TLS/SSL Interception

I have no choice but to live behind an SSL/TLS interception/inspection solution at work. I have the certificates to trust to get everything to work, but I’m running into problems.

If I try to bootstrap via juju, I run into errors. I am not finding a good way to add the certs to the juju command, so I’m wondering if I need to provision the certs in maas, and if so, how to do that.

What I’d like is to integrate the certs I need to trust into the maas install and ubuntu images before I even get to the juju commands. If anyone has any experience with this type of thing I’d appreciate a shove the correct direction.

Hi @johnnybinator, this may be of some help to you https://maas.io/docs/snap/2.9/ui/configuring-tls-encryption. MAAS does not support TLS natively, but you can run it behind a reverse proxy that does. This will terminate TLS for you in between juju and MAAS.

I’m not sure I understand how this will help my problem. I’m connecting to maas just fine, the problem I have is that the juju command and any config I try to run with it doesn’t allow for the TLS interception on my network. This is the connection from the machine I’m using to run juju to the internet, to pull down the parts needed for whatever one is trying to install…like kubernetes, etc.

If I’m wrong, I’m happy to try to understand better, as I am still stuck in this spot.

Ah so this is a MAAS-managed server that you wish to add trusted certs to? In that case, you can add the TLS certs to a machine as part of its cloud-init user-data, https://maas.io/docs/snap/2.9/ui/custom-machine-setup#heading--cloud-init. I would also recommend asking on the Juju discourse, https://discourse.charmhub.io/, to confirm how to configure Juju for this scenario.