Proxmox SSL Certificates

K

kentaa

New Member
Oct 27, 2015
1
0
1
Hi guys,

sorry but I need a translation of that HTTPSCertificateConfiguration howto...
I mean this one: https___pve.proxmox.com/wiki/HTTPSCertificateConfiguration

3 files are needed:

  • ca.pem : CA certificate file in PEM format
  • server.key : non-password protected private key
  • server.pem : server certificate from CA in PEM format
Click to expand...

I don't have these files but certificate.crt, certificate.key and certificate.ca.crt
And I don't get the difference... the CA certificate is the.. well.. certificate of the CA.. no wait that's the server certificate from CA..?!
(Do you really use CA for chain and certificate authority in that howto.. at that position?!)

And second, the position of the files.
the pve-ssl.key is in etc-pve-local,
the pve-ssl.pem is in etc-pve-local,
the pve-root-ca.pem is in etc-pve NOT local what the...
the pve-www .key is never mentioned anywhere.. so what is it needed for?


I'm kinda frustrated, maybe someone can help me please as I keep getting errors like...
pveproxy[110011]: problem with client 11.100.001.101; ssl3_read_bytes: sslv3 alert bad certificate
Click to expand...

Thank you!


PS: Ok links are bad and spammy but would it be that hard to only forbid links that don't point to the proxmox pages themselves?! And pve-www .key is NOT a link...
 
Yes, the wiki article is confusing, will be hopefully better soon, it wasn't fully written by us.
ca.pem is the certificate from the "Trusted Authority" so in your case certificate.ca.crt
The other two files are now self-explaining, the author meant the certificate for your server received from your CA, thus 'server certificate from CA', imo.

The (local) server.* files are used for the pveproxy, they can be node unique. Whereas the though behind the (shared) ca.pem is that all cluster nodes SSL connections trust each other (or better, that you as an user can trust all nodes of the cluster or none), needed for example for vnc/spice in combination with (live) migration.

The pve-www.key is just a secret accessible by the web browser and is used for CSRF prevention.

btw. this is some forum limitation and annoying I know, if you're a bit more active here you restrictions will get less.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom