HTTPS Certificate Configuration (Version 3.x and earlier): Difference between revisions
Jump to navigation
Jump to search
mNo edit summary |
mNo edit summary |
||
| Line 1: | Line 1: | ||
=Introduction= | =Introduction= | ||
This is a mini-howto for changing the web server certificate in Proxmox, so that you can have a certificate created with a custom CA. | This is a mini-howto for changing the web server certificate in Proxmox, so that you can have a certificate created with a custom CA. | ||
| Line 6: | Line 4: | ||
=HTTPS Certificate Configuration= | =HTTPS Certificate Configuration= | ||
[[Image:screen-custom-ssl-with-java-shell.png|thumb]] | |||
3 files are needed: | 3 files are needed: | ||
Revision as of 11:35, 28 May 2013
Introduction
This is a mini-howto for changing the web server certificate in Proxmox, so that you can have a certificate created with a custom CA. It has been tested on a Proxmox VE 3.0 installation, using certificates from https://www.cacert.org/.
HTTPS Certificate Configuration
3 files are needed:
- ca.crt : CA certificate file in PEM format
- server.key : non-password protected private key
- server.pem : server certificate from CA in PEM format
You can create the previous files following any standard openssl certificate generation HOWTO.
Backup PVE created files
cp /etc/pve/pve-root-ca.pem /etc/pve/pve-root-ca.pem.orig
cp /etc/pve/local/pve-ssl.key /etc/pve/local/pve-ssl.key.orig
cp /etc/pve/local/pve-ssl.pem /etc/pve/local/pve-ssl.pem.orig
Copy your own certificates
cp server.key /etc/pve/local/pve-ssl.key
cp server.pem /etc/pve/local/pve-ssl.pem
cp ca.crt /etc/pve/pve-root-ca.pem
Restart the API server and pvedaemon
service pveproxy restart
service pvedaemon restart
That's it.
If you have a Proxmox cluster, this has to be done on all nodes (only the /etc/pve/local part). To test the changes in one node before changing configuration in other nodes, please make sure you log in the web interface in the correct node.