TLS cert install location error

I am trying to configure TLS on maas and I am unclear where I should put the certs. I get various permission denied messages on difrent files in the command when ever I run the config-tls. I also get apparmor errors.

edit: The files are owned and readable by root. should it be another user maybe?

commmand I am running.

maas config-tls enable --cacert /tmp/ -p 443 /tmp/ /tmp/

maas config-tls enable --cacert /etc/ssl/certs/ -p 443 /etc/ssl/private/ /etc/ssl/certs/

I have also tried my home dir with the above cmd.

command line error. The specific file denied changes with location.

argument key: can't open '/etc/ssl/private/': [Errno 13] Permission denied: '/etc/ssl/private/'

apparmor error.

Apr  9 14:40:04 maas systemd[1]: Started snap.maas.maas.15bd76f6-3c49-4083-a6bb-a2a548fc93c4.scope.
Apr  9 14:40:06 maas kernel: [80193.070884] audit: type=1400 audit(1681051206.823:10760): apparmor="DENIED" operation="open" profile="snap.maas.maas" name="/etc/ssl/private/" pid=80199 comm="python3" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Apr  9 14:40:07 maas systemd[1]: snap.maas.maas.15bd76f6-3c49-4083-a6bb-a2a548fc93c4.scope: Succeeded.

maas version installed from snap. Installed on fresh Ubuntu 20.04.6 LTS instance.

Name  Version                  Rev    Tracking    Publisher   Notes
maas  3.3.1-13169-g.94920eb1e  26658  3.3/stable  canonicalâś“  -

Hello @mindcloud

If you’re using the snap, the certificate and key must be placed in a directory that snap can read. I would suggest to try /var/snap/maas/common

1 Like

That worked thank you.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.