diff --git a/dev/tls_cluster/certs/foo-server-nomad-key.pem b/dev/tls_cluster/certs/foo-server-nomad-key.pem new file mode 100644 index 000000000..a36111d6e --- /dev/null +++ b/dev/tls_cluster/certs/foo-server-nomad-key.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIL34Rs9pwGYYUoBMDv9YjjkLzHG2n+rRUwPXo5sox4nqoAoGCCqGSM49 +AwEHoUQDQgAEMvzQzOxkTicM6ftl2HSkBNz/BX330NeG2Fx587ElA7LbARPS/65L +vGEdbdN+BBlz7hGFlrgcoV/aOqvEJ4d9RA== +-----END EC PRIVATE KEY----- diff --git a/dev/tls_cluster/certs/foo-server-nomad.pem b/dev/tls_cluster/certs/foo-server-nomad.pem new file mode 100644 index 000000000..f70abbebc --- /dev/null +++ b/dev/tls_cluster/certs/foo-server-nomad.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIIClzCCAj6gAwIBAgIQYb/SI/sKDeU/3CI8iVpH8jAKBggqhkjOPQQDAjCBtzEL +MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv +MRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV +BgNVBAoTDkhhc2hpQ29ycCBJbmMuMT4wPAYDVQQDEzVOb21hZCBBZ2VudCBDQSA4 +MjYwOTE2Njc3MDc4NTM3Mjk1NTExNzUyOTk1NTA5OTg3OTg1NDAeFw0yMzAyMTMw +OTQzNDVaFw0yNDAyMTMwOTQzNDVaMBsxGTAXBgNVBAMTEHNlcnZlci5mb28ubm9t +YWQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQy/NDM7GROJwzp+2XYdKQE3P8F +fffQ14bYXHnzsSUDstsBE9L/rku8YR1t034EGXPuEYWWuByhX9o6q8Qnh31Eo4HG +MIHDMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH +AwIwDAYDVR0TAQH/BAIwADApBgNVHQ4EIgQgFcd02ktSGsqNvdEJ2m7R4mzDgTJK +yMCq2fJRBx6pAWUwKwYDVR0jBCQwIoAgJt7MGCV1pkZLmLAvx5NOLsM2WvKnCIqt +kk8W8u+Ug4EwLAYDVR0RBCUwI4IQc2VydmVyLmZvby5ub21hZIIJbG9jYWxob3N0 +hwR/AAABMAoGCCqGSM49BAMCA0cAMEQCIEish743/KD215Snx2+WyFO9b7+adQX5 +ETaIZZJKYtEFAiBdKWiXQM1AQlZeFaXGI7nl2mzJj9CDfZgMoonTh8X4Sg== +-----END CERTIFICATE----- diff --git a/dev/tls_cluster/certs/nomad-agent-ca-key.pem b/dev/tls_cluster/certs/nomad-agent-ca-key.pem new file mode 100644 index 000000000..faafbd084 --- /dev/null +++ b/dev/tls_cluster/certs/nomad-agent-ca-key.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIMDaWs6qeCgZixzgZQgPe7jFkGWS9JS/OFcQR8QrWHGToAoGCCqGSM49 +AwEHoUQDQgAEU0VTvS/+HVkskpOU5p9mnvApQu1xaCbb2g/RgYsEo8BQ8iuwxTr3 +KEubOMdI0EGidkD3tYjLJFA7NfGuDX9o1A== +-----END EC PRIVATE KEY----- diff --git a/dev/tls_cluster/certs/nomad-agent-ca.pem b/dev/tls_cluster/certs/nomad-agent-ca.pem new file mode 100644 index 000000000..654c8f65c --- /dev/null +++ b/dev/tls_cluster/certs/nomad-agent-ca.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC6TCCAo+gAwIBAgIQPiXyYUDxdsUIRIhEC74prjAKBggqhkjOPQQDAjCBtzEL +MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv +MRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV +BgNVBAoTDkhhc2hpQ29ycCBJbmMuMT4wPAYDVQQDEzVOb21hZCBBZ2VudCBDQSA4 +MjYwOTE2Njc3MDc4NTM3Mjk1NTExNzUyOTk1NTA5OTg3OTg1NDAeFw0yMzAyMTMw +OTM0NDhaFw0yODAyMTIwOTM0NDhaMIG3MQswCQYDVQQGEwJVUzELMAkGA1UECBMC +Q0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xGjAYBgNVBAkTETEwMSBTZWNvbmQg +U3RyZWV0MQ4wDAYDVQQREwU5NDEwNTEXMBUGA1UEChMOSGFzaGlDb3JwIEluYy4x +PjA8BgNVBAMTNU5vbWFkIEFnZW50IENBIDgyNjA5MTY2NzcwNzg1MzcyOTU1MTE3 +NTI5OTU1MDk5ODc5ODU0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEU0VTvS/+ +HVkskpOU5p9mnvApQu1xaCbb2g/RgYsEo8BQ8iuwxTr3KEubOMdI0EGidkD3tYjL +JFA7NfGuDX9o1KN7MHkwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8w +KQYDVR0OBCIEICbezBgldaZGS5iwL8eTTi7DNlrypwiKrZJPFvLvlIOBMCsGA1Ud +IwQkMCKAICbezBgldaZGS5iwL8eTTi7DNlrypwiKrZJPFvLvlIOBMAoGCCqGSM49 +BAMCA0gAMEUCIQC2Q31pY0Vl7BPfLFD0CpBuvUNKeoXBuPYvL7Xojp+iqgIgRybk +FyeAfhz09794kclLuWW5LeB4hkc4JMTEp30aV0A= +-----END CERTIFICATE----- diff --git a/dev/tls_cluster/certs/nomad-ca-key.pem b/dev/tls_cluster/certs/nomad-ca-key.pem deleted file mode 100644 index a1e6e99e2..000000000 --- a/dev/tls_cluster/certs/nomad-ca-key.pem +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN EC PRIVATE KEY----- -MHcCAQEEIL0op5QMrXeB876AhIx/djGCNWMNpTCea1IMW3qVrADioAoGCCqGSM49 -AwEHoUQDQgAEPTNOV30bIUeCR4xvPn2duP4nz8RZg5SSfBqJ788Zo2jWwgUJ6unh -KSeEsQaiVMIL8PcPn2OATMgTllqVSm7ALg== ------END EC PRIVATE KEY----- diff --git a/dev/tls_cluster/certs/nomad-ca.csr b/dev/tls_cluster/certs/nomad-ca.csr deleted file mode 100644 index 9324b444b..000000000 --- a/dev/tls_cluster/certs/nomad-ca.csr +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIIBPDCB5AIBADBIMQswCQYDVQQGEwJVUzEWMBQGA1UECBMNU2FuIEZyYW5jaXNj -bzELMAkGA1UEBxMCQ0ExFDASBgNVBAMTC2V4YW1wbGUubmV0MFkwEwYHKoZIzj0C -AQYIKoZIzj0DAQcDQgAEPTNOV30bIUeCR4xvPn2duP4nz8RZg5SSfBqJ788Zo2jW -wgUJ6unhKSeEsQaiVMIL8PcPn2OATMgTllqVSm7ALqA6MDgGCSqGSIb3DQEJDjEr -MCkwJwYDVR0RBCAwHoILZXhhbXBsZS5uZXSCD3d3dy5leGFtcGxlLm5ldDAKBggq -hkjOPQQDAgNHADBEAiAqo8um1UGdK2JIM2ZY5LUEvFfULqEP+IANGaBPR36rVwIg -fi6F99QQBNwk0vmFhOEP1T01vajoM+Uwx6EhjyXBS7A= ------END CERTIFICATE REQUEST----- diff --git a/dev/tls_cluster/certs/nomad-ca.pem b/dev/tls_cluster/certs/nomad-ca.pem deleted file mode 100644 index 413356481..000000000 --- a/dev/tls_cluster/certs/nomad-ca.pem +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIB+DCCAZ6gAwIBAgIUbGbARr8sjISnz/MjmGEX/0VQWZswCgYIKoZIzj0EAwIw -SDELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDVNhbiBGcmFuY2lzY28xCzAJBgNVBAcT -AkNBMRQwEgYDVQQDEwtleGFtcGxlLm5ldDAeFw0xNzA4MjkxODUzMDBaFw0yMjA4 -MjgxODUzMDBaMEgxCzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1TYW4gRnJhbmNpc2Nv -MQswCQYDVQQHEwJDQTEUMBIGA1UEAxMLZXhhbXBsZS5uZXQwWTATBgcqhkjOPQIB -BggqhkjOPQMBBwNCAAQ9M05XfRshR4JHjG8+fZ24/ifPxFmDlJJ8GonvzxmjaNbC -BQnq6eEpJ4SxBqJUwgvw9w+fY4BMyBOWWpVKbsAuo2YwZDAOBgNVHQ8BAf8EBAMC -AQYwEgYDVR0TAQH/BAgwBgEB/wIBAjAdBgNVHQ4EFgQUfrpdtnj2WEVuervJAwlC -CPkcCrcwHwYDVR0jBBgwFoAUfrpdtnj2WEVuervJAwlCCPkcCrcwCgYIKoZIzj0E -AwIDSAAwRQIhAKRui2n4gf/f2ooffiKkyJ2EmMJtD2zfusZPL84Vf59PAiAJtTNv -3hEDL/ov9L0n0YfmmprA6ef8qqcet3TqidYVLA== ------END CERTIFICATE----- diff --git a/dev/tls_cluster/certs/server-key.pem b/dev/tls_cluster/certs/server-key.pem deleted file mode 100644 index 38db8941c..000000000 --- a/dev/tls_cluster/certs/server-key.pem +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN EC PRIVATE KEY----- -MHcCAQEEINOEjpNrhLHbQRMavODvn0nDMxVihn4QfLKlPApUbkUeoAoGCCqGSM49 -AwEHoUQDQgAEkIyNAlIpNvgNCtbSk5OIkbr+mF+RrNAFlzUKAEyxfht2nq5ea+Nj -yP0wXQ5IWP+tHjiiQToBezSBJnlLxTzA1w== ------END EC PRIVATE KEY----- diff --git a/dev/tls_cluster/certs/server.csr b/dev/tls_cluster/certs/server.csr deleted file mode 100644 index d24973eb8..000000000 --- a/dev/tls_cluster/certs/server.csr +++ /dev/null @@ -1,6 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIG7MGICAQAwADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJCMjQJSKTb4DQrW -0pOTiJG6/phfkazQBZc1CgBMsX4bdp6uXmvjY8j9MF0OSFj/rR44okE6AXs0gSZ5 -S8U8wNegADAKBggqhkjOPQQDAgNJADBGAiEA3HRmZwW//PUp2wor97hIa5cAb0Yq -EBFyqiUm9LdFzCsCIQCj5t+f+thVEvO5fQGILXBqq969KTefk9dVVQbLrcgxog== ------END CERTIFICATE REQUEST----- diff --git a/dev/tls_cluster/certs/server.pem b/dev/tls_cluster/certs/server.pem deleted file mode 100644 index 01f757a02..000000000 --- a/dev/tls_cluster/certs/server.pem +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIB+jCCAZ+gAwIBAgIUBvib9g3e/m/c7mZjiBE59CJJo6swCgYIKoZIzj0EAwIw -SDELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDVNhbiBGcmFuY2lzY28xCzAJBgNVBAcT -AkNBMRQwEgYDVQQDEwtleGFtcGxlLm5ldDAeFw0xNzA4MjkxODU0MDBaFw0yNzA4 -MjcxODU0MDBaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASQjI0CUik2+A0K -1tKTk4iRuv6YX5Gs0AWXNQoATLF+G3aerl5r42PI/TBdDkhY/60eOKJBOgF7NIEm -eUvFPMDXo4GuMIGrMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD -AQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUeoR3h6dgHF6LaHQ+ -xjO85N8fZ28wHwYDVR0jBBgwFoAUfrpdtnj2WEVuervJAwlCCPkcCrcwLAYDVR0R -BCUwI4IQc2VydmVyLmZvby5ub21hZIIJbG9jYWxob3N0hwR/AAABMAoGCCqGSM49 -BAMCA0kAMEYCIQCa/ljHAZh0RpV8aPu/GkJOJge8Jij5MsWRDYYIVoeN0QIhANHL -uibsL7bNniqtD+2pccgxyPIjvrz18NOC/31KJy8d ------END CERTIFICATE----- diff --git a/dev/tls_cluster/client1.hcl b/dev/tls_cluster/client1.hcl index 764109251..1b8251fb1 100644 --- a/dev/tls_cluster/client1.hcl +++ b/dev/tls_cluster/client1.hcl @@ -25,9 +25,9 @@ tls { http = true rpc = true - ca_file = "certs/nomad-ca.pem" - cert_file = "certs/client.pem" - key_file = "certs/client-key.pem" + ca_file = "certs/nomad-agent-ca.pem" + cert_file = "certs/foo-client-nomad.pem" + key_file = "certs/foo-client-nomad-key.pem" verify_server_hostname = true verify_https_client = true diff --git a/dev/tls_cluster/client2.hcl b/dev/tls_cluster/client2.hcl index 77087674b..a8c745e29 100644 --- a/dev/tls_cluster/client2.hcl +++ b/dev/tls_cluster/client2.hcl @@ -25,9 +25,9 @@ tls { http = true rpc = true - ca_file = "certs/nomad-ca.pem" - cert_file = "certs/client.pem" - key_file = "certs/client-key.pem" + ca_file = "certs/nomad-agent-ca.pem" + cert_file = "certs/foo-client-nomad.pem" + key_file = "certs/foo-client-nomad-key.pem" verify_server_hostname = true verify_https_client = true diff --git a/dev/tls_cluster/server.hcl b/dev/tls_cluster/server.hcl index 0b284779d..aa32bd94f 100644 --- a/dev/tls_cluster/server.hcl +++ b/dev/tls_cluster/server.hcl @@ -18,9 +18,9 @@ tls { http = true rpc = true - ca_file = "certs/nomad-ca.pem" - cert_file = "certs/server.pem" - key_file = "certs/server-key.pem" + ca_file = "certs/nomad-agent-ca.pem" + cert_file = "certs/foo-server-nomad.pem" + key_file = "certs/foo-server-nomad-key.pem" verify_server_hostname = true verify_https_client = true