HTTPS Certificate Configuration (Version 3.x and earlier)
HTTPS Certificate Configuration
This is a mini-howto for changing the web server certificate in Proxmox, so that you can have a certificate created with a custom CA. It has been tested on a Proxmox VE 3.0 installation, using certificates from https://www.cacert.org/.
3 files are needed:
- ca.crt : CA certificate file in PEM format
- server.key : non-password protected private key
- server.pem : server certificate from CA in PEM format
You can create the previous files following any standard openssl certificate generation HOWTO.
1. Backup PVE created files
cp /etc/pve/pve-root-ca.pem /etc/pve/pve-root-ca.pem.orig cp /etc/pve/local/pve-ssl.key /etc/pve/local/pve-ssl.key.orig cp /etc/pve/local/pve-ssl.pem /etc/pve/local/pve-ssl.pem.orig
2. Copy your own certificates
cp server.key /etc/pve/local/pve-ssl.key cp server.pem /etc/pve/local/pve-ssl.pem cp ca.crt /etc/pve/pve-root-ca.pem
3. Restart the API server and pvedaemon
service pveproxy restart service pvedaemon restart
If you have a Proxmox cluster, this has to be done on all nodes (only the /etc/pve/local part). To test the changes in one node before changing configuration in other nodes, please make sure you log in the web interface in the correct node.