startssl certs and pve4

R

RobFantini

Famous Member
May 24, 2012
2,084
117
133
Boston,Mass
Hello

for pve3 we used this:
Code: 
/bin/mv /etc/pve/pve-root-ca.pem   /etc/pve/pve-root-ca.pem.orig
/bin/mv /etc/pve/local/pve-ssl.key /etc/pve/local/pve-ssl.key.orig
/bin/mv /etc/pve/local/pve-ssl.pem /etc/pve/local/pve-ssl.pem.orig

/bin/cp sub.class2.server.ca.pem /etc/pve/pve-root-ca.pem
/bin/cp fbc-decrypted.key /etc/pve/local/pve-ssl.key
/bin/cp fbc.crt /etc/pve/local/pve-ssl.pem

service pveproxy restart
service pvedaemon restart

in pve4 that does not work.

syslog shows
Code: 
ec 20 08:38:33 sys5 pveproxy[11686]: problem with client 10.1.25.56; rsa_eay_public_decrypt: data too large for modulus
Dec 20 08:38:33 sys5 pveproxy[11686]: Can't call method "timeout_reset" on an undefined value at /usr/share/perl5/PVE/HTTPServer.pm line 225.
Dec 20 08:38:33 sys5 pveproxy[11685]: problem with client 10.1.25.56; rsa_eay_public_decrypt: data too large for modulus


is there a way to use our certs with pve4?
 
For the cluster it's "nothing more" than a restart of the pve-manager services (pvedaemon, pveproxy, pvestatd).

It really shouldn't break the cluster, but consider doing it when the cluster is "idle" so no migrations or such stuff are happening. :)
 
You must log in or register to reply here.
Top Bottom