The config-tls
command manages TLS settings in MAAS, enabling secure communication between clients and the MAAS server.
Usage
-
Enable TLS:
sudo maas config-tls enable <private_key> <certificate> [--cacert <ca_certificate>] [-p <port>]
<private_key>
: Path to the private key.<certificate>
: Path to the X.509 certificate.--cacert <ca_certificate>
(optional): Path to the CA certificate.-p <port>
(optional): Port for HTTPS (default: 5240).
Example:
sudo maas config-tls enable /etc/ssl/private/maas.key /etc/ssl/certs/maas.crt -p 5240
-
Disable TLS:
sudo maas config-tls disable
Switches MAAS back to HTTP mode.
-
Renew certificates:
sudo maas config-tls enable <new_private_key> <new_certificate>
Updates TLS with new credentials.
Considerations
- Root privileges required (
sudo
). - HSTS enforced upon TLS enablement (
max-age=86400s
). - Port configuration defaults to 5240 but can be changed with
-p
.
Using config-tls
to secure MAAS follows security best practices.
Last updated 12 hours ago.