Accessing the Nomad WebUI with mTLS

Enabling mTLS is a great way to secure access to your Nomad cluster, but doing so breaks the WebUI because you now need to provide a client certificate in order to access it. This is obviously what we would want, but it’s not overly obvious how to re-enable access.

Really it’s pretty simple, the important step is that you need to convert the PEM encoded certificates into a PKCS12 certificate to provide Firefox or whatever browser you are using as your user certificate.

openssl pkcs12 -inkey cli.pem -in cli.crt -export -out nomad.pfx

It will ask for a password, you can provide one or just leave it blank.

Next you’ll need to import the pfx file into firefox. Open about:preferences and search for cert, then click View Certificates...

firefox certificate configuration button

In the configuration dialog, click Import... and find the pfx file you generated with OpenSSL.

firefox certificate configuration window

Once your user certificate is imported, open up the Nomad WebUI and Firefox will ask you which certificate to use (you probably only have the one) and viola the WebUI is back on the menu.