Ubuntu-Core OpenSSL certificate authority creation


Im following this tutorial https://help.ubuntu.com/lts/serverguide/certificates-and-security.html#creating-a-self-signed-certificate this works fine in ubuntu 18 but not in ubuntu-core 18.

Im trying to create a CA to sign certs for etcd cluster but receive error cannot create directory read only file system.

user@core-1:~$ sudo mkdir /etc/ssl/CA
mkdir: cannot create directory ‘/etc/ssl/CA’: Read-only file system

Question: Where should the CA be created or how should it be created ?


this is discussed in


so its not possible ?


it is possible on application level … i.e. you can ship your own libssl and certificates inside app snaps (or even have a content snap that shares libssl and the certs to all your apps) … but to my knowledge it is still not possible on a system level …


It is still not possible on a system level, but we discussed possibly fixing this issue and related ones next cycle (i.e. 20.04 or 20.10 timeframe)


@ogra @ijohnson thank you for reply