[pve-devel] [PATCH docs 2/3] Add section about pveproxy certificates

Fabian Grünbichler f.gruenbichler at proxmox.com
Fri Apr 15 13:16:03 CEST 2016

 pveproxy.adoc | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/pveproxy.adoc b/pveproxy.adoc
index ca32089..f7111a1 100644
--- a/pveproxy.adoc
+++ b/pveproxy.adoc
@@ -86,6 +86,23 @@ used.
 NOTE: DH parameters are only used if a cipher suite utilizing the DH key
 exchange algorithm is negotiated.
+Alternative HTTPS certificate
+By default, pveproxy uses the certificate '/etc/pve/local/pve-ssl.pem'
+(and private key '/etc/pve/local/pve-ssl.key') for HTTPS connections.
+This certificate is signed by the cluster CA certificate, and therefor
+not trusted by browsers and operating systems by default.
+In order to use a different certificate and private key for HTTPS,
+store the server certificate and any needed intermediate / CA
+certificates in PEM format in the file '/etc/pve/local/pveproxy-ssl.pem'
+and the associated private key in PEM format without a password in the
+file '/etc/pve/local/pveproxy-ssl.key'.
+WARNING: Do not replace the automatically generated node certificate
+files in '/etc/pve/local/pve-ssl.pem'/'etc/pve/local/pve-ssl.key' or
+the cluster CA files in '/etc/pve/pve-root-ca.pem'/'/etc/pve/priv/pve-root-ca.key'.

More information about the pve-devel mailing list