About MAAS Native TLS
MAAS version 3.2 has built-in TLS support for communicating with the UI and API over HTTPS. This eliminates the need to deploy a separate TLS-terminating reverse-proxy solution in front of MAAS to provide secure access to API and UI.
TLS versions 1.2 and 1.3 are supported by MAAS. For TLSv1.2, the following ciphers are accepted:
- AES256+EECDH
- AES256+EDH
You will need to obtain your own certificates via some provider, e.g., small step↗.
About certificate auto-renewal
At the moment we don’t support automatic certificate renewal, because it depends on the PKI used at the organisation level. We do provide some examples of how to set this up, as long as you understand that these are just gratuitous helps, not supported configurations.
To obtain MAAS native TLS, upgrade to MAAS v3.2 or higher.