HTTPS Certificate Configuration (Version 3.x and earlier): Difference between revisions

From Proxmox VE
Jump to navigation Jump to search
(added screenshot)
mNo edit summary
Line 15: Line 15:
You can create the previous files following any standard openssl certificate generation HOWTO.
You can create the previous files following any standard openssl certificate generation HOWTO.
          
          
1. Backup PVE created files
==Backup PVE created files==
  cp /etc/pve/pve-root-ca.pem  /etc/pve/pve-root-ca.pem.orig
  cp /etc/pve/pve-root-ca.pem  /etc/pve/pve-root-ca.pem.orig
  cp /etc/pve/local/pve-ssl.key /etc/pve/local/pve-ssl.key.orig
  cp /etc/pve/local/pve-ssl.key /etc/pve/local/pve-ssl.key.orig
  cp /etc/pve/local/pve-ssl.pem /etc/pve/local/pve-ssl.pem.orig
  cp /etc/pve/local/pve-ssl.pem /etc/pve/local/pve-ssl.pem.orig
          
          
2. Copy your own certificates
==Copy your own certificates==
  cp server.key /etc/pve/local/pve-ssl.key
  cp server.key /etc/pve/local/pve-ssl.key
  cp server.pem /etc/pve/local/pve-ssl.pem
  cp server.pem /etc/pve/local/pve-ssl.pem
  cp ca.crt    /etc/pve/pve-root-ca.pem
  cp ca.crt    /etc/pve/pve-root-ca.pem
          
          
3. Restart the API server and pvedaemon
==Restart the API server and pvedaemon==
  service pveproxy restart
  service pveproxy restart
  service pvedaemon restart
  service pvedaemon restart

Revision as of 11:34, 28 May 2013

Screen-custom-ssl-with-java-shell.png

Introduction

This is a mini-howto for changing the web server certificate in Proxmox, so that you can have a certificate created with a custom CA. It has been tested on a Proxmox VE 3.0 installation, using certificates from https://www.cacert.org/.

HTTPS Certificate Configuration

3 files are needed:

  • ca.crt  : CA certificate file in PEM format
  • server.key : non-password protected private key
  • server.pem : server certificate from CA in PEM format

You can create the previous files following any standard openssl certificate generation HOWTO.

Backup PVE created files

cp /etc/pve/pve-root-ca.pem   /etc/pve/pve-root-ca.pem.orig
cp /etc/pve/local/pve-ssl.key /etc/pve/local/pve-ssl.key.orig
cp /etc/pve/local/pve-ssl.pem /etc/pve/local/pve-ssl.pem.orig

Copy your own certificates

cp server.key /etc/pve/local/pve-ssl.key
cp server.pem /etc/pve/local/pve-ssl.pem
cp ca.crt     /etc/pve/pve-root-ca.pem

Restart the API server and pvedaemon

service pveproxy restart
service pvedaemon restart

That's it.

If you have a Proxmox cluster, this has to be done on all nodes (only the /etc/pve/local part). To test the changes in one node before changing configuration in other nodes, please make sure you log in the web interface in the correct node.

Retrieved from "https://pve.proxmox.com/mediawiki/index.php?title=HTTPS_Certificate_Configuration_(Version_3.x_and_earlier)&oldid=5628"