Hello all,
In order for apps to access the internet, a CA from the central firewall is required. This is necessary because no internet access is possible without SSL inspection. I learned that snaps do not have access to the central certificate store of the system (Ubuntu 24.04) under /etc/ssl/certs.
So I tried a few things to make a CA accessible to the snaps.
sudo snap set discord store-certs.cert2="$(cat /usr/local/share/ca-certificates/fortinet-deepinspection.crt)"
On journalctl i get this message:
audit: type=1400 audit(1726322308.681:281): apparmor="DENIED" operation="capable" class="cap" profile="/usr/lib/snapd/snap-confine" pid=1766259 comm="snap-confine" capability=12 capname="net_admin"
audit: type=1400 audit(1726322308.681:282): apparmor="DENIED" operation="capable" class="cap" profile="/usr/lib/snapd/snap-confine" pid=1766259 comm="snap-confine" capability=38 capname="perfmon"
audit: type=1400 audit(1726322308.831:283): apparmor="DENIED" operation="mount" class="mount" info="failed flags match" error=-13 profile="snap-update-ns.discord" name="/boot/" pid=1766279 comm="6" srcname="/var/lib/snapd/hostfs/boot/" flags="rw, bind"
or this one:
snap set system tls-cert-path=/etc/ssl/certs
Fehler: cannot perform the following tasks:
- Den Konfigurationshook von Snap "core" ausführen (run hook "configure": cannot set "core.tls-cert-path": unsupported system option)
or with this one → there is no error message:
snap set discord tls-cert-path=/etc/ssl/certs
No matter what I do, Discord won’t come online. Discord is just an example, of course. Can anyone help me with this? Is there any way to implement a custom CA?
Very thanks 