HTTPS Certificate Configuration (Version 3.x and earlier): Difference between revisions
mNo edit summary |
|||
Line 24: | Line 24: | ||
cp ca.crt /etc/pve/pve-root-ca.pem | cp ca.crt /etc/pve/pve-root-ca.pem | ||
3. | 3. Restart the API server | ||
service pveproxy restart | |||
That's it. It is important to change ''/etc/pve/pve-www.pem'' and ''/etc/pve/pve-root-ca.pem'' because otherwise VM console won't load due to a Java cert validation error. | That's it. It is important to change ''/etc/pve/pve-www.pem'' and ''/etc/pve/pve-root-ca.pem'' because otherwise VM console won't load due to a Java cert validation error. |
Revision as of 09:03, 28 May 2013
HTTPS Certificate Configuration
This is a mini-howto for changing the web server certificate in Proxmox, so that you can have a certificate created with a custom CA. It has been tested on a Proxmox 2.1 installation.
3 files are needed:
- ca.crt : CA certificate file in PEM format
- server.key : non-password protected private key
- server.pem : server certificate from CA in PEM format
You can create the previous files following any standard openssl certificate generation HOWTO.
1. Backup PVE created files
cp /etc/pve/pve-root-ca.pem /etc/pve/pve-root-ca.pem.orig cp /etc/pve/pve-www.pem /etc/pve/pve-www.pem.orig cp /etc/pve/local/pve-ssl.key /etc/pve/local/pve-ssl.key.orig cp /etc/pve/local/pve-ssl.pem /etc/pve/local/pve-ssl.pem.orig
2. Copy your own certificates
cp server.key /etc/pve/pve-www.pem cp server.key /etc/pve/local/pve-ssl.key cp server.pem /etc/pve/local/pve-ssl.pem cp ca.crt /etc/pve/pve-root-ca.pem
3. Restart the API server
service pveproxy restart
That's it. It is important to change /etc/pve/pve-www.pem and /etc/pve/pve-root-ca.pem because otherwise VM console won't load due to a Java cert validation error.
If you have a Promox cluster, this has to be done on all nodes. To test the changes in one node before changing configuration in other nodes, please make sure you log in the web interface in the correct node.