[strongSwan] Can't load certificates and keys via symlink
simon.deziel at gmail.com
Mon Feb 13 20:41:57 CET 2017
Am 10.02.2017 um 00:22 schrieb Jose Novacho:
> if I replace the symbolic link with the actual file fullchain1.pem
> everything works as expected.
> I have also replaced the link, so it points at the
> /etc/letsencrypt//archive//trinity.ingames.cz/cert1.pem file. But
> that didn't help either. I'm still getting permission denied on the
> cert file.
On Ubuntu, the charon process is confined by Apparmor and its profile
[*] doesn't let it read files from random locations on the filesystem.
If you put the various .pem under their dedicated directories under
/etc/ipsec.d/ Apparmor will let charon access them.
*: see /etc/apparmor.d/usr.lib.ipsec.charon
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: OpenPGP digital signature
More information about the Users