Install own certificates

H

hpcraith

Renowned Member
Proxmox Subscriber
Mar 8, 2013
84
0
71
Stuttgart Germany
www.hlrs.de
I did the following to install my own certificates:

cp /etc/pve/pve-root-ca.pem /etc/pve/pve-root-ca.pem.orig
cp /etc/pve/local/pve-ssl.key /etc/pve/local/pve-ssl.key.orig
cp /etc/pve/local/pve-ssl.pem /etc/pve/local/pve-ssl.pem.orig

cp HLRSCA.crt /etc/pve/pve-root-ca.pem
cp vwsrv1.key /etc/pve/local/pve-ssl.key
cp vwsrv1.pem /etc/pve/local/pve-ssl.pem

service pveproxy restart
service pvedaemon restart

Result: The web interface does not work anymore
Next I followed the suggestion in:
https://pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x,_5.0_and_5.1)

Revert to default configuration
If you have used the previous HowTo and replaced any of the certificate or key files generated by PVE, you need to revert to the default state before proceeding.

Delete or move the following files:

  • /etc/pve/pve-root-ca.pem
  • /etc/pve/priv/pve-root-ca.key
  • /etc/pve/nodes/<node>/pve-ssl.pem
  • /etc/pve/nodes/<node>/pve-ssl.key
The latter two need to be repeated for all nodes if you have a cluster.

Afterwards, run the following command on each node of the cluster to re-generate the certificates and keys:

pvecm updatecerts -f

Result: The web interface does not work either!

root@prox5test:/etc/pve# pveversion
pve-manager/5.2-9/4b30e8f9 (running kernel: 4.15.18-7-pve)
root@prox5test:/etc/pve#

Luckily I did it on a test proxmox server!

What is the problem?

Rgds
Dieter
 
Hi there,

There is no where in that guide that talks about automating custom certs. I doubt anyone wants to upload their custom cert every three months like a chump HAHA
 
1liminal1 said:
Hi there,

There is no where in that guide that talks about automating custom certs. I doubt anyone wants to upload their custom cert every three months like a chump HAHA
Click to expand...
since the certificates are just files sitting in a directory i don't see any problems automating this?
also since the uploading can be done via the api (e.g. with curl or similar) this should also be easy to automate?
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom