point out jwks_ca_pem parameter

hashicorp · May 17, 2024 · 74d179d · 74d179d
1 parent f182a6d
commit 74d179d
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/website/content/docs/integrations/vault/acl.mdx b/website/content/docs/integrations/vault/acl.mdx
@@ -295,8 +295,10 @@ your Vault and Nomad clusters are configured and deployed.
 It is highly recommended to use [mutual TLS][tutorial_mtls] in production
 deployments of Nomad. With mTLS enabled, the [`tls.verify_https_client`][]
 configuration must be set to `false` since it is not possible to provide client
-certificates to the Vault auth method. Vault must also be configured to trust
-the CA certificate used to sign Nomad's mTLS certificate.
+certificates to the Vault auth method. Nomad's CA certificate should be
+specified in the Vault auth method's
+[jwks_ca_pem](https://developer.hashicorp.com/vault/api-docs/auth/jwt#jwks_ca_pem)
+parameter.
 
 Alternatively, you may expose Nomad's JWKS URL from a proxy or a load balancer
 that handles the mutual TLS connection to Nomad and exposes the JWKS URL