[PVE-User] Proxmox 2.1 web server certificate change

Eneko Lacunza elacunza at binovo.es
Tue May 15 11:06:31 CEST 2012


Hi all,

This is a mini-howto for changing the web server certificate in a
Proxmox 2.1 installation. I did so for our production servers to have a
certificate created with our own CA.

3 files are needed:

* ca.crt     : CA certificate file in PEM format
* server.key : non-password protected private key
* server.pem : server certificate from CA in PEM format

You can create the previous files following any standard openssl
certificate generation howto.

1. Backup PVE created files
	cp /etc/pve/pve-root-ca.pem   /etc/pve/pve-root-ca.pem.orig
	cp /etc/pve/pve-www.pem       /etc/pve/pve-www.pem.orig
	cp /etc/pve/local/pve-ssl.key /etc/pve/local/pve-ssl.key.orig
	cp /etc/pve/local/pve-ssl.pem /etc/pve/local/pve-ssl.pem.orig

2. Copy our own certificates
	cp server.key /etc/pve/pve-www.pem
	cp server.key /etc/pve/local/pve-ssl.key
	cp server.pem /etc/pve/local/pve-ssl.pem
	cp ca.crt     /etc/pve/pve-root-ca.pem

3. Reload apache config
	/etc/init.d/apache reload

That's it. It is important to change /etc/pve/pve-www.pem
and /etc/pve/pve-root-ca.pem because otherwise VM console won't load due
to a Java cert validation error.

Feel free to post this to the wiki if you think it's valuable.

Cheers
Eneko

-- 
Zuzendari Teknikoa / Director T├ęcnico
Binovo IT Human Project, S.L.
Telf. 943575997
      943493611
Astigarraga bidea 2, planta 6 dcha., ofi. 3-2; 20180 Oiartzun (Gipuzkoa)
www.binovo.es




More information about the pve-user mailing list