Hello everyone,
I recently wanted to understand the impact of an expired certificate on a Proxmox node and on a Proxmox cluster. To test this, I modified the certificate validity period so that the node certificate expired yesterday.
After the certificate expired, I observed the following:
My understanding was that an expired certificate would have a larger impact on node management or cluster operations, but in my testing everything appears to function normally apart from browser trust warnings.
I have a few questions:
Thank you.
I recently wanted to understand the impact of an expired certificate on a Proxmox node and on a Proxmox cluster. To test this, I modified the certificate validity period so that the node certificate expired yesterday.
After the certificate expired, I observed the following:
- I am still able to access the Proxmox web GUI.
- API calls continue to work.
- The cluster remains healthy.
- VM live migration is working as expected.
- VM creation is working.
- Encrypted HTTPS communication is still taking place (the browser shows a certificate warning, but traffic remains encrypted).
My understanding was that an expired certificate would have a larger impact on node management or cluster operations, but in my testing everything appears to function normally apart from browser trust warnings.
I have a few questions:
- What functionality in Proxmox actually depends on the node certificate being valid?
- Why do cluster operations such as migration and VM management continue to work even after the certificate expires?
- Is the primary consequence of expiration simply the loss of trust/identity verification rather than a loss of encryption?
- Is there a way to configure a browser so that it completely refuses access to the Proxmox GUI when the certificate is expired instead of allowing users to bypass the warning?
- Would HSTS (HTTP Strict Transport Security) have any effect in this scenario, or does it only prevent users from bypassing certificate errors under specific conditions?
Thank you.
