Enabling mTLS is a great way to secure access to your Nomad cluster, but doing so breaks the WebUI because you now need to provide a client certificate in order to access it. This is obviously what we would want, but it’s not overly obvious how to re-enable access.
Really it’s pretty simple, the important step is that you need to convert the PEM encoded certificates into a PKCS12 certificate to provide Firefox or whatever browser you are using as your user certificate.
openssl pkcs12 -inkey cli.pem -in cli.crt -export -out nomad.pfx
It will ask for a password, you can provide one or just leave it blank.
Next you’ll need to import the pfx file into firefox. Open
about:preferences and search for
cert, then click
In the configuration dialog, click
Import... and find the pfx file you generated with OpenSSL.
Once your user certificate is imported, open up the Nomad WebUI and Firefox will ask you which certificate to use (you probably only have the one) and viola the WebUI is back on the menu.