HTTPS Certificate Configuration (Version 3.x and earlier): Difference between revisions

From Proxmox VE
Jump to navigation Jump to search
(Updated for 3.0)
(added screenshot)
Line 1: Line 1:
=HTTPS Certificate Configuration=
[[Image:screen-custom-ssl-with-java-shell.png|thumb]]


=Introduction=
This is a mini-howto for changing the web server certificate in Proxmox, so that you can have a certificate created with a custom CA.
This is a mini-howto for changing the web server certificate in Proxmox, so that you can have a certificate created with a custom CA.
It has been tested on a Proxmox VE 3.0 installation, using certificates from https://www.cacert.org/.
It has been tested on a Proxmox VE 3.0 installation, using certificates from https://www.cacert.org/.
=HTTPS Certificate Configuration=
          
          
3 files are needed:
3 files are needed:

Revision as of 11:32, 28 May 2013

Screen-custom-ssl-with-java-shell.png

Introduction

This is a mini-howto for changing the web server certificate in Proxmox, so that you can have a certificate created with a custom CA. It has been tested on a Proxmox VE 3.0 installation, using certificates from https://www.cacert.org/.

HTTPS Certificate Configuration

3 files are needed:

  • ca.crt  : CA certificate file in PEM format
  • server.key : non-password protected private key
  • server.pem : server certificate from CA in PEM format

You can create the previous files following any standard openssl certificate generation HOWTO.

1. Backup PVE created files

cp /etc/pve/pve-root-ca.pem   /etc/pve/pve-root-ca.pem.orig
cp /etc/pve/local/pve-ssl.key /etc/pve/local/pve-ssl.key.orig
cp /etc/pve/local/pve-ssl.pem /etc/pve/local/pve-ssl.pem.orig
       

2. Copy your own certificates

cp server.key /etc/pve/local/pve-ssl.key
cp server.pem /etc/pve/local/pve-ssl.pem
cp ca.crt     /etc/pve/pve-root-ca.pem
       

3. Restart the API server and pvedaemon

service pveproxy restart
service pvedaemon restart
       

That's it.

If you have a Proxmox cluster, this has to be done on all nodes (only the /etc/pve/local part). To test the changes in one node before changing configuration in other nodes, please make sure you log in the web interface in the correct node.