[SOLVED] PBS Storage verification fails after change of SSL cert

[Oggy512]

Hi folks,
over the days I did setup a stand-alone CA and issued certificates (SHA256/RSA2048) for the PVE and the PBS Host. Since I only use those servers internally I'm happy with a self-signed certificate/CA, since I deploy the CA certificate to trusted publishers on the internal clients.

Both webinterfaces work fine, certificates are trused.
However, after changig the certs my backup now is failling:

The PVE host keep saying:

proxmox-backup-client failed: Error: error trying to connect: the handshake failed: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:../ssl/statem/statem_clnt.c:1915:: self signed certificate in certificate chain (500)


What I did:
Uploaded the certificate chain (CA + Client) and Key via WebUI to PVE host.

Uploaded the certificate chain (CA + Client) as proxy.pem and Key as proxy.key via SSH to PBS host (/etc/proxmox-backup), chown root:backup, chmod 640 (as it is like the old cert) and rebooted host.
The fingerprint of PBS changed of course, which I also copied to the PVE Backup configuration, but that didn't work. I then deleted the PBS target from PVE host and re-added it, but still no look.

Any ideas/recommendations?

Thx!

 

[oguz]

hi,

since I deploy the CA certificate to trusted publishers on the internal clients.

you need to do this on the PVE host as well. can be done by adding the certificate in /etc/ssl/certs/ and running update-ca-certificates -f

 

[Oggy512]

Well... that was an easy one, thx, worked!
Btw: is this somewhere documented? If yes, I'm blind...

 

[mokaz]

hi,


you need to do this on the PVE host as well. can be done by adding the certificate in /etc/ssl/certs/ and running update-ca-certificates -f

Thanks for that!!