Introduction

This is a mini-howto for changing the web server certificate in Proxmox, so that you can have a certificate created with a custom CA. It has been tested on a Proxmox VE 3.0 installation, using certificates from https://www.cacert.org/.

HTTPS Certificate Configuration

3 files are needed:

• ca.crt : CA certificate file in PEM format
• server.key : non-password protected private key
• server.pem : server certificate from CA in PEM format

You can create the previous files following any standard openssl certificate generation HOWTO.

Backup PVE created files

cp /etc/pve/pve-root-ca.pem   /etc/pve/pve-root-ca.pem.orig
cp /etc/pve/local/pve-ssl.key /etc/pve/local/pve-ssl.key.orig
cp /etc/pve/local/pve-ssl.pem /etc/pve/local/pve-ssl.pem.orig
       

Copy your own certificates

cp server.key /etc/pve/local/pve-ssl.key
cp server.pem /etc/pve/local/pve-ssl.pem
cp ca.crt     /etc/pve/pve-root-ca.pem
       

Restart the API server and pvedaemon

service pveproxy restart
service pvedaemon restart
       

That's it.

If you have a Proxmox cluster, this has to be done on all nodes (only the /etc/pve/local part). To test the changes in one node before changing configuration in other nodes, please make sure you log in the web interface in the correct node.