[strongSwan] Can't load certificates and keys via symlink

Simon Deziel simon.deziel at gmail.com
Mon Feb 13 20:41:57 CET 2017


Am 10.02.2017 um 00:22 schrieb Jose Novacho:
> 
> if I replace the symbolic link with the actual file fullchain1.pem
> everything works as expected.
> 
> I have also replaced the link, so it points at the
> /etc/letsencrypt//archive//trinity.ingames.cz/cert1.pem file. But
> that didn't help either. I'm still getting permission denied on the
> cert file.

On Ubuntu, the charon process is confined by Apparmor and its profile
[*] doesn't let it read files from random locations on the filesystem.
If you put the various .pem under their dedicated directories under
/etc/ipsec.d/ Apparmor will let charon access them.

HTH,
Simon

*: see /etc/apparmor.d/usr.lib.ipsec.charon

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170213/ed520757/attachment.sig>


More information about the Users mailing list