Hi,
first a quick commercial question. I'd like to buy a subscription but don't know how many CPUs my dedicated server has. Here is what I read on the summary of the proxmox home page.
CPU(s)
8 x Intel(R) Xeon(R) CPU E3-1245 V2 @ 3.40GHz (1 Socket)
Is it 1 CPU with 8 cores or 8 CPUs ?
Now the real one : how can I get my CAcert server certificate to work with my proxmox ? Yes, I read the how-to and no, it does not work. Here is a description.
As far as I can remember, this server had originally been set up with Proxmox v2 or v3 by a friend and I upgraded it to v4 (running on Debian jessie) when I took it over from him. It has been happily running with the self signed certificates but for some stupid reason, I wanted to use a trusted certificate. So I registered with CAcert and generated my own server certificate. As you can guess, I have only one node for the time beeing.
I downloaded the level 1 root certificate as well as the level 3 intermediate certificate and put them both in one file (/usr/share/ca-certificates/cacert/cacert.crt). I then ran the following :
It seems to be ok for OpenSSL as I can run the following (note that the server certificate from CA is saved in a file that does not interfere with Proxmox) :
But if I try to replace /etc/pve/local/pve-ssl.pem generated by Proxmox with my server certificate from CAcert, there is no way I can connect to the Proxmox server on https://proxmox.mydomain.com:8006.
It is by no means urgent as I can live with a self-signed certificate and the warning in the browser. Moreover it is new year's eve and I hope to find a nice place to eat with my wife. But if anybody can help tomorrow or the day after, it would be welcome
Marc
first a quick commercial question. I'd like to buy a subscription but don't know how many CPUs my dedicated server has. Here is what I read on the summary of the proxmox home page.
CPU(s)
8 x Intel(R) Xeon(R) CPU E3-1245 V2 @ 3.40GHz (1 Socket)
Is it 1 CPU with 8 cores or 8 CPUs ?
Now the real one : how can I get my CAcert server certificate to work with my proxmox ? Yes, I read the how-to and no, it does not work. Here is a description.
As far as I can remember, this server had originally been set up with Proxmox v2 or v3 by a friend and I upgraded it to v4 (running on Debian jessie) when I took it over from him. It has been happily running with the self signed certificates but for some stupid reason, I wanted to use a trusted certificate. So I registered with CAcert and generated my own server certificate. As you can guess, I have only one node for the time beeing.
I downloaded the level 1 root certificate as well as the level 3 intermediate certificate and put them both in one file (/usr/share/ca-certificates/cacert/cacert.crt). I then ran the following :
Code:
# dpkg-reconfigure ca-certificates
# ls -al /etc/ssl/certs |grep cacert
lrwxrwxrwx 1 root root 10 Dec 31 11:33 5ed36f99.0 -> cacert.pem
lrwxrwxrwx 1 root root 10 Dec 31 11:33 99d0fa06.0 -> cacert.pem
lrwxrwxrwx 1 root root 44 Dec 31 11:33 cacert.pem -> /usr/share/ca-certificates/cacert/cacert.crtIt seems to be ok for OpenSSL as I can run the following (note that the server certificate from CA is saved in a file that does not interfere with Proxmox) :
Code:
# openssl verify -verbose -x509_strict -CApath /etc/ssl/certs /etc/pve/local/pve-ssl.cacert.pem
/etc/pve/local/pve-ssl.cacert.pem: OKBut if I try to replace /etc/pve/local/pve-ssl.pem generated by Proxmox with my server certificate from CAcert, there is no way I can connect to the Proxmox server on https://proxmox.mydomain.com:8006.
It is by no means urgent as I can live with a self-signed certificate and the warning in the browser. Moreover it is new year's eve and I hope to find a nice place to eat with my wife. But if anybody can help tomorrow or the day after, it would be welcome
Marc
