CAcert server certificate with Proxmox v4

Marc Ballat

Well-Known Member
Dec 28, 2015
33
3
48
55
Hi,

first a quick commercial question. I'd like to buy a subscription but don't know how many CPUs my dedicated server has. Here is what I read on the summary of the proxmox home page.
CPU(s)
8 x Intel(R) Xeon(R) CPU E3-1245 V2 @ 3.40GHz (1 Socket)
Is it 1 CPU with 8 cores or 8 CPUs ?

Now the real one : how can I get my CAcert server certificate to work with my proxmox ? Yes, I read the how-to and no, it does not work. Here is a description.

As far as I can remember, this server had originally been set up with Proxmox v2 or v3 by a friend and I upgraded it to v4 (running on Debian jessie) when I took it over from him. It has been happily running with the self signed certificates but for some stupid reason, I wanted to use a trusted certificate. So I registered with CAcert and generated my own server certificate. As you can guess, I have only one node for the time beeing.

I downloaded the level 1 root certificate as well as the level 3 intermediate certificate and put them both in one file (/usr/share/ca-certificates/cacert/cacert.crt). I then ran the following :
Code:
# dpkg-reconfigure ca-certificates
# ls -al /etc/ssl/certs |grep cacert
lrwxrwxrwx 1 root root     10 Dec 31 11:33 5ed36f99.0 -> cacert.pem
lrwxrwxrwx 1 root root     10 Dec 31 11:33 99d0fa06.0 -> cacert.pem
lrwxrwxrwx 1 root root     44 Dec 31 11:33 cacert.pem -> /usr/share/ca-certificates/cacert/cacert.crt

It seems to be ok for OpenSSL as I can run the following (note that the server certificate from CA is saved in a file that does not interfere with Proxmox) :
Code:
# openssl verify -verbose -x509_strict -CApath /etc/ssl/certs /etc/pve/local/pve-ssl.cacert.pem
/etc/pve/local/pve-ssl.cacert.pem: OK

But if I try to replace /etc/pve/local/pve-ssl.pem generated by Proxmox with my server certificate from CAcert, there is no way I can connect to the Proxmox server on https://proxmox.mydomain.com:8006.

It is by no means urgent as I can live with a self-signed certificate and the warning in the browser. Moreover it is new year's eve and I hope to find a nice place to eat with my wife. But if anybody can help tomorrow or the day after, it would be welcome :)

Marc
 
first a quick commercial question. I'd like to buy a subscription but don't know how many CPUs my dedicated server has. Here is what I read on the summary of the proxmox home page.
CPU(s)
8 x Intel(R) Xeon(R) CPU E3-1245 V2 @ 3.40GHz (1 Socket)
Is it 1 CPU with 8 cores or 8 CPUs ?

This is 1 CPU
 
  • Like
Reactions: fireon

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!