[pve-devel] Something missing in http://pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x_and_newer) ?

Stefan Priebe - Profihost AG s.priebe at profihost.ag
Tue Nov 22 12:11:22 CET 2016 

Am 22.11.2016 um 11:56 schrieb Dietmar Maurer:
> I think this commit should solve the issue:
> 
> https://git.proxmox.com/?p=pve-manager.git;a=commitdiff;h=333dd203d5e07d9d3e20d3674a2e3ff2fc89fa8c
> 
>> Please can you test with latest version from git?

Already running that version ;-) But thank you for pointing me to this
commit. If i revert that one it's working fine again.

The issue in my case was that the verify in HTTPServer.pm verify_cb was
failing.

The documentation says:
"fullchain.pem (your certificate and all intermediate certificates,
excluding the root certificate, in PEM format)"

With the full chain it's not working. I then removed the whole chain and
only putted my final crt into that one and now it's working fine. With
the full chain $depth was 2 in my case.

Greets,
Stefan

>>> On November 22, 2016 at 11:49 AM Stefan Priebe - Profihost AG
>>> <s.priebe at profihost.ag> wrote:
>>>
>>>
>>> Hi,
>>>
>>> while using a custom certificate was working fine for me with 3. I'm
>>> getting the following error message if i'm connected to node X and want
>>> to view the hw tab of a VM running on node Y.
>>>
>>> 596 ssl3_get_server_certificate: certificate verify failed
>>>
>>> Request
>>> URL:https://node1.X.de:8006/api2/json/nodes/nodeY/qemu/114/status/current
>>> Request Method:GET
>>> Status Code:596 ssl3_get_server_certificate: certificate verify failed
>>>
>>> I following the documentation here:
>>> http://pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x_and_newer)
>>>
>>> and reverted everything to default and started from fresh replacing
>>> pveproxy-ssl cert files.
>>>
>>> My browser connects fine and without any error to the Web GUI itself. So
>>> it only happens if pve proxies internally.
>>>
>>> Greets,
>>> Stefan
>>> _______________________________________________
>>> pve-devel mailing list
>>> pve-devel at pve.proxmox.com
>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>>
>> _______________________________________________
>> pve-devel mailing list
>> pve-devel at pve.proxmox.com
>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>

More information about the pve-devel mailing list