TLS

The config-tls command manages TLS settings in MAAS, enabling secure communication between clients and the MAAS server.

Usage

  • Enable TLS:

    sudo maas config-tls enable <private_key> <certificate> [--cacert <ca_certificate>] [-p <port>]
    • <private_key>: Path to the private key.
    • <certificate>: Path to the X.509 certificate.
    • --cacert <ca_certificate> (optional): Path to the CA certificate.
    • -p <port> (optional): Port for HTTPS (default: 5240).

    Example:

    sudo maas config-tls enable /etc/ssl/private/maas.key /etc/ssl/certs/maas.crt -p 5240

  • Disable TLS:

    sudo maas config-tls disable

    Switches MAAS back to HTTP mode.

  • Renew certificates:

    sudo maas config-tls enable <new_private_key> <new_certificate>

    Updates TLS with new credentials.

Considerations

  • Root privileges required (sudo).
  • HSTS enforced upon TLS enablement (max-age=86400s).
  • Port configuration defaults to 5240 but can be changed with -p.

Using config-tls to secure MAAS follows security best practices.

Last updated 7 hours ago.

Help improve this document in the forum.