[PVE-User] ippc_send_rec AND/OR star/intermediate cert issue.
Paul Gray
gray at cs.uni.edu
Mon Mar 28 02:00:38 CEST 2016
I upgraded a 5-node 3.x cluster this weekend. The original cluster has
a valid commercial star-certificate + intermediate certificate for both
the proxy and inter-node communication.
It was working under the original configuration but I can't get things
working together with the commercial cert after migrating up to 4.0.
The host certificate is a *-certificate and uses an intermediate cert.
The error(s) that I'm getting arise when starting a kvm instance. I'm
seeing:
a) ipcc_send_rec failed: File too large
and
b) Failed to start VNC server: The certificate /etc/pve/pve-root-ca.pem
basic constraints do not show a CA
I've been searching Google and the Proxmox forums for resolutions and
have been coming up short. With these 2 errors I'm trying to figure out
if the first error causes the second, if their 2 distinct errors, or ???
The cert in /etc/pve/pve-root-ca.pm contains two certificates:
1) the Digicert High Assurance CA
2) the Digicert intermediate cert used by our institution.
The key and cert in /etc/pve/pve-ssl.{key,cert} consist of the actual
commercial cert components for the public-facing host details.
Certs are propagated through /etc/pve/nodes/<vmnum>/ as well.
Anyone have a valid link describing the use of intermediate certs, or
see something else that I'm missing?
ADVthanksANCE
-Paul
More information about the pve-user
mailing list