Issues with certificates

F

Fauch

Member
Oct 23, 2020
4
0
6
42
Today I upgraded to Proxmox 7 and noticed my certificates were expired. I built these certificates myself with easy-rsa and had no problems installing them last time.
However, after issuing new certs and uploading them, pveproxy stopped working with journalctl -xy giving:


/etc/pve/local/pveproxy-ssl.key: failed to load local private key (key_file or key) at /usr/share/perl5/PVE/APIServer/AnyEvent.pm line 1891.

This is then fixable by deleting the certificates (rm pveproxy-ssl.key pveproxy-ssl.pem) and restarting pveproxy.

I tested and made sure that
a) my private key has no password
b) my private key is 4096 bit long.

Since there is no real "security" involved and this is just a home installation, accessible from nowhere, I attached my key file and crt file for your convenience.

Code: 
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:9a:5f:cf:2a:fd:a5:49:2d:4b:dd:80:06:8f:ad:d8
    Signature Algorithm: sha384WithRSAEncryption
        Issuer: C=DE, ST=BY, L=WB, O=fauch.net, OU=msc-dev, CN=ROOT-CA-FAUCH/emailAddress=bogus@icloud.com
        Validity
            Not Before: Aug 22 07:02:54 2021 GMT
            Not After : Aug  1 07:02:54 2025 GMT
        Subject: C=DE, ST=BY, L=FU, O=akaritech.com, OU=msc-dev, CN=pve.brave-vesperia.com/emailAddress=bogus@icloud.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:bb:12:af:19:0d:4a:a5:88:65:0b:f9:8b:c4:6b:
                    52:0a:29:bb:19:7d:20:b1:3b:4d:7d:eb:34:45:63:
                    8f:d4:46:86:92:7e:db:ed:61:7e:0e:a5:f2:05:38:
                    1a:5f:18:3b:9a:bb:0b:cc:bf:cb:4b:40:f9:63:93:
                    37:7c:0e:4c:fb:a1:8d:1b:a5:1b:a3:6d:a3:5d:f1:
                    51:4d:e6:5b:33:14:ed:76:a5:91:7b:27:1e:8f:34:
                    25:9b:06:a8:bf:d0:8d:f7:cc:d7:e6:46:54:d8:2c:
                    bd:b9:a6:29:16:8c:a3:47:b0:60:31:ed:fd:73:ea:
                    bb:ee:08:f4:b4:40:26:25:87:6b:8a:59:c1:a9:62:
                    7c:03:00:74:8a:29:8f:19:ac:e7:d4:9e:65:8f:73:
                    52:7b:ee:5c:3c:ce:bf:a2:c4:6d:6c:1f:e8:e9:3e:
                    b1:6e:77:96:11:3c:cd:50:d2:a6:c4:a7:13:ed:a3:
                    77:08:54:f8:d9:13:74:21:2a:1a:61:94:ed:39:2a:
                    5c:1d:60:5c:a9:6d:55:8c:41:6e:7e:70:5f:a4:65:
                    8f:5e:d6:d9:63:8c:f9:4b:40:e6:b7:65:00:06:f3:
                    c5:07:64:5a:32:c9:f1:57:af:d8:31:7b:e3:76:5e:
                    59:b9:45:11:f4:f7:16:5e:a5:7c:46:36:13:8a:8b:
                    56:92:59:82:54:ce:72:b6:10:51:0e:e4:f5:fd:78:
                    6d:3c:bc:b9:77:94:4d:5f:31:9b:89:37:3a:72:9f:
                    a8:92:83:19:fa:bb:5a:89:e8:52:74:46:aa:0a:10:
                    39:a3:85:b0:2f:c6:31:2a:f7:ef:5b:1a:97:87:c4:
                    e0:8d:ec:f9:c1:6d:fb:f1:cb:0d:60:05:37:34:f7:
                    50:01:1b:96:09:04:65:d0:df:6c:cc:c1:28:ec:e4:
                    c5:5a:ed:64:9e:6a:7d:9b:0f:9c:bf:bf:a1:cc:a4:
                    3d:7b:8c:b0:79:79:1e:90:2f:89:9d:a9:62:a3:36:
                    95:5d:32:30:5f:70:cb:f3:d1:61:14:72:ec:3a:ab:
                    e7:97:85:50:c5:2d:2a:21:49:9d:3a:ad:71:99:5f:
                    07:56:9f:c7:41:15:af:9c:8f:d8:33:ba:ae:87:6f:
                    99:96:b6:78:61:40:c9:ff:a9:9c:b4:d2:22:fb:d9:
                    cb:30:3d:d9:00:e9:25:cf:cd:2a:bc:26:05:c1:db:
                    2f:da:9c:d7:fb:33:8f:df:f2:8f:f0:bc:95:00:bb:
                    f5:70:ad:8f:05:f2:d6:b2:19:9b:fe:26:41:37:73:
                    b2:5c:14:e1:34:43:e8:b0:e9:b5:7f:64:5a:48:26:
                    a9:c1:86:d7:0e:2e:b5:c2:85:01:1e:4b:6c:a3:c3:
                    c3:4e:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            X509v3 Subject Key Identifier:
                AC:68:22:AF:C0:B0:CA:CF:9E:92:94:CC:13:84:B0:47:91:9A:09:CD
            X509v3 Authority Key Identifier:
                keyid:C2:6F:EC:80:34:8E:85:78:DC:35:1B:D4:61:BD:63:D9:82:D2:CB:AA
                DirName:/C=DE/ST=BY/L=WB/O=fauch.net/OU=msc-dev/CN=ROOT-CA-FAUCH/emailAddress=martinschmid82@icloud.com
                serial:88:D2:69:7D:AF:3E:4B:D5

            X509v3 Extended Key Usage:
                TLS Web Server Authentication
            X509v3 Key Usage:
                Digital Signature, Key Encipherment
            X509v3 Subject Alternative Name:
                DNS:pve.brave-vesperia.com
    Signature Algorithm: sha384WithRSAEncryption
         58:02:22:55:0b:f5:70:53:6a:95:c6:13:46:63:8e:aa:58:43:
         3e:b2:49:06:06:70:b7:46:8f:77:e3:d3:63:5f:7e:c8:33:73:
         ae:9e:4c:fd:1c:13:8b:77:63:d7:f4:5b:eb:0b:66:62:c7:2f:
         b1:a0:84:33:a3:e9:66:e4:2f:af:e3:eb:d8:61:31:2a:75:be:
         c0:02:cf:b0:04:71:d4:b4:4e:e1:c5:7e:8a:00:1a:31:ca:f3:
         77:1e:ab:48:37:db:af:74:2e:e4:85:3c:44:47:37:13:c6:f0:
         05:91:40:d0:a0:64:0d:e4:81:d5:12:85:dc:ad:b0:59:6d:52:
         01:a7:ea:49:45:60:14:7a:a5:d9:d2:d5:88:78:6d:02:1d:84:
         91:cc:0a:79:b2:c1:2d:45:b8:74:94:11:06:23:3b:8f:23:c8:
         d0:49:3c:0b:3b:9d:e1:a2:9d:c6:71:d5:3b:06:35:d2:00:b4:
         ee:b2:b5:f7:e2:a5:70:ad:52:ce:20:c6:de:e2:7d:e1:22:43:
         69:c7:8b:ee:c7:26:fe:0a:2c:61:98:96:55:ff:e0:a6:4b:78:
         d8:d4:cc:c7:8d:c8:6c:6f:64:a7:59:62:b1:17:4e:bf:02:f3:
         24:b8:fd:50:4d:2c:d0:24:85:e8:b9:b8:3b:43:59:2e:66:14:
         9e:5e:e5:57:27:c7:65:e8:57:51:9f:8a:a3:66:eb:92:3f:de:
         de:52:e9:41:23:be:18:2d:5e:ce:04:08:c3:b5:e4:63:fc:de:
         e7:cf:8d:52:86:d4:ae:08:7b:1c:ba:bf:f5:50:a4:51:36:40:
         c0:52:2d:04:5d:d4:02:1b:42:1d:14:df:0e:59:b6:99:b6:cd:
         2f:99:a8:a2:99:0e:18:f7:1b:f2:a8:d0:36:d3:49:f4:99:f2:
         3f:02:24:ad:f6:e0:b4:2d:23:cb:9a:f9:28:a7:d9:69:e7:5d:
         01:13:35:32:73:63:27:a1:8b:a0:3d:57:2c:95:db:cb:c7:09:
         1a:bd:9d:82:a3:ea:2d:ae:79:0b:1d:2f:14:9c:19:c4:af:a5:
         49:a7:f9:5f:8f:6d:3d:b5:9c:ca:49:28:2b:bd:06:33:e1:f5:
         70:eb:eb:40:5e:fc:da:58:e3:ad:c2:27:37:11:0f:f4:16:9d:
         32:6d:3e:fa:49:e5:f9:23:ce:7b:4b:b7:fe:99:c7:ad:b7:9a:
         34:e5:e3:ca:15:01:d9:b3:dc:bf:8d:ae:b7:fd:46:a1:35:b6:
         b4:bd:45:aa:c3:a4:98:ab:a2:c9:70:52:e4:32:61:be:6a:c8:
         ff:4c:7d:8a:72:93:ea:22:88:88:38:4e:13:f3:74:1b:7e:cf:
         45:07:9d:b3:e7:56:ea:30
-----BEGIN CERTIFICATE-----
MIIG8zCCBNugAwIBAgIQKJpfzyr9pUktS92ABo+t2DANBgkqhkiG9w0BAQwFADCB
jzELMAkGA1UEBhMCREUxCzAJBgNVBAgMAkJZMQswCQYDVQQHDAJXQjESMBAGA1UE
CgwJZmF1Y2gubmV0MRAwDgYDVQQLDAdtc2MtZGV2MRYwFAYDVQQDDA1ST09ULUNB
LUZBVUNIMSgwJgYJKoZIhvcNAQkBFhltYXJ0aW5zY2htaWQ4MkBpY2xvdWQuY29t
MB4XDTIxMDgyMjA3MDI1NFoXDTI1MDgwMTA3MDI1NFowgZwxCzAJBgNVBAYTAkRF
MQswCQYDVQQIDAJCWTELMAkGA1UEBwwCRlUxFjAUBgNVBAoMDWFrYXJpdGVjaC5j
b20xEDAOBgNVBAsMB21zYy1kZXYxHzAdBgNVBAMMFnB2ZS5icmF2ZS12ZXNwZXJp
YS5jb20xKDAmBgkqhkiG9w0BCQEWGW1hcnRpbnNjaG1pZDgyQGljbG91ZC5jb20w
ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC7Eq8ZDUqliGUL+YvEa1IK
KbsZfSCxO0196zRFY4/URoaSftvtYX4OpfIFOBpfGDuauwvMv8tLQPljkzd8Dkz7
oY0bpRujbaNd8VFN5lszFO12pZF7Jx6PNCWbBqi/0I33zNfmRlTYLL25pikWjKNH
sGAx7f1z6rvuCPS0QCYlh2uKWcGpYnwDAHSKKY8ZrOfUnmWPc1J77lw8zr+ixG1s
H+jpPrFud5YRPM1Q0qbEpxPto3cIVPjZE3QhKhphlO05KlwdYFypbVWMQW5+cF+k
ZY9e1tljjPlLQOa3ZQAG88UHZFoyyfFXr9gxe+N2Xlm5RRH09xZepXxGNhOKi1aS
WYJUznK2EFEO5PX9eG08vLl3lE1fMZuJNzpyn6iSgxn6u1qJ6FJ0RqoKEDmjhbAv
xjEq9+9bGpeHxOCN7PnBbfvxyw1gBTc091ABG5YJBGXQ32zMwSjs5MVa7WSean2b
D5y/v6HMpD17jLB5eR6QL4mdqWKjNpVdMjBfcMvz0WEUcuw6q+eXhVDFLSohSZ06
rXGZXwdWn8dBFa+cj9gzuq6Hb5mWtnhhQMn/qZy00iL72cswPdkA6SXPzSq8JgXB
2y/anNf7M4/f8o/wvJUAu/VwrY8F8tayGZv+JkE3c7JcFOE0Q+iw6bV/ZFpIJqnB
htcOLrXChQEeS2yjw8NOwwIDAQABo4IBOjCCATYwCQYDVR0TBAIwADAdBgNVHQ4E
FgQUrGgir8Cwys+ekpTME4SwR5GaCc0wgcQGA1UdIwSBvDCBuYAUwm/sgDSOhXjc
NRvUYb1j2YLSy6qhgZWkgZIwgY8xCzAJBgNVBAYTAkRFMQswCQYDVQQIDAJCWTEL
MAkGA1UEBwwCV0IxEjAQBgNVBAoMCWZhdWNoLm5ldDEQMA4GA1UECwwHbXNjLWRl
djEWMBQGA1UEAwwNUk9PVC1DQS1GQVVDSDEoMCYGCSqGSIb3DQEJARYZbWFydGlu
c2NobWlkODJAaWNsb3VkLmNvbYIJAIjSaX2vPkvVMBMGA1UdJQQMMAoGCCsGAQUF
BwMBMAsGA1UdDwQEAwIFoDAhBgNVHREEGjAYghZwdmUuYnJhdmUtdmVzcGVyaWEu
Y29tMA0GCSqGSIb3DQEBDAUAA4ICAQBYAiJVC/VwU2qVxhNGY46qWEM+skkGBnC3
Ro9349NjX37IM3Ounkz9HBOLd2PX9FvrC2Zixy+xoIQzo+lm5C+v4+vYYTEqdb7A
As+wBHHUtE7hxX6KABoxyvN3HqtIN9uvdC7khTxERzcTxvAFkUDQoGQN5IHVEoXc
rbBZbVIBp+pJRWAUeqXZ0tWIeG0CHYSRzAp5ssEtRbh0lBEGIzuPI8jQSTwLO53h
op3GcdU7BjXSALTusrX34qVwrVLOIMbe4n3hIkNpx4vuxyb+CixhmJZV/+CmS3jY
1MzHjchsb2SnWWKxF06/AvMkuP1QTSzQJIXoubg7Q1kuZhSeXuVXJ8dl6FdRn4qj
ZuuSP97eUulBI74YLV7OBAjDteRj/N7nz41ShtSuCHscur/1UKRRNkDAUi0EXdQC
G0IdFN8OWbaZts0vmaiimQ4Y9xvyqNA200n0mfI/AiSt9uC0LSPLmvkop9lp510B
EzUyc2MnoYugPVcsldvLxwkavZ2Co+otrnkLHS8UnBnEr6VJp/lfj209tZzKSSgr
vQYz4fVw6+tAXvzaWOOtwic3EQ/0Fp0ybT76SeX5I857S7f+mcett5o05ePKFQHZ
s9y/ja63/UahNba0vUWqw6SYq6LJcFLkMmG+asj/TH2KcpPqIoiIOE4T83Qbfs9F
B52z51bqMA==
-----END CERTIFICATE-----

PK:

Code: 
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn
NhAAAAAwEAAQAAAgEAuxKvGQ1KpYhlC/mLxGtSCim7GX0gsTtNfes0RWOP1EaGkn7b7WF+
DqXyBTgaXxg7mrsLzL/LS0D5Y5M3fA5M+6GNG6Ubo22jXfFRTeZbMxTtdqWReycejzQlmw
aov9CN98zX5kZU2Cy9uaYpFoyjR7BgMe39c+q77gj0tEAmJYdrilnBqWJ8AwB0iimPGazn
1J5lj3NSe+5cPM6/osRtbB/o6T6xbneWETzNUNKmxKcT7aN3CFT42RN0ISoaYZTtOSpcHW
BcqW1VjEFufnBfpGWPXtbZY4z5S0Dmt2UABvPFB2RaMsnxV6/YMXvjdl5ZuUUR9PcWXqV8
RjYTiotWklmCVM5ythBRDuT1/XhtPLy5d5RNXzGbiTc6cp+okoMZ+rtaiehSdEaqChA5o4
WwL8YxKvfvWxqXh8Tgjez5wW378csNYAU3NPdQARuWCQRl0N9szMEo7OTFWu1knmp9mw+c
v7+hzKQ9e4yweXkekC+JnaliozaVXTIwX3DL89FhFHLsOqvnl4VQxS0qIUmdOq1xmV8HVp
/HQRWvnI/YM7quh2+ZlrZ4YUDJ/6mctNIi+9nLMD3ZAOklz80qvCYFwdsv2pzX+zOP3/KP
8LyVALv1cK2PBfLWshmb/iZBN3OyXBThNEPosOm1f2RaSCapwYbXDi61woUBHktso8PDTs
MAAAc4RSn8cUUp/HEAAAAHc3NoLXJzYQAAAgEAuxKvGQ1KpYhlC/mLxGtSCim7GX0gsTtN
fes0RWOP1EaGkn7b7WF+DqXyBTgaXxg7mrsLzL/LS0D5Y5M3fA5M+6GNG6Ubo22jXfFRTe
ZbMxTtdqWReycejzQlmwaov9CN98zX5kZU2Cy9uaYpFoyjR7BgMe39c+q77gj0tEAmJYdr
ilnBqWJ8AwB0iimPGazn1J5lj3NSe+5cPM6/osRtbB/o6T6xbneWETzNUNKmxKcT7aN3CF
T42RN0ISoaYZTtOSpcHWBcqW1VjEFufnBfpGWPXtbZY4z5S0Dmt2UABvPFB2RaMsnxV6/Y
MXvjdl5ZuUUR9PcWXqV8RjYTiotWklmCVM5ythBRDuT1/XhtPLy5d5RNXzGbiTc6cp+oko
MZ+rtaiehSdEaqChA5o4WwL8YxKvfvWxqXh8Tgjez5wW378csNYAU3NPdQARuWCQRl0N9s
zMEo7OTFWu1knmp9mw+cv7+hzKQ9e4yweXkekC+JnaliozaVXTIwX3DL89FhFHLsOqvnl4
VQxS0qIUmdOq1xmV8HVp/HQRWvnI/YM7quh2+ZlrZ4YUDJ/6mctNIi+9nLMD3ZAOklz80q
vCYFwdsv2pzX+zOP3/KP8LyVALv1cK2PBfLWshmb/iZBN3OyXBThNEPosOm1f2RaSCapwY
bXDi61woUBHktso8PDTsMAAAADAQABAAACAQChFru0xN9Mn6DzqNWUNB4XJkw47KjkNP7L
uWfvgIZv8rMbHyZeyR71mixIFkGPNZzN5teIXne+u5qFBlY2+1GLNVf/QDQGjPiqgozSmd
RarmC1VGlsNQl5oxvm3NsfIYW+pqQbZODWreBKJy0mf8BykQyksh0YXj+qAAhH1x2CH5SZ
NCUxqN7E7vVrq9HP+DZBvowR9OpIUb8Xlakrjh3zh57WiufbChstiL/8Iwj8OitM7QApKp
KGyturW0gQU1/bZACiQ0JHmyCZgBaXxkh1lgbZUgUsVk6tYJvLvKtDUVKOxPlu1rp+Gav/
IIGEgkac5T9LRCH9Kl9TTmmRWd8W+f2QjTmBDJoC+5OyPIUPor3tSbCv2tejGmCCKHJgyu
OwnOxBQuSbj4iy030H7CyxMjiUmKodAJ7G526YBmbe8fM7YAdoLS8WOXiY/EXm5YkmeFG3
LfMj7OBwl1q8PoMDCQZUGgD8g/8mNtDcuFLDe9r3+uflk7/tG+LvofPqDB4MODR2HEofzw
ToQ4p3SJWaC5OL9pJk16axhdai0BCPJ05+nPTKqAnTabTOsL7yIkf9lq7wHB6Rh4Dh2phU
2sC6cR2RgQy3RRcgYb7O/aVp1urA8IptMixBns+a0LBt/FuQ6xiCmMD+QDgoVv3m4OSBAR
8qYCIuSt514+HavwbpEQAAAQAmMgXGpidHyI00++kZb3ZCIe0OLrEGwo+ijX9brhECraS7
HFUjkUNGPLPwNWT8CqWjUblKKAxu8Ycun2Fi/QLe3z1E1CDfeWdnVsBYWpqEjA6RnuJBVJ
3ZWAun4tnD2gy+AYzMOKwmq8zKnekNBzoVjDhLbB8LWLre1Y9Px3EIEL6J8Q3mQmKhkBe9
LeuqJIiP6qzRCCBpyHJYkTTUZ8Y4rheTkGH/HLM64TCqKvsH6XmL00BwKAdzephjkNGyGx
lIEYgz4ogbyW1xg0xp4AvL+JbYWC7rWZsZBZnp7Jd6Hj4wQjJhn3nlo5grvf87kNBE4MmV
KL1W7kmDfnsMKyEhAAABAQDgdwxFNFg/qVDNHwBljyO/+81wg972JDw3KXeSavTF2xGxC3
lUJDlT+KMmHVp0UUCu+2vG0yAldWQXecWhfDdHM2qBk54rsZu8VeyYFJU4d2cRvHnMBroR
BfQ6UschSo56It0RufEG+/ugJUyMLCJd5kU17NSo0W1nraLoneQb820QahU4DdvfmimWjy
kBhEwuUkJew+7Z2gMNV9rwHblvfxYEf8enSnaw1yF4Q60VeVgI83y+fByHzbF7Ng5pNO97
RzEzRGAfYWrc6vP4xvuWiE0LtqpwwLE2f1ZKHBW/YUEU3bTRB+eAxe0hda0hkufjDWVHuo
Qws4RqX9chZUufAAABAQDVWtHkDz4PiEDuHwQvg0WLHkl94KpJIa702rvGhIx8kLzj9t6l
vI7sQBNBdit3vh3rQ3hLF0BAqc2kNpm/itV6JBwbeWlaeSmr/WYLcdVK8AmJf6lEJRox8j
yveuJ8IIHGFvZf0otKY4VSg6EVxpmzMpe5ODO7fkYXB0CR2nLjvkVdJwnSv47qG6STwNW8
2ROB2JXM9yvilHZOotsdVzWfzCdKAcJfQrHjY01cVcvhO8fy3Luag4+WgejUrmVqVs8LtN
0h1scG8V2ARMmvMv2kRqUgukGFi4oKgik5WckgIxDKWiavsXW1zj7Oi6sAiaLvHcYL5SQM
6rvvldr9+WpdAAAAAAEC
-----END OPENSSH PRIVATE KEY-----
 
Last edited:
Fauch said:
-----BEGIN OPENSSH PRIVATE KEY-----
Click to expand...

^ openssh private key

if you're sure it's actually the right file, convert to pkcs8: $ ssh-keygen -p -N '' -m pkcs8 -f /the/key
(this will replace `/the/key`)
but you should re-check how you created this
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back