Facing issue with TLS Setup

I have tried following TLS Link to setup TLS based setup. But, whenever I configure TLS related configs in foundationdb.conf, following error is displayed in status of foundationdb service,

LogGroup=“default” Process=“fdbserver.4500”: Error: File could not be read
Jun 18 19:32:32 aximsoft-Lenovo-B51-80 fdbmonitor[12064]: LogGroup=“default” Process=“fdbserver.4500”: Process 12103 exited 10, restarting in 0 seconds

My setup details

Cluster File


Foundationdb.conf File

user = foundationdb
group = foundationdb

restart_delay = 60
cluster_file = /etc/foundationdb/fdb.cluster

command = /usr/sbin/fdbserver
public_address = auto:$ID:tls
listen_address = public
datadir = /var/lib/foundationdb/data/$ID
logdir = /var/log/foundationdb
tls_ca_file = /root/certs/cert.crt


Its working, when I run manually fdbserver process with command line options. But, facing issue only when I run as foundationdb service.

Can you paste us the output of ls -l /root/certs/private.key /root/certs/fdb.pem ?

I’m going to bet that your keys are only readable by root, and the FoundationDB service is run as foundationdb, so it can no longer read your keys.

@alexmiller, read access is there for all users. please check file permission as follows,

$ ls -l /root/certs/private.key /root/certs/fdb.pem
-rw-r–r-- 1 root root 2933 Jun 18 17:09 /root/certs/fdb.pem
-rw-r–r-- 1 root root 1704 Jun 18 17:08 /root/certs/private.key

I will cross verify certificate permissions by creating new certs.

@sakthivelpvs Please check whether the directory /root/certs also has the same permission as the file.

1 Like

@senthil Its working now. Issue with root folder permission. Thanks.