Question regarding SSL in Proxmox cluster

T

ThierryIT69

Member
Mar 28, 2024
32
4
8
Hello,
I have a cluster of three nodes.
All nodes are updated to the same version 9.1.6.
I have done an SSL certif (self-signed) available for more than one IP using the "extfile.cnf".
This certif has been uploaded to all three nodes without any pb.
The ca.pem has been uploaded to my Windows 11 pc but when looging to my proxmox cluster I am still not able to be connected in HTTPS ...
What did I missed ?
Thx
 
Last edited:
Depending on the browser, you may need to import it into the browsers CA store, have you done that?
What about intermediate certificates?
 
@ThierryIT69
though you haven't written precisely where (which store) you have imported those to, it seems you haven't done it correctly, because noone should ever import a private key of a CA into a "client" machine.
 
Onslow said:
because noone should ever import a private key of a CA into a "client" machine.
Click to expand...
YES! Unless you import the public key, it cannot verify it. I wasn't aware that you actually can import a private key into a CA store ... I never tried something like that. I hope it does not work and OP has just misunderstood.
 
Code: 
Import-Certificate -FilePath "C:\Users\user\Downloads\ca.pem" -CertStoreLocation Cert:\LocalMachine\Root

How I have imported it.
When checking the certificate management, I can see my certificate in "Local computer/authority/CA of trust" .... Sorry if strange, my pc in not in english ... I had to translate :)
 
Last edited:
Any reason why you can't use acme with letsencrypt or some other provider of free ssl certificates? This saves you the hassle of dealing with adding self-signed certificates
 
ThierryIT69 said:
Code: 
Import-Certificate -FilePath "C:\Users\user\Downloads\ca.pem" -CertStoreLocation Cert:\LocalMachine\Root

How I have imported it.
When checking the certificate management, I can see my certificate in "Local computer/authority/CA of trust" .... Sorry if strange, my pc in not in english ... I had to translate :)
Click to expand...
Okay, so you connect with Edge or any other browser that uses the OS certificate store?
 
You must log in or register to reply here.
Top Bottom
Back